Explore topic-wise InterviewSolutions in .

Hello Friends

i am new to this FORUM and found it a very good source of gaining knowledge from you all. I hope you will gave me full support regarding online computer support.

I just wanted to know the name of the website who provide online Computer Viruses and Spy ware support. PLEASE provide me the best name.

Thanks in ADVANCE!!!!!

Regards

Vikas KumarCheck here

and as for the superantispyware one, when I tried to open the log, it brought up a log of an old QUICK scan i did.

[file cleanup - saving space - attachment deleted by admin]You need to run Superantispyware again, run HJT AFTER Superantispyware is DONE, and post both logs.As for the update failure, restart your computer, and try again. If it still fails, you can contact Microsoft. I should be able to find the link somewhere, its free to contact Microsoft SUPPORT about security update problems, just clearly state:
"I am having an issue installing security updates on my computer, and I get the following error I am RUNNING Windows Vista." and any other information they need. Help with Windows Updates HTTP://support.microsoft.com/?scid=ph;en-us;6527

OK My Problem is the following two screenshots:

www.ourcomm.org/screen1.JPG
www.ourcomm.org/screen2.JPG <-- What happens when i try to remove them.

A process called "windows" is doing this it takes up 100% of my processing power so much so i have to restart, i cant delete the files anymore either. The other day it created over 20k of the bugger files! It Creates them only in C:\ and in My Documents, i think, as that's only where Ive seen them!

I have tried the following programs:
Spyware Doctor
AVG Anti-virus
Ad-aware
Windows defender

Some of the results i have got are:

Torjan.Virtumonde <-- keeps appearing cant seem to remove it!
Win32.trojandownloader.Zlob? i think?

always there and cant remove them! virus scan does remove them but they just reappears!

Any help will be appreciated.

P.S Using Windows XP Media Centre with SP2 Version 2002, Intel celeron 3.2ghz, 2gb ddr ram.

HIJACK THIS LOG ATTACHED

Removed the obvious ones of:

Code: [Select]O20 - Winlogon Notify: lpisywnw - lpisywnw.dll (file missing)
O20 - Winlogon Notify: nnnoonk - nnnoonk.dll (file missing)
O20 - Winlogon Notify: rawkiwii - rawkiwii.dll (file missing)
O20 - Winlogon Notify: rkrfcdam - rkrfcdam.dll (file missing)
O20 - Winlogon Notify: rwrvdjqq - C:\WINDOWS\SYSTEM32\rwrvdjqq.dll
O20 - Winlogon Notify: vaovtjun - vaovtjun.dll (file missing)




[saving space - attachment deleted by admin]1. Download and scan with SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

SUPERAntiSpyware should be run in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to EXIT the program.
Post SUPERAntiSpyware log.

2. Restart in Normal Mode.

3. Print out these instructions as we will need to close every WINDOW that is open later in the fix.

Download VundoFix:
http://www.atribune.org/content/view/24/2/

* Double-click VundoFix.exe to run it.
* When VundoFix re-opens, click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the
Scan for Vundo button." when VundoFix appears at reboot.

4. Post new HJT log.Wow, thanks it got rid of it wohoo! I think it was the trojan downloader and vundo that was causing most of the problems, attached logs as requested

[saving space - attachment deleted by admin]Why is there no antivirus on the computer?

What firewall do you use?


Open HijackThis and select Do a system scan only then place a check mark next to:

O1 - Hosts: 83.133.125.99 dev.sa-mp.com <<Unless it is absolutely necessary
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O24 - Desktop Component 1: (no name) - C:\index.html

Close all windows except for HijackThis and click Fix checked


How is the computer now?It is already fixed thanks, and about those three:

1) I added that manually to the hosts file. Stays.
2) Removed
3) This is the windows web desktop - so this stays.

Many Thanks,Sounds good.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the FIRST place?

Safe surfing......Nice For future reference, I would suggest not removing any HijackThis ENTRIES without being instructed to do so first. Although it didn't HAPPEN here, removing the wrong thing could have serious consequences. But it's good that you at least told us which entries you removed. So, if there were any problems, at least we would know the source.

I dont know whether its a vrus related issue or not, but i think so, thats why i am posting it here.....

I couldn't unhide the folders or files in my computer. Previously (the LAST time i used my system) they were not hidden(only files with hidden attributes), but today i found them hidden. And i can't unhide them...

Can you find a solution to this....

Thanking you in advance....How can you tell, those files are there, since they're hidden, and you can't unhide them?Those files ar the system files in C Drive like..... My Recent Documents, Local Settings etc....How do you try to unhide them?I hav attached the screen shot when i am unhiding the files...

[file cleanup - saving space - attachment deleted by admin]Are you logged on as Administrator ? ?Quote

Those files ar the system files in C Drive like..... My Recent Documents, Local Settings

Are you logged on as Administrator ? ?

Before punching a big hole in my LCD monitor, I decided to take a look at my HJT log.

I noticed an O17 entry in it, and I remembered that O17 entries were related to Lop.com domain hijacks.

Since I'm still learning how to read HJT logs (bloody ages to get a reply from a trainer), I'll have to leave it to the experts.

I'm using Firefox with IE Tab and WINDOWS XP Home Edition SP2.

Thank you in advance.

(saving space, log deleted -- dairyman)O17 - those IPs belongs to OPTUSNET1, and OPTUSINTERNET-AU, respectively, both located in Australia, so, if you don't recognize them, you may fix O17

Fix also:
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)

You have also quiet a few unnecessary O4 entries, but I'm going to bed now, so I'll take care of them tomorrow.
Nothing dangerous, though.Thank you.

OptusNet is my ISP, so they shouldn't do any harm.
Will fix the BHO and Toolbar.Quote

Will fix the BHO and Toolbar.

Open HijackThis and select Do a system scan only then place a check mark next to:

O4 - HKUS\S-1-5-18\..\Run: [Microsoft Telecoma Center] tellcoma.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Microsoft Telecoma Center] tellcoma.exe (User 'Default user')

Close all windows except for HijackThis and click Fix checked

Exit Hijackthis.

----------

1) Please download Pocket Killbox

Unzip it to the desktop

C:\WINDOWS\System32\tellcoma.exe

C:\WINDOWS\System32\tellcoma.exe
C:\WINDOWS\System32\msconfigx32.exe

• Click Options...
  
• Move the arrow down to Standard CleanUp!
  
• Uncheck the following:
  
  • Delete Newsgroup cache
    
  • Delete Newsgroup Subscriptions
• Click OK
  
  • Press the CleanUp! button to start the program. Reboot/logoff when prompted.
    
    Note: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility
    
    
    
    This is a good time to clear your infected system restore points and establish a new clean restore point:
    
    • Go to Start > All Programs > Accessories > System Tools > System Restore
      
    • Select Create a restore point, and click Next.
      
    • Next, go to Start > Run and type in cleanmgr
      
    • Select the More options tab
      
    • Next to System Restore click Clean up...
    This will remove all restore points except the new one you just created.
    
    
    Let me know how everything is now.

thanks so much for this!! Im sorry if i ve bee a pain ^^

how come i have a antivirus on my pc but it still doesnt help instead we have to go through all thses steps?

I'll let you know if any of the symptoms appear again!!

I think everything is ok now!

Yeah with a XP install disc you can WIPE the drive clean.Quote

the multiple svchost.exe's are STILL running.

zonealarm internet security suite 7 have many specialization. 2 of them are antivirus and anti spyware. when i scan my PC for antivirus and spyware both of them scan the virus and spyware. but 1month ago since my antivirus detect a virus after that no virus but anti spyware is the one that can detect or scan a spyware. is this a cause of a problem in my antivirus? or this is POSSIBLE to happen.1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/
Note: This Scanner is for Internet Explorer Only
1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to INITIALIZE the scanner
5. After initialization is complete uncheck\untick "Remove found threats"
6. Check\tick "Scan unwanted applications"
7. Click the "Scan" button
8. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
Post ESET's log.

2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart COMPUTER in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll SEE "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the CURRENT dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.thank you for your advise. as what you have said, this is only for internet explorer. i'll do this when i can use the IE.

thanks a lot dude Quote

i'll do this when i can use the IE

I booted my PC like normal, started up all fine then a second later everyting blanks, taskbar, start menu, etc. then it pops up with an un-exitable full screen webpage containing images and such i'd rather not have on my computer screen (pornography) . I quickly shut it down and booted of my spare hard drive and did two full system scans one on norton and one on avg antivirus both found nothing. I checked again and it's still happening I need help fast please! 1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/
Note: This Scanner is for Internet Explorer Only
1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
5. After initialization is complete uncheck\untick "Remove found THREATS"
6. Check\tick "Scan unwanted applications"
7. Click the "Scan" button
8. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
Post ESET's log.

2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.Thanks i'll give it ago.I would do a hijack this but as I said right now im working on my uneffected hard drive and it would find nothing out of the ordinary. I wont be able to run it on the other hard drive because after the webpage comes up it stays up I can't alt-f4 alt-tab or anythingWell, we have to work on your infected HD.
Try to start in Safe Mode - To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen.Ah, ok i'm geting somewhere, i'm in safemode i've got eset running and ill post the log soonOk eset running, aparently i've my "administrator" has even disabled rights to install superantivirus even through im on the admin account and ad for the HiJack this log well

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:58 a.m., on 6/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Medichi] medichi.exe
O4 - HKLM\..\Run: [Medichi2] medichi2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [qdqnyngz] rundll32.exe "C:\Program Files\qdqnyngz\qbmhgtgx.dll",Init
O4 - HKLM\..\Run: [vapcdqls] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\vapcdqls.dll"
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [License] locker.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (USER 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra CONTEXT menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193513486234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193513461562
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://atl.img.digitalriver.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: murka.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI SMART - UNKNOWN owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6082 bytes

hope you can find something bad in thereGood, but I need you to run HJT AFTER ESET is done.Well esets about half way done (these are the times I wish I didn't have so many programs to scan) it's found 4 threats so far so im hoping its detected the problem. Oh and I guess I should mention that nortons been detecting spyware risks for about a week but not resolving them. About every five minutes I usually get something like norton has blocked risk trojan.vundo or trojan.horseJust be patient. You can't rush those things.esets log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2766 (20080104)
# vers_arch_module=1.060 (20071228)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=6e2e426d55bffa4d917027583fd2e6eb
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-01-05 08:46:30
# local_time=2008-01-06 09:46:30 (+1200, New Zealand Daylight Time)
# country="New Zealand"
# osver=5.1.2600 NT Service Pack 2
# scanned=536558
# found=9
# scan_time=4030
C:\Program Files\Common Files\Symantec Shared\ccApp.exeWin32/TrojanDropper.Agent.DGO virus00000000000000000000000000000000
C:\Program Files\Norton Internet Security\osCheck.exeWin32/TrojanDropper.Agent.DGO virus00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-2418244512-849263507-4064612095-1003\Dg176.batWin32/Adware.Virtumonde application9A7EF09167A6F4433681B94351509043
C:\RECYCLER\S-1-5-21-2418244512-849263507-4064612095-1003\Dg190.tmpWin32/Adware.UltimateDefender application8D4145842AC55DD7D61861E54A0583A5
C:\WINDOWS\system32\ssttu.exeWin32/TrojanDropper.Agent.DGO virus00000000000000000000000000000000
C:\WINDOWS\system32\suspend.exeWin32/TrojanDownloader.Small.NZD trojan7809D29A32ABE9F1EA40C7B6D43201BC
C:\WINDOWS\system32\user32.datWin32/TrojanDownloader.Small.NZC trojanB7D2D09D310A8C86FF706B5B9B84593D
C:\WINDOWS\system32\njprckha\njprckha1.exeWin32/Adware.UltimateFixer applicationE199BBF2C868BE7BC4246980BF49F345
C:\WINDOWS\system32\njprckha\njprckha3.exeWin32/Adware.UltimateCleaner application4214F251993ABF583AB333FEAAA9379A
Good.
Can you download, and run SUPERAntiSpyware in Safe Mode?

I have been experiencing pop ups from adssite and they have been annoying I have tryed everything to get rid of it can anyone help me. Here is my hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:19 PM, on 1/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\1199309204\ee\aolsoftware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE PROTECTION - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of FILE - 5593 bytes
Are you running Windows firewall, because I can't see any?

You need to update your Java: http://www.java.com/en/download/index.jsp
Uninstall all older versions from Add\Remove.

Open HJT, checkmark:
- O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
Click on "FIX checked".
Restart computer.
Other then that, I can't see anything malicious, but to make sure...

1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/
Note: This Scanner is for Internet Explorer Only
1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
5. After initialization is complete uncheck\untick "Remove found threats"
6. Check\tick "Scan unwanted applications"
7. Click the "Scan" button
8. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
Post Eset's log.

2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Post new HijackThis log.i am using windows firewallOK. Go ahead with others.Can anyone give me any feedback on the combofix text file. I did a scan and i THINK there are problems. I will attach the log file.

[file cleanup - saving space - attachment deleted by admin]Here are the logs that you requested

ESET Online Scanner

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2766 (20080104)
# vers_arch_module=1.060 (20071228)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=37b45d69ff3cde4bbcfaac0a3bf051df
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-01-05 08:37:16
# local_time=2008-01-05 12:37:16 (-0800, Pacific STANDARD Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=903944
# found=0
# scan_time=4789



SUPERAntiSpyware Scan Log
Generated 01/05/2008 at 01:17 PM

Application Version : 3.3.1020

Core Rules Database Version : 3374
Trace Rules Database Version: 1369

Scan type : Complete Scan
Total Scan Time : 00:16:03

Memory items scanned : 173
Memory threats detected : 0
Registry items scanned : 5915
Registry threats detected : 0
File items scanned : 633
File threats detected : 3

Adware.Tracking Cookie
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Cookies\[emailprotected][2].txt
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Cookies\[emailprotected][1].txt



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:51 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\HP_Owner.YOUR-03667082DE\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 6142 bytes
Your HJT log is clean.
I recommend, you download free Comodo firewall: http://www.personalfirewall.comodo.com/, disable Windows firewall, and install Comodo.
Still getting pop-ups?no pop ups so farCool
Now, it's time for firewall adjustment...

Power down and re-boot.
Go to Start/Run and type in sfc /scannow and hit Enter...
Have the XP CD handy as it will ask for it.
Let it run to COMPLETION and re-boot...I did it but it popped up and asked whether to use the files stored on the hard drive to COPY from disk, i chose to copy from disk (it said id be prompted to insert disk) but i was never prompted, so i ran it again with no prompt even asking if to use files from hard drive or disk. and now when i restart, just after the first WINDOWS xp screen, i get a weird windows screen that says please wait in the upper left hand corner and it seems to take longer to boot up.

Note on above statement. No longer displaying wierd windows screen at startup, and it blue screened again when I went to put it to sleep. Again, the video driver, and the file ati2dvag.dll.

OK about nod, I can see it.
Still NEED Superspyware LOG, and current VERSION of HJT (my link) log.

My Laptop is infected with something and it is driving me nuts! I have RAN the Hijack log and didn't see anything unusual . When I get on line I get the pop up searchthetrend.com and its getting worse because the computer is really slow now and I can barely do anything
Please help!1. Run free ESET Online Scanner at: HTTP://www.eset.com/onlinescan/
Note: This Scanner is for Internet Explorer Only
1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
5. After initialization is complete uncheck\untick "Remove found threats"
6. Check\tick "Scan unwanted applications"
7. Click the "Scan" button
8. Once the scan is done, you will FIND a log in C:\Program Files\esetonlinescanner\log.txt
Post ESET's log.

2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your SCREEN

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.

Hi, My pc (or should I say my AVG) is reporting 2 bugs. I have tried everything I can think of to try to fix them without any success.
I have run all the step suggested on your site but they all come BACK and say that my pc has no bugs / viruses.
The problem started over the Christmas holidays when AVG anti virus reported that while opening "C:\windows\system32\dsoundh.dll" it had detected "Trojan Horse Generic9.akav". It gives me the option to heal or delete (I have tried both) but after rebooting my pc, the file is still exists (as well as being in the virus vault).
The second problem I have is when running AVG anti spyware, it reports "Trojan.BHO.agz" and again it doesn't appear to be able to fix the problem.
I am currently running my pc with system restore turned off.
I have attaced my hijackthis file (which shows the file "C:\windows\system32\dsoundh.dll" but try as I might I cannot delete it, even in safe mode or by using special programs like unlocker).
I would be most grateful for any help that can be offered & Please let me know if you require any further information.
Many thanks,
Brian


[file cleanup - saving space - attachment deleted by admin]Open HijackThis and select Do a system scan only then place a CHECK mark next to:

O2 - BHO: (no name) - {35B8D79B-5575-4669-A2DD-FE45775F5E82} - C:\WINDOWS\system32\dsoundh.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - BLANK (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)

Close all windows except for HijackThis and click Fix checked

Please download ATF Cleaner by Atribune. ATF Cleaner.exe

Make sure that all browser windows are closed.

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All and UNCHECK Cookies.
  
• Click the Empty Selected button.
  

• Click Firefox at the top and choose: Select All and UNCHECK Cookies.
  
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

• Click Opera at the top and choose: Select All and UNCHECK Cookies.
  
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  

• Double-click on drweb-cureit.exe and then click Start.
  
• An Express Scan of your PC notice will appear.
  
• Under Start the Express Scan Now Click OK to start.
  
  • This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis and click OK
  
• Back at the main window, select the Complete scan button.
  
• Then click the Start Scanning button and the scan will start.
  
  • (The green arrow button on the right)
• When done, a message will be displayed at the bottom advising if any viruses were found.
• Click Select all
  
  • Choose Cure and from the options select Delete incurable
    
  • This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured.
• Next, in the Dr.Web CureIt menu on top, click file and choose Save REPORT list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit.

• After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
  
  • Copy and paste that log in the next reply

• Go to Start > All Programs > Accessories > System Tools > System Restore
  
• Select Create a restore point, and click Next.
  
• Next, go to Start > Run and type in cleanmgr
  
• Select the More options tab
  
• Next to System Restore click Clean up...

I begin receiving the following message recently:

Your BROWSER has been hijacked by trojan.win32.agent.akk, You need to clean your system immediately, in other case it can be crashed soon! Click OK to download the hight tech spyware protection software (recomended)

I believe that I removed the virus, but not before it hosed up the screen on my laptop. The right hand SIDE of my screen (about 4 inches) now has vertical lines on it (mostly white lines) and appears to be broken like a piece of glass. When I take a screenshot of it the screen appears to be fine, but something it over writing everything else on the right side of my screen.

Any help would be greatly appreciated!!

[file cleanup - saving space - attachment deleted by admin]Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet...

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O2 - BHO: (no name) - {2FA3B736-1AC7-454D-8E94-8BA8158BF064} - (no file)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)

O4 - HKLM\..\Run: [SpywareRemover] C:\Program Files\SpywareRemover\SpywareRemover.exe -boot
O4 - HKCU\..\Run: [SpywareRemover] C:\Program Files\SpywareRemover\SpywareRemover.exe -boot

O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -

O4 - HKLM\..\Run: [ErrorSmart] C:\Program Files\ErrorSmart\ErrorSmart.exe
(I'm not familiar with this ErrorSmart program. Based on what I've found, I would remove it, but it could be legitimate. Is this a program you normally USE? Don't check this yet.)

Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following (if present)...

MyWebSearch
SpywareRemover (This looks legitimate, but it's considered rogue anti-spyware, which means it shouldn't be trusted.)

Please note any other programs that you dont recognize in that list in your next response.

Navigate to and delete the following folder(s) if present...

C:\Program Files\SpywareRemover

Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up. Let me know how everything's running now and if you had any problems following my steps.Also... You're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo. They're all good free firewalls. Just be sure you only have one installed at a time! Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.




Another thing...although you do have some infected files showing up, I don't think your monitor problem is related. It sounds like a hardware issue to me, and it may just be a rather unfortunate coincidence. If it is indeed a hardware problem, you will most likely need to go to a shop. Out of curiosity...do you still have the problem in Safe Mode?I followed your instructions and nothing has changed. I've been thinking that the virus probably wrote over some CODE involved with the display. I'm not sure how or even if that's the case, but that's what I've figured is going on.

I've attached the latest hijack this log as you requested.

[file cleanup - saving space - attachment deleted by admin]Your log looks clean to me. You still need a firewall, however.

To be honest, I don't think your problem is virus-related. I've never heard of a virus that does any such thing to a computer's display. And the one you mentioned does no more than create fake pop-up alerts designed to SCAM people. The fact that screenshots aren't affected leads me to believe it is a hardware issue. It sounds like your screen just happened to fail around the same time you encountered your infection. If your display is still wonky in Safe Mode, that would support this further.

With that said...just in case traces of the infection might still exist, I would suggest taking a look here...
http://forums.whatthetech.com/How_to_remove_trojan_win32_agent_akk_Critical_System_Error_t86102.html

Hello all:
The atni-spyware my ISP (SBC Yahoo) provides found 3 key loggers
C:\Program Files\common\microsoft shared
key hkey_local_machine\software\sces software\the pc detective
key hkey_local_machine\software\sces software\tpcdhost
but when I click remove, nothing is removed. I've waited as much as 2 hours, and have to use task manger to GET out of the program.
I have run eset scanner, and the 1 provide by my ISP (computer associates) and they have found nothing.
I ran the scanner from Trend Micro and it has found
spyware_trak_msnspymonitor 364 infected files
but cannot remove them. I have let the remove function run for up to 2 hours with no luck./
Panda found this
Potentially unwanted tool:Application/PCDetective.A Not disinfected C:\Program Files\Common Files\Microsoft Shared\DAO\PCD\SVCHOST.EXE
Virus:Generic Malware Disinfected C:\Program Files\Common Files\Microsoft Shared\DAO\PCD\SVCHOSTE.EXE
When I navigate to this folder. I find a bunch of ".TPC" files, which wont let me delete, and when I open in notepad ( if it finds themthey all are charectors not letters (ÿØÿà JFIF ÿþ *Intel(R) JPEG Library, version 1,5,4,36 ÿÛ C



(just a sample)
I have no idea what to do;
HJT log to come


Should I do a clean install, or can this be fixed?
Thanks Mel

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:57:54 AM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\DOCUMENTS and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?.done=https%3A%2F%2Fedit.client.yahoo.com%2Fmembercenter&.partner=sbc&.intl=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] "C:\PROGRA~1\Yahoo!\YOP\yop.exe" /autostart
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [SmcService] "C:\PROGRA~1\Sygate\SPF\smc.exe" -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Minder Reminders.lnk = C:\HALLMARK\EMREMIND.EXE
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Image Transfer.lnk = C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O16 - DPF: Yahoo! Gin - http://download2.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI UTILITY Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176731264312
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 8677 bytes
Thanks again Mel1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/
Note: This Scanner is for Internet Explorer Only
1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
5. After initialization is complete uncheck\untick "Remove found threats"
6. Check\tick "Scan unwanted applications"
7. Click the "Scan" button
8. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
Post ESET's log.

2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Post new HijackThis log.Hello:
I'm sorry it took so long.
I had posted this problem in another forum 5 days before I had posted here.
They got back to me about an hour after I posted here.
If there is a chace of getting a second opinion, I would appreciate it very much. I know you all are real busy. the thread is located here
http://www.bleepingcomputer.com/forums/topic123575-15.html#entry705463
I have the utmost respect and gratetude to the specialist from the other forum
I did the things that Broni suggest last night and here are the logs
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2766 (20080104)
# vers_arch_module=1.060 (20071228)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=65cfd09981048c4f8c46196d2470cb62
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-01-06 06:51:05
# local_time=2008-01-05 10:51:05 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=420450
# found=0
# scan_time=9025
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/06/2008 at 10:34 PM

Application Version : 3.9.1008

Core Rules Database Version : 3375
Trace Rules Database Version: 1369

Scan type : Complete Scan
Total Scan Time : 04:40:26

Memory items scanned : 176
Memory threats detected : 0
Registry items scanned : 8566
Registry threats detected : 0
File items scanned : 111952
File threats detected : 29

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
It was after this that I ran my Isp's spyware scanner and found the same keylogger


The crew at BleepingComputer are very competent and i would trust in their advice. Thank yo so much

Open HJT, and checkmark following entries:

- O2 - BHO: (no name) - {d4c94b02-4ba8-4193-97ea-f5a0034cfd0c} - (no file)

- O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Now, we will disable some unnecessary startups (no program will be uninstalled\deleted).
Checkmark these:
- O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
- O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
- O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
(unless you're using more then one language in M$ Office; in addition, you have to disable it manually: http://support.microsoft.com/default.aspx?scid=kb;en-us;282599)
- O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(free version doesn't have real time protection, so there is no reason to run it at startup)

Click "Fix checked" button.

Restart computer, and...
1. Download, and install CCleaner: http://www.ccleaner.com/
2. Read CCleaner instruction from here: http://www.jahewi.nl/ccleaner/ccleaner.html, and run CCleaner
If I didn't ask you to run it on your computer, do it, as well.OK, all that is done. Is there anything else I can try or do that MIGHT help? It is still running way to slow.What are the computer specs? This is desktop?No, it is a Toshiba laptop.
Celeron 1.5 GHz
192 MB of RAM

Windows XP

She definitely needs more RAM. She'll see the difference.I believe so too. It seems to do good sometimes when it is booted up for a minute and running but waiting on it to get booted up from restart can be a nightmare. Is the memory install HARD on a laptop? I have never installed memory on anything other than a desktop in the past.Quote

Is the memory install hard on a laptop?

;Dhi

hi can you please give me a demo or a tutorials on how i can creat my own made anti VIRUS...

i WANT to have just only one... please!!!


i really want one... do you know the issues about messengers today?
theres a virus on messengers specially yahoo messengers...



i want to have just one so that i could help prevent it from spreading....

thnx....you have a virus from yahoo? we need more info on your computer

and it would be to hard for you to create your own av program

you need:
great knowledge and skill at c andctt and other program languages
alot of signatures of infections
and a great deal of planning on how and what you want the program to dojoeloffelsienes ......... Before you embark on reinventing the wheel, perhaps you could tell us if your computer is infected with some type of nasty and what anti virus are you CURRENTLY using.

dl65 Quote from: dl65 on January 08, 2008, 01:58:17 AM

joeloffelsienes ......... Before you embark on reinventing the wheel, perhaps you could tell us if your computer is infected with some type of nasty and what anti virus are you currently using.

dl65

We should establish a geographically correct central meeting place for those people who actually want to reward us for our efforts...Any ideas ? ?Since people on this board are from all over the world, I think MY place will work. It's always half-way from SOMEWHERE...LOL
But, FIRST things, first. Let me enjoy:
::HEADS to Broni's place::

I have these pop-ups coming up and ALL of them start with "CiD:" some nasty sites. Some not. They come up sometimes even when nothing is open.

What is this and how do I get rid of it?

I have McAfee 2008 ... but it CANT seem to FIND anything.McAfee sucks. AVG is better. Get it and scan with it. Also get SUPERAntiSpyware and use that.1. Run free ESET Online Scanner at: http://www.eset.com/onlinescan/
Note: This Scanner is for Internet Explorer Only
1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
5. After initialization is complete uncheck\untick "Remove found threats"
6. Check\tick "Scan unwanted applications"
7. Click the "Scan" button
8. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
Post ESET's log.

2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Print these instructions out.

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.Yeah, I was runnig AVG, but I seen Mcafee on sale for 10 bucks about 2 months ago, so I got it. haha.

Ok .. thanks guys.

Ill take off Mcafee and get AVG and Superanti spywareHijackthis log is as follows:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\McrdSvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Webroot\POP-UP~1\POPUPW~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Punisher\Local Settings\Temporary Internet Files\Content.IE5\Z33YOEIS\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamefaqs.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Popup Killer - {4A3A071E-F913-4eee-AE15-AEFFA16FB6BC} - C:\PROGRA~1\Webroot\POP-UP~1\VAPopupKiller.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Secure] C:\WINDOWS\WindowsUpdates.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\Plan trust.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [wait bold] C:\DOCUME~1\Punisher\APPLIC~1\INFOLO~1\Cash Style.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PopUpWasher] C:\PROGRA~1\Webroot\POP-UP~1\PopUpWasher.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
SECOND PART of above post is

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15-3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 11163 bytes
SUPERAnti-spyware log is


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/07/2008 at 05:35 PM

Application Version : 3.9.1008

Core Rules Database Version : 3375
Trace Rules Database Version: 1369

Scan type : Quick Scan
Total Scan Time : 00:19:10

Memory items scanned : 585
Memory threats detected : 0
Registry items scanned : 865
Registry threats detected : 1
File items scanned : 19246
File threats detected : 91

Trojan.Downloader-ChinaHot
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A75E294E-C047-4D29-B07E-37B792881BEF}

Adware.Tracking Cookie
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][4].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Punisher\Cookies\[emailprotected][1].txt
You've got a couple of infections that need to be taken care of, but before continuing, we are going to need a few of things from you...

1. You didn't include an ESET log. Please post this.

2. Your HijackThis log is missing its header (with information about Windows, IE, etc.). We need the entire log, so please post the whole thing. You may attach it if you wish.

3. Also, your HijackThis is in a temporary location. This means that HijackThis and its important backups will eventually be deleted. Please run the program from a permanent location such as C:\Program Files\HJT.

4. You appear to have a Lop infection. Please follow the below instructions...

First...
Download NoLop! and click on Search and Destroy. Once the scan has been completed, the program will reboot your computer. Upon rebooting, you may receive errors. Don't panic; this is normal. After the reboot, locate the file C:\NoLop!.log and post the contents here.

Second...
Open HijackThis.
Click on Open Misc Tools Section
Make sure that both boxes beside "Generate StartupList Log" are checked:

• List all minor sections(Full)
  
• List Empty Sections(Complete)

A new complete HijackThis log

You appear to have a Lop infection.

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D.

Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.

• Choose the language by typing of the corresponding letter and press Enter
  
• Click OK at the informative window.
  
• Type 2 to choose Option 2 (Delete with Hosts File Restore), then press Enter
  
• Wait until the end of the scan.
• A report will be generated, post the contents of it in your next reply.

I don't see anything else that would cause any problems so let's clean up and see how things are then.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• The above procedure will:
• Delete the following:
• ComboFix and its ASSOCIATED files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it yourself.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

I have followed all the steps in the Malware REMOVAL thread and here are my reports.

[ATTACHMENT deleted by admin]wait for an expert but i WOULD take out UNIBLUE

The reason I ask is because I'll run Ad-Aware and it'll find like 18 infected files. Then I'll run Panda and it'll find 256 infected files. Should I just run Panda and forget ad-Aware or is it best to run as MANY different programs as possible to get as much junk out of my COMPUTER as possible?Most likely, Panda is detecting Tracking Cookies. It's common for a computer to end up with lots of those. Ad Aware is probably finding the same STUFF.......nothing to get your nickers in a twist over

If I run Spybot S&D, it will generally find about 20 Tracking cookies, but If I run AVG FREE, it will find a sh** load of them.

Can you post a scan log from Panda or AdAware to be sure.....Some of those detections may be viruses

What I do, generally is keep One anti-virus program with REAL-TIME protection running all the time...Not good to have more than one antivirus running in REALTIME proteciton....Although is might be ok to have an anti-spyware program running in REAL-Time along side of the anti-virus....I'm no security expert.....not sure how anti-spyware and anti-virus programs affect eachotherdownload the following all free and your covered for everything , harry

superantispyware
ccleaner
avast , anti virus
malwarebytes anti-malware

remember you can only have 1 anti-virus

yeah tea TIMER is off.
okay im doing a MBAM quick scan

even in safe mode theres still warnings all over my internet, at the top, about spyware. okay I did the mbam scan.



[attachment deleted by admin]Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFixokay, i ran it. things seem to be running okay, ill try and BOOT into normal mode.

[attachment deleted by admin]Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

File::
c:\windows\system32\dllcache\userinit.exe
c:\windows\system32\loader49.exe

Folder::
C:\SDFix

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingD2599"=-
"SpybotDeletingB9743"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=-

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezeit deleted sdfix too.

[attachment deleted by admin]

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.
.
----------

Download

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved PASSWORDS click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it yourself.

i will get that log on here asap thank you so much. im downloading combofix right now. Yes my browsers are all working now.here is the CF log

ComboFix 09-04-29.03 - John 04/29/2009 22:22.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1013.215 [GMT -5:00]
Running from: c:\users\John\Downloads\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
AV: Norton 360 *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall *enabled*
FW: Norton 360 *enabled*
* Created a new restore point
.
ADS - Windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\tumuwaku\tumuwaku.dll
c:\windows\system32\x64
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-30 )))))))))))))))))))))))))))))))
.

2009-04-30 02:51 . 2009-04-30 02:51--------d-----wc:\program files\SUPERAntiSpyware
2009-04-30 02:50 . 2009-04-30 02:50--------d-----wc:\program files\Common Files\Wise Installation Wizard
2009-04-29 04:06 . 2009-04-29 04:06--------d-----wc:\programdata\rodahope
2009-04-29 04:06 . 2009-04-29 04:06--------d-----wc:\users\All Users\rodahope
2009-04-29 03:08 . 2009-04-29 03:08--------d-----wc:\users\John\AppData\Roaming\SUPERAntiSpyware.com
2009-04-29 03:08 . 2009-04-29 03:08--------d-----wc:\programdata\SUPERAntiSpyware.com
2009-04-29 03:08 . 2009-04-29 03:08--------d-----wc:\users\All Users\SUPERAntiSpyware.com
2009-04-28 03:47 . 2009-04-29 20:08--------d-----wc:\programdata\tosofove
2009-04-28 03:47 . 2009-04-30 03:25--------d-----wc:\programdata\tumuwaku
2009-04-28 03:47 . 2009-04-29 20:08--------d-----wc:\users\All Users\tosofove
2009-04-28 03:47 . 2009-04-30 03:25--------d-----wc:\users\All Users\tumuwaku
2009-04-27 15:47 . 2009-04-27 15:47--------d-----wc:\programdata\witiwegu
2009-04-27 15:47 . 2009-04-27 15:47--------d-----wc:\users\All Users\witiwegu
2009-04-27 15:47 . 2009-04-27 16:08--------d-----wc:\programdata\vasosunu
2009-04-27 15:47 . 2009-04-27 16:08--------d-----wc:\users\All Users\vasosunu
2009-04-27 15:47 . 2009-04-27 15:47--------d-----wc:\programdata\veyopiho
2009-04-27 15:47 . 2009-04-27 15:47--------d-----wc:\users\All Users\veyopiho
2009-04-27 03:47 . 2009-04-27 03:47--------d-----wc:\programdata\sebajuyo
2009-04-27 03:47 . 2009-04-27 03:47--------d-----wc:\users\All Users\sebajuyo
2009-04-27 03:47 . 2009-04-27 03:47--------d-----wc:\programdata\wayapego
2009-04-27 03:47 . 2009-04-27 03:47--------d-----wc:\users\All Users\wayapego
2009-04-27 03:47 . 2009-04-27 04:08--------d-----wc:\programdata\petonuho
2009-04-27 03:47 . 2009-04-27 04:08--------d-----wc:\users\All Users\petonuho
2009-04-26 15:46 . 2009-04-26 16:08--------d-----wc:\programdata\hatikefe
2009-04-26 15:46 . 2009-04-26 16:08--------d-----wc:\users\All Users\hatikefe
2009-04-26 15:46 . 2009-04-26 15:46--------d-----wc:\programdata\lamujoto
2009-04-26 15:46 . 2009-04-26 15:46--------d-----wc:\users\All Users\lamujoto
2009-04-26 15:46 . 2009-04-26 15:46--------d-----wc:\programdata\zahuzewi
2009-04-26 15:46 . 2009-04-26 15:46--------d-----wc:\users\All Users\zahuzewi
2009-04-26 03:46 . 2009-04-26 03:46--------d-----wc:\programdata\hikepohe
2009-04-26 03:46 . 2009-04-26 03:46--------d-----wc:\users\All Users\hikepohe
2009-04-26 03:46 . 2009-04-28 17:53--------d-----wc:\programdata\zezowawi
2009-04-26 03:46 . 2009-04-28 17:53--------d-----wc:\users\All Users\zezowawi
2009-04-26 03:46 . 2009-04-26 04:08--------d-----wc:\programdata\sekisahi
2009-04-26 03:46 . 2009-04-26 04:08--------d-----wc:\users\All Users\sekisahi
2009-04-25 15:47 . 2009-04-25 15:47--------d-----wc:\programdata\hanayupu
2009-04-25 15:47 . 2009-04-25 15:47--------d-----wc:\users\All Users\hanayupu
2009-04-25 15:47 . 2009-04-25 16:08--------d-----wc:\programdata\mumehuve
2009-04-25 15:47 . 2009-04-25 16:08--------d-----wc:\users\All Users\mumehuve
2009-04-25 15:47 . 2009-04-25 15:47--------d-----wc:\programdata\vikikeme
2009-04-25 15:47 . 2009-04-25 15:47--------d-----wc:\users\All Users\vikikeme
2009-04-25 03:47 . 2009-04-25 03:47--------d-----wc:\programdata\vaguyasi
2009-04-25 03:47 . 2009-04-25 03:47--------d-----wc:\users\All Users\vaguyasi
2009-04-25 03:47 . 2009-04-25 04:08--------d-----wc:\programdata\hohokaza
2009-04-25 03:47 . 2009-04-25 04:08--------d-----wc:\users\All Users\hohokaza
2009-04-25 03:46 . 2009-04-28 17:50--------d-----wc:\programdata\hipolugi
2009-04-25 03:46 . 2009-04-28 17:50--------d-----wc:\users\All Users\hipolugi
2009-04-25 02:46 . 2009-04-25 02:46--------d-----wc:\programdata\vegiyemi
2009-04-25 02:46 . 2009-04-25 02:46--------d-----wc:\users\All Users\vegiyemi
2009-04-25 02:46 . 2009-04-25 02:46--------d-----wc:\programdata\lizujopu
2009-04-25 02:46 . 2009-04-25 02:46--------d-----wc:\users\All Users\lizujopu
2009-04-25 02:46 . 2009-04-29 20:08--------d-----wc:\programdata\zuvirumu
2009-04-25 02:46 . 2009-04-29 20:08--------d-----wc:\users\All Users\zuvirumu
2009-04-25 02:46 . 2009-04-25 02:46--------d-----wc:\programdata\wagitiru
2009-04-25 02:46 . 2009-04-25 02:46--------d-----wc:\users\All Users\wagitiru
2009-04-24 14:46 . 2009-04-24 14:46--------d-----wc:\programdata\bewodanu
2009-04-24 14:46 . 2009-04-24 14:46--------d-----wc:\users\All Users\bewodanu
2009-04-24 14:45 . 2009-04-24 15:07--------d-----wc:\programdata\nademiso
2009-04-24 14:45 . 2009-04-24 15:07--------d-----wc:\users\All Users\nademiso
2009-04-24 14:45 . 2009-04-24 14:45--------d-----wc:\programdata\sunimuju
2009-04-24 14:45 . 2009-04-24 14:45--------d-----wc:\users\All Users\sunimuju
2009-04-24 02:45 . 2009-04-24 03:07--------d-----wc:\programdata\bifaruwi
2009-04-24 02:45 . 2009-04-24 03:07--------d-----wc:\users\All Users\bifaruwi
2009-04-24 02:45 . 2009-04-24 02:45--------d-----wc:\programdata\benosafi
2009-04-24 02:45 . 2009-04-24 02:45--------d-----wc:\users\All Users\benosafi
2009-04-24 02:45 . 2009-04-24 02:45--------d-----wc:\programdata\hujuyuju
2009-04-24 02:45 . 2009-04-24 02:45--------d-----wc:\users\All Users\hujuyuju
2009-04-23 14:45 . 2009-04-23 14:45--------d-----wc:\programdata\wanizofu
2009-04-23 14:45 . 2009-04-23 14:45--------d-----wc:\users\All Users\wanizofu
2009-04-23 14:45 . 2009-04-23 14:45--------d-----wc:\programdata\danuzihi
2009-04-23 14:45 . 2009-04-23 14:45--------d-----wc:\users\All Users\danuzihi
2009-04-23 14:45 . 2009-04-23 15:06--------d-----wc:\programdata\nadohipi
2009-04-23 14:45 . 2009-04-23 15:06--------d-----wc:\users\All Users\nadohipi
2009-04-23 02:46 . 2009-04-25 02:46--------d-----wc:\programdata\ginoreru
2009-04-23 02:46 . 2009-04-25 02:46--------d-----wc:\users\All Users\ginoreru
2009-04-23 02:46 . 2009-04-25 02:46--------d-----wc:\programdata\fawofofo
2009-04-23 02:46 . 2009-04-25 02:46--------d-----wc:\programdata\vetaweyo
2009-04-23 02:46 . 2009-04-25 02:46--------d-----wc:\users\All Users\fawofofo
2009-04-23 02:46 . 2009-04-25 02:46--------d-----wc:\users\All Users\vetaweyo
2009-04-23 02:45 . 2009-04-23 02:45--------d-----wc:\programdata\lomehuda
2009-04-23 02:45 . 2009-04-23 02:45--------d-----wc:\users\All Users\lomehuda
2009-04-23 02:45 . 2009-04-28 17:52--------d-----wc:\programdata\sodekeba
2009-04-23 02:45 . 2009-04-28 17:52--------d-----wc:\users\All Users\sodekeba
2009-04-23 02:45 . 2009-04-23 02:45--------d-----wc:\programdata\bimeyonu
2009-04-23 02:45 . 2009-04-23 02:45--------d-----wc:\users\All Users\bimeyonu
2009-04-23 02:45 . 2009-04-23 02:45--------d-----wc:\programdata\yodutiti
2009-04-23 02:45 . 2009-04-23 02:45--------d-----wc:\users\All Users\yodutiti
2009-04-22 14:45 . 2009-04-22 14:45--------d-----wc:\programdata\zumupobi
2009-04-22 14:45 . 2009-04-22 14:45--------d-----wc:\users\All Users\zumupobi
2009-04-22 14:45 . 2009-04-22 14:45--------d-----wc:\programdata\bazamufa
2009-04-22 14:45 . 2009-04-22 14:45--------d-----wc:\users\All Users\bazamufa
2009-04-22 14:45 . 2009-04-22 15:06--------d-----wc:\programdata\hogikata
2009-04-22 14:45 . 2009-04-22 15:06--------d-----wc:\users\All Users\hogikata
2009-04-22 02:45 . 2009-04-22 02:45--------d-----wc:\programdata\johabuji
2009-04-22 02:45 . 2009-04-22 02:45--------d-----wc:\users\All Users\johabuji
2009-04-22 02:45 . 2009-04-22 03:06--------d-----wc:\programdata\moriwami
2009-04-22 02:45 . 2009-04-22 02:45--------d-----wc:\programdata\vuyugije
2009-04-22 02:45 . 2009-04-22 03:06--------d-----wc:\users\All Users\moriwami
2009-04-22 02:45 . 2009-04-22 02:45--------d-----wc:\users\All Users\vuyugije
2009-04-21 14:45 . 2009-04-21 14:45--------d-----wc:\programdata\diforusa
2009-04-21 14:45 . 2009-04-21 14:45--------d-----wc:\users\All Users\diforusa
2009-04-21 14:45 . 2009-04-21 14:45--------d-----wc:\programdata\kupuruzi
2009-04-21 14:45 . 2009-04-21 14:45--------d-----wc:\users\All Users\kupuruzi
2009-04-21 14:45 . 2009-04-21 15:06--------d-----wc:\programdata\wovahuzo
2009-04-21 14:45 . 2009-04-21 15:06--------d-----wc:\users\All Users\wovahuzo
2009-04-21 02:45 . 2009-04-28 17:53--------d-----wc:\programdata\zodogupe
2009-04-21 02:45 . 2009-04-28 17:53--------d-----wc:\users\All Users\zodogupe
2009-04-21 02:45 . 2009-04-28 17:52--------d-----wc:\programdata\ruyigige
2009-04-21 02:45 . 2009-04-28 17:52--------d-----wc:\users\All Users\ruyigige
2009-04-21 02:45 . 2009-04-28 17:52--------d-----wc:\programdata\pehuvesi
2009-04-21 02:45 . 2009-04-28 17:52--------d-----wc:\users\All Users\pehuvesi
2009-04-20 14:44 . 2009-04-28 17:51--------d-----wc:\programdata\minukure
2009-04-20 14:44 . 2009-04-28 17:51--------d-----wc:\users\All Users\minukure
2009-04-20 14:44 . 2009-04-28 17:50--------d-----wc:\programdata\hikemavi
2009-04-20 14:44 . 2009-04-28 17:50--------d-----wc:\users\All Users\hikemavi
2009-04-20 02:44 . 2009-04-28 17:53--------d-----wc:\programdata\zofudaga
2009-04-20 02:44 . 2009-04-28 17:53--------d-----wc:\users\All Users\zofudaga
2009-04-20 02:44 . 2009-04-28 17:50--------d-----wc:\programdata\fizugotu
2009-04-20 02:44 . 2009-04-28 17:50--------d-----wc:\users\All Users\fizugotu
2009-04-20 02:44 . 2009-04-28 17:52--------d-----wc:\programdata\rufowopa
2009-04-20 02:44 . 2009-04-28 17:52--------d-----wc:\users\All Users\rufowopa
2009-04-19 14:44 . 2009-04-28 17:53--------d-----wc:\programdata\zarasane
2009-04-19 14:44 . 2009-04-28 17:53--------d-----wc:\users\All Users\zarasane
2009-04-19 14:44 . 2009-04-28 17:52--------d-----wc:\programdata\resiyefu
2009-04-19 14:44 . 2009-04-28 17:52--------d-----wc:\users\All Users\resiyefu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-30 02:42 . 2007-05-22 04:18--------d-----wc:\program files\Common Files\Symantec Shared
2009-04-29 13:09 . 2007-04-14 13:29--------d-----wc:\program files\Shockwave.com
2009-04-17 08:12 . 2006-11-02 11:18--------d-----wc:\program files\Windows Mail
2009-04-06 18:12 . 2008-04-28 00:47--------d-----wc:\program files\Westward2_at
2009-04-01 22:10 . 2007-04-02 02:34--------d-----wc:\program files\Rhapsody
2009-03-30 21:30 . 2007-06-15 05:40--------d-----wc:\program files\Serif
2009-03-30 21:30 . 2006-12-16 06:19--------d--h--wc:\program files\InstallShield Installation Information
2009-03-30 21:29 . 2007-03-20 13:55--------d-----wc:\program files\Real
2009-03-30 21:28 . 2006-12-16 06:29--------d-----wc:\program files\CyberLink
2009-03-30 21:27 . 2007-04-09 17:12--------d-----wc:\program files\WildTangent
2009-03-30 21:25 . 2007-03-01 20:09--------d-----wc:\program files\MySpace
2009-03-30 21:19 . 2006-12-16 06:32--------d-----wc:\program files\Gateway Games
2009-03-30 21:17 . 2007-10-19 23:46--------d-----wc:\program files\DivX
2009-03-30 21:04 . 2006-11-02 10:2586016----a-wc:\windows\inf\infstor.dat
2009-03-30 21:04 . 2006-11-02 10:2551200----a-wc:\windows\inf\infpub.dat
2009-03-30 21:04 . 2006-11-02 10:2586016----a-wc:\windows\inf\infstrng.dat
2009-03-30 21:04 . 2007-07-03 08:03--------d-----wc:\program files\Common Files\Apple
2009-03-17 03:16 . 2009-04-16 19:5340960----a-wc:\windows\AppPatch\apihex86.dll
2009-03-17 03:16 . 2009-04-16 19:5314848----a-wc:\windows\system32\apilogen.dll
2009-03-17 03:16 . 2009-04-16 19:5325600----a-wc:\windows\system32\amxread.dll
2009-03-05 22:32 . 2009-03-05 22:27--------d-----wc:\program files\ManyCam 2.3
2009-03-03 04:24 . 2009-04-16 19:533503584----a-wc:\windows\system32\ntkrnlpa.exe
2009-03-03 04:24 . 2009-04-16 19:533469280----a-wc:\windows\system32\ntoskrnl.exe
2009-03-03 04:20 . 2009-04-16 19:52826368----a-wc:\windows\system32\wininet.dll
2009-03-03 04:19 . 2009-04-16 19:53158720----a-wc:\windows\system32\sdohlp.dll
2009-03-03 04:19 . 2009-04-16 19:53549888----a-wc:\windows\system32\rpcss.dll
2009-03-03 04:19 . 2009-04-16 19:5324576----a-wc:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:16 . 2009-04-16 19:5256320----a-wc:\windows\system32\iesetup.dll
2009-03-03 04:16 . 2009-04-16 19:5397280----a-wc:\windows\system32\iasrecst.dll
2009-03-03 04:16 . 2009-04-16 19:5353248----a-wc:\windows\system32\iasads.dll
2009-03-03 04:16 . 2009-04-16 19:5337888----a-wc:\windows\system32\iasdatastore.dll
2009-03-03 04:16 . 2009-04-16 19:5278336----a-wc:\windows\system32\ieencode.dll
2009-03-03 04:16 . 2009-04-16 19:5252736----a-wc:\windows\AppPatch\iebrshim.dll
2009-03-03 04:15 . 2009-04-16 19:5272704----a-wc:\windows\system32\admparse.dll
2009-03-03 02:40 . 2009-04-16 19:53654336----a-wc:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:08 . 2009-04-16 19:5226624----a-wc:\windows\system32\ieUnatt.exe
2009-03-03 00:44 . 2009-04-16 19:5248128----a-wc:\windows\system32\mshtmler.dll
2009-02-13 07:26 . 2009-04-16 19:5372704----a-wc:\windows\system32\secur32.dll
2009-02-13 07:26 . 2009-04-16 19:531233408----a-wc:\windows\system32\lsasrv.dll
2009-02-13 07:26 . 2009-04-16 19:537680----a-wc:\windows\system32\lsass.exe
2009-02-09 01:59 . 2009-03-11 12:052028032----a-wc:\windows\system32\win32k.sys
2008-12-12 09:20 . 2006-11-02 12:50174--sha-wc:\program files\desktop.ini
2007-04-18 23:22 . 2007-04-18 23:22774144----a-wc:\program files\RngInterstitial.dll
2007-08-14 14:39 . 2007-08-03 21:1924--sh--wc:\windows\S4435AE6B.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-01-30 2542528]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 423424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 182744]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]
"MSConfig"="c:\windows\System32\msconfig.exe" [2006-11-02 222208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2005-01-27 36864]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2006-11-07 547840]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-8-17 1447184]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-14 1695744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05356352----a-wc:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2383206740-1977817344-2628701725-1001]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2383206740-1977817344-2628701725-500]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{524C4205-F379-4D27-87D6-CFA593BEE568}c:\\program files\\msn messenger\\msnmsgr.exe"= UDP:c:\program files\msn messenger\msnmsgr.exe:Messenger
"UDP Query User{41DE6FAE-AB22-4391-9E46-F0DE74465AD1}c:\\program files\\msn messenger\\msnmsgr.exe"= TCP:c:\program files\msn messenger\msnmsgr.exe:Messenger

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 knzxdvua;knzxdvua;

c:\users\John\Downloads\ComboFix.exe

• Go to your desktop and double click on the removal tool and then click Setup.
  
• Once open Click Next
  
• Accept the license AGREEMENT and click Next
  
• Type in the letters/numbers that you see into the text box then click Next.
  
• Then click Next and the tool will start running.
  
• Once finished restart the PC.
• Delete Nortonremoval tool from your Desktop.

• Double click the MCPR.exe
• A Command Line window will be displayed, and then close automatically.
• Wait for a second Command Line window to be displayed.
• Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.
• After the second window appears, the program will begin the cleanup.
• Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
• Press Y on the keyboard.
• Wait for the computer to restart.
• All McAfee products are now removed from your computer.

I am a firm believer in using all the great free programs out there and am currently using AVG, Spybot S&D, MalwareBytes and CCLEANER. I'm still, however, using the built in Windows Firewall and was wondering if anyone here could reccomend a better, free, alternative. I KNOW I could just Google this, but 9 times out of 10 you come across junk and I figured if anyone would know what to use, it would be you guys here.Try Sunbelt personal firewall. There's a free one and a paid version. I'm sure if you dowload the trial it will revert to the free version on it's own. I found this one much easier to use than Comodo and have never had any problems with it.
http://www.sunbeltsoftware.com/Home-Home-Office/Sunbelt-Personal-Firewall/

Everyone will tell you Comodo is better, but I found it HARD to set up, especially of you have other people using your computer. Sunbelt has an option for an easy SETUP that won't annoy you with pop ups about what to allow, what not to allow etc. Just about anything is better than Windows Firewall.
Good Luck.

Problem: A PC here at work has some issues w/ certain webpages: hotmail, google maps, yahoo maps, crucial.com's memory finder, etc... For instance, when I try to go to www.hotmail.com, it shows "Done" in the lower left corner, but the web page just stays COMPLETELY blank (white), even though the top "title bar" of IE says, "Sign In - Windows Internet Explorer provided by Yahoo!"

I couldn't use "ADDITIONAL Options..." to ATTACH my logs, due to the problem I'm dealing with... the same thing it will do on several WEBSITES... I click on the link and there's no response. Same thing happens when I'm on any website and that site happens to have it's own link for "BACK" (to back up to previous page), it just doesn't respond when I click it.


Below are my logs from following your steps for malware removal:


SuperAntispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/05/2009 at 03:22 PM

Application Version : 4.26.1002

Core Rules Database Version : 3878
Trace Rules Database Version: 1826

Scan type : Complete Scan
Total Scan Time : 02:32:36

Memory items scanned : 503
Memory threats detected : 0
Registry items scanned : 5743
Registry threats detected : 2
File items scanned : 66226
File threats detected : 11

Unclassified.Unknown Origin
HKU\S-1-5-21-1904607352-951796526-1614765859-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}

Adware.Vundo Variant
HKU\S-1-5-21-1904607352-951796526-1614765859-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD}

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Administrator\Cookies\[emailprotected][1].txt
C:\Documents and Settings\hal\Cookies\[emailprotected][2].txt
C:\Documents and Settings\hal\Cookies\[emailprotected][2].txt
C:\Documents and Settings\hal\Cookies\[emailprotected][2].txt
C:\Documents and Settings\hal\Cookies\[emailprotected][2].txt
C:\Documents and Settings\hal\Cookies\[emailprotected][1].txt
C:\Documents and Settings\hal\Cookies\[emailprotected][1].txt
C:\Documents and Settings\hal\Cookies\[emailprotected][1].txt

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\ACCDD.BAK1
C:\WINDOWS\SYSTEM32\MCRH.TMP



Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.36
Database version: 2079
Windows 5.1.2600 Service Pack 2

5/5/2009 3:49:23 PM
mbam-log-2009-05-05 (15-49-23).txt

Scan type: Quick Scan
Objects scanned: 92678
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{ca0b9b71-c2af-11d3-b376-0800460222f0} (Adware.Iwon) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:00 PM, on 5/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot MODE: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe
C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\TWAIN_32\fjscan32\ERG\FTErGuid.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HJT Sniper\Sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper -

{02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E}

- C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Windows Live Toolbar Helper -

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live

Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

- C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar -

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live

Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar -

{A057A204-BACC-4D26-9990-79A187E2698E} -

C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe

Autorun
O4 - HKLM\..\Run: [FtLnSOP_setup]

C:\WINDOWS\Twain_32\Fjscan32\SOP\FtLnSOP.exe
O4 - HKLM\..\Run: [FJTWAIN Setup]

C:\WINDOWS\Twain_32\fjscan32\FjtwMkup.exe /Station
O4 - HKLM\..\Run: [FTPWRENV]

C:\WINDOWS\Twain_32\Fjscan32\FTPWREVT\FTPWREVT.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat

7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Error Recovery Guide.lnk =

C:\WINDOWS\TWAIN_32\fjscan32\ERG\FTErGuid.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program

Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab -

res://C:\Program Files\Windows Live

Toolbar\Components\en-us\msntabres.dll.mui/229?0eb3914be8594b8eb7f9ebe7

0d62a519
O8 - Extra context menu item: Open in new foreground tab -

res://C:\Program Files\Windows Live

Toolbar\Components\en-us\msntabres.dll.mui/230?0eb3914be8594b8eb7f9ebe7

0d62a519
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft

SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script

Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client

Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class)

-

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl

Class) - http://zone.msn.com/bingame/rock/default/popcaploader1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload

Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer

Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online

Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object)

- http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class)

- https://cdms.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab
O16 - DPF: {EDFCDAF5-95D9-40E9-BBE6-10C33190C3EF} (cGameControl Class)

- http://zone.msn.com/bingame/rmcb/default/RumbleCube.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ,

s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology

Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: FJTWMKSV - PFU LIMITED -

C:\WINDOWS\twain_32\fjscan32\FJTWMKSV.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner -

C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation -

C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. -

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O24 - Desktop Component 0: (no name) -

http://www.hickerphoto.com/data/media/161/symbols-of-peace__MG0813.jpg
O24 - Desktop Component 1: (no name) -

http://upload.wikimedia.org/wikipedia/commons/thumb/0/07/Captive.jpg/82

px-Captive.jpg
O24 - Desktop Component 2: (no name) -

http://www.petcaretips.net/canary_birds.jpg
O24 - Desktop Component 3: (no name) -

http://www.fishtankshop.com/ProductImages/xx29.jpg
O24 - Desktop Component 4: (no name) -

http://www.divephotoguide.com/img/galleries/med/Debi_Henshaw_1.jpg
O24 - Desktop Component 5: (no name) -

http://upload.wikimedia.org/wikipedia/commons/thumb/3/32/Nwhi_-_French_

Frigate_Shoals_reef_-_many_fish.jpg/800px-Nwhi_-_French_Frigate_Shoals_

reef_-_many_fish.jpg

--
End of file - 10201 bytes

I would guess obsolete or corrupt cookies and other temp files.

Clean your machine. Delete all cookies and temp files. I new cookie will be issued when you return to the site not on display. It will work after you clean house,

You MIGHT also clean the registry.

http://onecare.live.com/site/en-us/center/cleanup.htm

Good LuckI've done all the things that you've mentioned, and still no luck. Any more ideas?

While I know how to maintain my own computer and am usually pretty capable of knowing which programs to run to keep my computer in a proper condition, I am coming to you because my dad's computer seems to be beyond my reach of help.

He has AVG free version 8.0.138 installed, I've run a full system scan and opted to fix/quarantine all results. I've also installed Ad-Aware and run a full system scan and had it fix all results.

But now it seems AVG is popping up constantly with multiple threat detections at a time. And while browsing the internet (he's been using Firefox), it seems there are more popups than before I ran the SCANS.

I've gone through the checklist of what to do before posting, so here are the results:

Suspicious programs in the add/remove programs list:
AdVantage (powering Freeze.com)
Bonjour

SUPERAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/30/2009 at 00:15 AM

Application Version : 4.26.1002

Core Rules Database Version : 3872
Trace Rules Database Version: 1820

Scan type : Complete Scan
Total Scan Time : 00:46:38

Memory items scanned : 499
Memory threats detected : 8
Registry items scanned : 5335
Registry threats detected : 59
File items scanned : 41918
File threats detected : 22

Adware.Vundo/Variant
C:\WINDOWS\SYSTEM32\YUWULOYA.DLL
C:\WINDOWS\SYSTEM32\YUWULOYA.DLL
C:\WINDOWS\SYSTEM32\PAGAKELI.DLL
C:\WINDOWS\SYSTEM32\PAGAKELI.DLL
C:\WINDOWS\SYSTEM32\VOKETANA.DLL
C:\WINDOWS\SYSTEM32\VOKETANA.DLL
C:\WINDOWS\SYSTEM32\HAGIPUGO.DLL
C:\WINDOWS\SYSTEM32\HAGIPUGO.DLL
C:\WINDOWS\SYSTEM32\MUGUGUPU.DLL
C:\WINDOWS\SYSTEM32\MUGUGUPU.DLL
C:\WINDOWS\SYSTEM32\DOHIYUHI.DLL
C:\WINDOWS\SYSTEM32\DOHIYUHI.DLL
C:\WINDOWS\SYSTEM32\MENENUMA.DLL
C:\WINDOWS\SYSTEM32\MENENUMA.DLL
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A06671E9-EFE2-490D-B24D-5E6C2F0C5D34}
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A06671E9-EFE2-490D-B24D-5E6C2F0C5D34}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A06671E9-EFE2-490D-B24D-5E6C2F0C5D34}
C:\WINDOWS\SYSTEM32\BAYUKUKA.DLL
C:\WINDOWS\SYSTEM32\DUHIFIHO.DLL
C:\WINDOWS\SYSTEM32\FOROHEKA.DLL
C:\WINDOWS\SYSTEM32\HEWUDADO.DLL
C:\WINDOWS\SYSTEM32\LISISEJU.DLL
C:\WINDOWS\SYSTEM32\LIWUWUTO.DLL
C:\WINDOWS\SYSTEM32\MAPELUZU.DLL
C:\WINDOWS\SYSTEM32\WIWEDINO.DLL

Adware.Vundo/Variant-EC
C:\WINDOWS\SYSTEM32\NUKOKEZI.DLL
C:\WINDOWS\SYSTEM32\NUKOKEZI.DLL

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{82F6FEA3-A6EE-41D7-BF74-59BF9795F15E}
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{76086C05-4D0A-4B92-9219-2E3FE8C553F9}
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82F6FEA3-A6EE-41D7-BF74-59BF9795F15E}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#SSODL
HKCR\CLSID\{EC43E3FD-5C60-46A6-97D7-E0B85DBDD6C4}

Trojan.Vundo-Variant/NextGen
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a06671e9-efe2-490d-b24d-5e6c2f0c5d34}
HKCR\CLSID\{A06671E9-EFE2-490D-B24D-5E6C2F0C5D34}
HKCR\CLSID\{A06671E9-EFE2-490D-B24D-5E6C2F0C5D34}\InprocServer32
HKCR\CLSID\{A06671E9-EFE2-490D-B24D-5E6C2F0C5D34}\InprocServer32#ThreadingModel

Transponder Variant BHO
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000250-0320-4DD4-BE4F-7566D2314352}

Unclassified.Unknown Origin
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ACE-6851-45C3-A7FF-C281324D5489}
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15651C7C-E812-44A2-A9AC-B467A2233E7D}

Trojan.FakeAlert-IEBT
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38BF827A-D7C5-46E1-A9A2-47B1B5BB5438}

Adware.2020Search
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E1075F4-EEC4-4A86-ADD7-CD5F52858C31}
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-92C6-CE7EB590A94D}

Adware.180solutions/SurfAssistant
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5DAFD089-24B1-4C5E-BD42-8CA72550717B}

Adware.AdSponsor/ISM
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8ABA9A9C-8791-4D61-8D5B-BCC9448EA573}
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B27CC68-110C-46A9-80D3-F3107DE6EB98}

Adware.Second Thought
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{965A592F-8EFA-4250-8630-7960230792F1}

Adware.Zango Toolbar/Hb
HKCR\InstIE.HbInstObj.1
HKCR\InstIE.HbInstObj.1\CLSID

Adware.Zango/ShoppingReport
HKCR\ShoppingReport.HbAx
HKCR\ShoppingReport.HbAx\CLSID
HKCR\ShoppingReport.HbAx\CurVer
HKCR\ShoppingReport.HbAx.1
HKCR\ShoppingReport.HbAx.1\CLSID
HKCR\ShoppingReport.HbInfoBand
HKCR\ShoppingReport.HbInfoBand\CLSID
HKCR\ShoppingReport.HbInfoBand\CurVer
HKCR\ShoppingReport.HbInfoBand.1
HKCR\ShoppingReport.HbInfoBand.1\CLSID
HKCR\ShoppingReport.IEButton
HKCR\ShoppingReport.IEButton\CLSID
HKCR\ShoppingReport.IEButton\CurVer
HKCR\ShoppingReport.IEButton.1
HKCR\ShoppingReport.IEButton.1\CLSID
HKCR\ShoppingReport.IEButtonA
HKCR\ShoppingReport.IEButtonA\CLSID
HKCR\ShoppingReport.IEButtonA\CurVer
HKCR\ShoppingReport.IEButtonA.1
HKCR\ShoppingReport.IEButtonA.1\CLSID
HKCR\ShoppingReport.RprtCtrl
HKCR\ShoppingReport.RprtCtrl\CLSID
HKCR\ShoppingReport.RprtCtrl\CurVer
HKCR\ShoppingReport.RprtCtrl.1
HKCR\ShoppingReport.RprtCtrl.1\CLSID

Adware.Vundo Variant/Rel
HKLM\SOFTWARE\Microsoft\aoprndtws
HKLM\SOFTWARE\Microsoft\FCOVM
HKLM\SOFTWARE\Microsoft\RemoveRP
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\Microsoft\rdfa

Rogue.Advanced AntiVirus 2008
HKU\S-1-5-21-329068152-1425521274-725345543-1003\Software\AAV

Trojan.Fake-Drop/Gen
C:\WINDOWS\INSTALLER\ID53.EXE

Adware.Vundo/Variant-MSFake
C:\WINDOWS\SYSTEM32\MSICUU.EXE
C:\WINDOWS\SYSTEM32\MSIZAP.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\9XG4K16A\l.s.bg1z[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QCV1YBAX\l.s.bg2z[1].gif
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0VTXA8ZH\favicon[1].ico




MBAM log:

Malwarebytes' Anti-Malware 1.36
Database version: 2060
Windows 5.1.2600 Service Pack 3

4/30/2009 12:35:13 AM
mbam-log-2009-04-30 (00-35-13).txt

Scan type: Quick Scan
Objects scanned: 81403
Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 27
Registry Values Infected: 6
Registry Data Items Infected: 4
Folders Infected: 3
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\hidatiga.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74fa5d99-38cd-4e3e-b765-54fad4bda166} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{74fa5d99-38cd-4e3e-b765-54fad4bda166} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2a21e363-25d6-43c4-af76-d04b9681dc62} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5dd8cef7-e063-4f85-a8ef-394912af2a6f} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{26b0d0de-6465-493e-94de-9b8e0725c119} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1077480f-c8c5-41fb-a4ca-06ea44a3d318} (Rogue.SpyMaxx) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{74fa5d99-38cd-4e3e-b765-54fad4bda166} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Installer\Features\9ee2330ae5f4470cac801baac83818c9 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PostInstallC (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Live.com (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\185d76e8 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tohutuholo (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm1b6e4574 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\spamblockerutility 4.8.4 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) GOOD: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\SalesMonitor (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SalesMonitor\Data (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\804031 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\bewetera.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\areteweb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bupibojo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ojobipub.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dufisuzu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uzusifud.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hemunebu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ubenumeh.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hidatiga.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\agitadih.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dupakoti.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wetevija.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-329068152-1425521274-725345543-1003\Dc157.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1b6e4574.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM1b6e4574.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\31.tmp (Heuristics.Malware) -> Quarantined and deleted successfully.





HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:45:40 AM, on 4/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark 3400 Series\lxcymon.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\lxcycoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {76A57932-FEB7-4A37-BA5A-BFA2604ABC98} - (no file)
O2 - BHO: (no name) - {828E08CE-57E0-4D00-A1CC-386356B58291} - (no file)
O2 - BHO: (no name) - {A760146E-AC7F-4309-A168-F98DA3ADBA20} - C:\WINDOWS\system32\wvUoMeBR.dll (file missing)
O2 - BHO: (no name) - {A9066B31-F1DC-4F2F-8577-CCFEE9B96C90} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,[emailprotected]
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MESSENGER (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [tohutuholo] Rundll32.exe "C:\WINDOWS\system32\hewudado.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{88FA506C-D634-414B-9A10-55214C00488C}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{88FA506C-D634-414B-9A10-55214C00488C}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - FILTER hijack: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll C:\WINDOWS\system32\yuwuloya.dll c:\windows\system32\pagakeli.dll c:\windows\system32\voketana.dll c:\windows\system32\nukokezi.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: f - C:\WINDOWS\system32\icsxml\f.dll (file missing)
O20 - Winlogon Notify: xxyywvVN - xxyywvVN.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe

--
End of file - 8305 bytes







Thank you for your time. I know you are volunteers and your help is most appreciated!Wow, that's a scary amount of threats

Have you tried using different scanning software? Nod32 is one of the best, or maybe look into forking out the money for Trend Micro, a savvy investment.

I see alot of the threats were deleted/quarantined, are they all coming back or only a couple of them?

Some infections tend to hide themselves good enough to be able to fool scanning software and re-infect after a clean.I don't know if they're coming back yet. As I stated initially, I had only run an AVG and an Ad-Aware scan. I had actually run a Housecall scan the other week when the threat detections started, but that just seemed to make them mad

I just did all these scans, as per the "Read before posting" thread. So far I haven't had a threat detection or a popup, so it seems good. At least for now.Dionnejl,

Please WAIT for instructions from a malware specialist. I believe it will either be Evilfantasy or Broni. They will have a look at your logs when they are able and will guid you from there.

Did it. The quick scan found no malicious items.

While everything else seems to be back to normal - as in I can update Malwarebytes and AVG - the volume icon has disappeared from my TASKBAR. When I go to it manually I find that the pin to taskbar box is already checked. Restarting the computer doesn't help. Not only that but the volume doesn't completely work. My VAIO screen makes its normal sound when rebooting, but Windows does not. Windows Media player works, but NOTHING online (YOUTUBE etc...) does. I can watch, but no sound.

Everything in the Sounds and Audio box seems normal. Nothing is muted. This started last night.

What now?Right click 'My Computer' on the desktop and select Properties > Device Manager.

Right click the sound card driver and choose to Repair or Roll back. If neither of those work then choose Uninstall. Restart the computer and Windows will re-install it automatically.Under System Properties > Hardware > Device Manager the only thing close to sound card driver is Sound Video and Game CONTROLLER. When I click on this I get a bunch of options - the audio ones are legacy audio drivers, audio codex, and realtek high definition audio. Which one of these should I be focusing on?

When I right click the realtek high definition audio it does not give me the option to repair or roll back. My options are update, disable, scan for hardware changes, and uninstall.

Am I in the right place? Is realtek what I want?

Thank you!Is there a (+) that you can click to expand a list of more options?

Expand that and SEE if there are any yellow question marks. If not then use repair or roll back on each one If that doesn't work use the Uninstall option.No + sign or yellow question marks. I did try and rollback the items to no avail. However, a system restore cured my problems. Volume icon back in the system tray and sound is working for everything. Yay!

Thank you so much for everything!

Haven't had to use HJT at all yet, but will download it just in case, for possible future use. (your suggestions about downloading MBAM and SAS have proved invaluable, GOT me out of a few pickles)
Now for the silly QUESTION - When you have to use HJT, why do you need to rename the exe FILE to sniper?
ThanksThere is malware that can DETECT the hijackthis.exe and "hide" from it. Renaming it ensures this doesn't happen.Always been puzzling me that. Stands to reason when you know why!
Thanks very MUCH Evil.
Regards

Below are my logs i have so far

Logfile of TREND Micro HijackThis v2.0.2
Scan SAVED at 12:34:44 AM, on 5/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet EXPLORER v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\svcwinra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\resfilter32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTFMon] C:\WINDOWS\system32\CTF\ctfmon.exe
O4 - HKLM\..\Run: [tcrinit] C:\WINDOWS\svcwinra.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 2914 bytes
Malwarebytes' Anti-Malware 1.36
Database version: 2079
Windows 5.1.2600 Service Pack 3

5/5/2009 11:49:59 PM
mbam-log-2009-05-05 (23-49-59).txt

Scan type: Full Scan (C:\|)
Objects scanned: 120191
Time elapsed: 32 minute(s), 21 SECOND(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry VALUES Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a44b024a-ce32-4bda-0075-c799a4bff141} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\topi\Application Data\RegTool (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\Documents and Settings\topi\Application Data\RegTool\Logs (Rogue.RegTool) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\topi\Local Settings\Temp\5783.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\topi\Application Data\RegTool\Logs\2009-03-17 21-20-220.log (Rogue.RegTool) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E80Lr441.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\RegTool Scan.job (Rogue.RegTool) -> Quarantined and deleted successfully.
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/06/2009 at 01:01 AM

Application Version : 4.26.1002

Core Rules Database Version : 3877
Trace Rules Database Version: 1825

Scan type : Complete Scan
Total Scan Time : 00:41:22

Memory items scanned : 354
Memory threats detected : 2
Registry items scanned : 3541
Registry threats detected : 1
File items scanned : 28626
File threats detected : 22

Trojan.SVCWINRA
C:\WINDOWS\SVCWINRA.EXE
C:\WINDOWS\SVCWINRA.EXE
C:\WINDOWS\RESFILTER32.EXE
C:\WINDOWS\RESFILTER32.EXE
[tcrinit] C:\WINDOWS\SVCWINRA.EXE

Adware.Tracking Cookie
C:\Documents and Settings\topi\Cookies\[emailprotected][1].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][2].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][2].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][2].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][2].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][2].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][2].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][2].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][1].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][1].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][1].txt
C:\Documents and Settings\topi\Cookies\[emailprotected]dtech[1].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][1].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][2].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][2].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][2].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][1].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][1].txt
C:\Documents and Settings\topi\Cookies\[emailprotected][1].txt

Keylogger.Actual Spy
C:\WINDOWS\system\actualspystart.lnk

One more time.
Which AV is the very BEST for you.

Everybody has an onion.
I thought AVAST was the top or close..
So I fGoogle and get YAWATA. **
It did not make the top TEN!
http://anti-virus-software-review.toptenreviews.com

I insist on an explanation!

** (Yet Another Web with All The Answers. Or a city in Japan.)Well going by the title of the post I am sure you won't get an explanation that you are looking for. You are asking people which AV they think is best for them. This will vary on person and the reason they use their chosen AV.

On my work PC I have to use SYMANTEC so for as my company is concerned that is the best. On my home desktop and my wife's laptop we use Avast. I chose Avast simply because it was recommended on here and so far have had no reason to change.

Just keep in mind that if you were to run THREE different AV's on the same comp you might notice that each one will pick up something the others didn't. It is a lot like running three different spy-ware and mal-ware programs. They will pick up some of the same but can also pick up other items that the others missed.

As long as you pick a reputable AV and practice safe surfing you should be OK. Just find an AV that you are comfortable and STICK with it.

Just posted another issue and the reply I got was here. Did not know you had suggested SP3. I tried this once and had problems with it - there were some sites I could not get to work and they were related to my college work so that plus other issues I had caused me to uninstall it and stay away from it.

Should perhaps try again and then 'lean on you' for support when things go wrong?

I think there were some configuration issues I was told that caused the problems with SP3. What say you?

Although some minor issues were discovered upon the initial release of SP3 most issues caused by SP3 were due to malware and other software configurations that conflicted with the installation. Personally I'd always recommend keeping fully up-to-date with all software updates. It's ok to withhold upgrading when first released because often big updates like a service pack can have issues. However, there has been plenty of time for Microsoft to work out any of the bugs.OK good reasoning - will give it a try. I guess if worst comes to worst, can one uninstall SP3 going back to SP2? Or is that not an option?

I use my PC in my work and since the semester has just strted do not need any issues RIGHT at this time.SP3 can be uninstalled if necessary. I really wouldn't worry, though. There were a few issues when it first came out, but it seems to be smooth sailing now. It's generally a good idea to have the latest service packs, but if you're worried, you could just avoid it for now. Although it should be perfectly safe, SP3 isn't nearly as vital as SP2 was.When I have more time might give it a try as long as I know you are there to console the jittery nerves if I run into trouble Heh, whenever you're ready, we'll be here with cocoa and kittens.Rayyyyyyy when the water is right - will jump in so have that life saver ready Keep you posted.Just now got back to your post re SP3. I plan to do so but am waiting until I have a day when I can cope with what might ever happen. When I installed the SP3 in the past, it caused several problems about accessing some sites which I needed due to working on PC.

But have made several changes in PC configuration so will try SP3 again. Hopefully this week sometime. CBMatt has said if I have any problems he would stand by:)

Will attempt tomorrow re installation as I do not work that day. to CB Matt: You probably do not remember me but you gave me excellent help around my PC slowdown and further advocated I put on SP3. You also said if I needed further help re the SP3 to return here.

Have added SP2 without and reprocussions. However have two minor issues that I could use help with:

1 - PC has NOTABLY slowed down in all aread

2 - when I boot up and my desktop appears, I have to wait some period of time for the icons to appear.

Not big issues but would like some way to correct if possible.

Hope I am doing this correctly by posting the results of my Add/Remove screen here:

list of unknown programs from Add/Remove is lengthy as I am a novice re PCs and so do not recognize many of the programs so noted. Probably many are quite legitimate.

Programs not recognized, did not order, not sure I need
AGEIA PhysX v6.10.25
Apple Software Update
Dell Resource Disc (PC is a Dell and I have CDs for most all programs
Image Resizer Powertoy for Windows XP (can resize pictures, not sure is a non-infected program)
Intervideo Win DVD
Java™ 6 Update 11 (most things needing Java get message it has been disabled or needs Updating)
LUMIX Simple Viewer ( have great many pictures so not sure if this is needed; unaware of just what the program is)
MD easy and MD plus (do not know these two programs
AL Open AL – unknown
Sigma Tel Audio – believe it is my sound system

(am confused by all the adobe/acrobat programs installed – all necessary?)
Spelling dictionary for adobe reader 9
Acrobat. Com
Adobe Acrobat Reader 3.0
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1
ABBYY FineReader 6.0 Sprint
Adobe Photoshop Album Starter Edition 3.2

System Requirements Lab
UHS reader ver. 6.10
VDM Sound
Who Crashed 1.01
Windows Essentials Media Codec Pack 2.2b
Windows live OneCare SAFETY scanner
Windows Media Format 11 runtime
Windows Media Player (can never use, get message program has problem needs to close)
Windows Search 4.0
Windows Support Tools
Windows Vista Upgrade Advisor (need?)

These two programs will not uninstall
Goggle Earth
Logiteck Desktop Manager
Logitech Users Guide (no longer have Logitech mouse/keyboard)

Microsoft Intellitype PRO 5.3 (have MS Organomic Keyboard

MSW
MSW MUSIC Assistant
Many files denoting SP1 SP2 SP3

I too am experiencing this problem and I found this forum via a Google search. I dl'ed and installed Hijackthis and ran it, the log to follow. The problem I've been intermittently experiencing is multi pronged, I have ad-aware from Lavasoft installed but I can't dl new definitions. I have Symantic AV and it's been catching new viruses lately. I can't do a windows update, it takes me to a Google page that says it can't find the requested page. Any help would be greatly appreciated, and I'll never dl from torrent sites again.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:11:30 PM, on 5/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Citrix\GoToMyPC\G2ProcessFactory.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
e:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 72.249.104.161:9939
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.yahoo.com"); (C:\Documents and Settings\SAM\Application Data\Mozilla\Profiles\default\57evzlhb.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\SAM\Application Data\Mozilla\Profiles\default\57evzlhb.slt\prefs.js)
O1 - HOSTS: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-21-789336058-1767777339-725345543-1008\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Denise')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
O16 - DPF: {62415890-4985-0825-2508-23487C2A845F} (IPCamera Class) - http://sharxdemo.servehttp.com:3093/en/cab/ipcamera.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225050050596
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{04B2D947-1B31-48A0-9CB3-A74965ADE39A}: NameServer = 85.255.112.152,85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.152,85.255.112.158
O17 - HKLM\System\CS2\Services\Tcpip\..\{04B2D947-1B31-48A0-9CB3-A74965ADE39A}: NameServer = 85.255.112.152,85.255.112.158
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.152,85.255.112.158
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14314 bytes

I read the warning from Adobe on the link below. Do you have any advice other than disable JAVA in their program as they say? Is there a BETTER reader to USE please?
Link:
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.htmlDisabling JavaScript should do the job. I don't see why JS would be needed in a PDF anyway......Thanks for the reply. JS now disabled.
No problem.

You could also try Foxit Reader. Some people like it, but I have never TRIED it.

Panda introduces cloud-based free antivirus and although it's beta right now, it's going to stay free once RTM version RELEASES.

http://lifehacker.com/5234347/panda-cloud-antivirus-is-a-lightweight-always+updated-virus-killer - On-the-fly realtime antivirus for FREE... but is it better or going to be better than AVIRA or AVAST? After all, panda is a well known antivirus company and panda software seems to do well, but .... Now LET me get this.
If I have a cloud computer;
1. I do not need applications, thee are in the cloud.
2. I do not store date on my LOCAL machine, it is in the cloud.
3. My OS could be just embedded XP.
4. There is no place on my PC where a virus could live.
5. So they will not charge me anything...
for scanning a machine ...
that could not have anything!

Its my understanding that when using public hot spots (unsecured access points) are not safe because someone can monitor the traffic between your laptop and the access point.

What about making CREDIT card purchases using public hot spots? Most banks and online businesses, I think, use https (secure socket layer) for making connection to their sites so the info. is encrypted. If the access point that you are using is not secured, but you are using https when communicating with the host, is the traffic still encrypted?

Hppts should be the bare minimum of security on an unsecure network. If making a credit card purchace, I would make sure i had ccleaner installed and ready to go, my antivirus updated, and my firewall updated and set to block any unknown access form the network. So yes. It still can be unsecure.CCleaner would be useless in this case.

I would never perform TRANSACTIONS of any sort in a public hotspot. It's much too risky. You don't know who is watching.If the on-line merchant has a large operation then he would also have an 800 number that you could try. A credit Card purchase made that way may be easier to contest if something goes wrong.
Most of the problems I had were with making a purchase on the web rather that talking to a real person. For telephone orders I keep a tape recorder nearby and repeat information the sales person gives me. So I have a record I can go BACK to later. (I record just my side of the conversation, its LEGAL.)

Only order on-line
if it is something you just can not talk about!

Like Goat Photos. I'm innocent on this one....just to let ewe know.Quote from: Carbon Dudeoxide on April 30, 2009, 03:07:57 AM

I would never perform transactions of any sort in a public hotspot. It's much too risky. You don't know who is watching.

I have one Free SUPERAntiSpyware Professional EDITION Lifetime Key to give away.

If you are interested then visit my blog here: http://evilfantasy.wordpress.com/2009/04/28/free-superantispyware-pro-giveaway/

Even if you don't ENTER I could still use the Digg

Digg it hereIt's a short list so far. Need a few more at least.Thanks for SIGNING up.

Remember to read the instructions. You have to post your Digg USER name that you used or I don't know who you are. I have a few I'm unsure of and I can't enter you like that.Free SUPERAntiSpyware Pro Giveaway

Contest is over. Congratulations to Dr. Strangelove!

All free and very GOOD.

Remember only install ONE FIREWALL

1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
2) Online Armor
3) Sunbelt/Kerio
4) Agnitum
5) PC Tools Firewall Plusor if you have windows vista or higher, you got windows firewall, which seems to do just fine if you got a good antivirus, and one or two malware backup checkers and you use your good judgment to help save your computer from the bad stuff.

Greetings!
I just discovered this site trying to find an answer to a Windows XP problem. WOW! Lots of good stuff here!

I have a Dell Inspiron 530 thats a couple years old, running XP and Avast as the anti virus software.
Recently, Avast warned me a Trojan had been detected but not to worry ...just move it to the chest, which I did.
Now, UPON startup, after the desktop appears the ICONS in the system tray are missing and the POINTER becomes an hourglass when crossing onto the task bar. I am unable to click on ANYTHING including the start button.
I tried this Microsoft fix from the safe mode but it didn't change anything:

1. Right-click My Computer, and then click Manage.
2. Click Services and Applications.
3. Double-click Services.
4. In the Services list, right-click SSDP Discovery Service, and then click Properties.
5. On the General tab, in the Startup TYPE drop-down list, click Disabled.
6. Click OK.

Any help will be greatly appreciated!

Folkletic
Have you tried going to control panel to mouse settings and change pointer settings to default. It has worked at times.

Good LuckDo a system restore to a point prior to the problem starting in Safe Mode:

Start / Programs / Accessories / System Tools / System Restore / choose a restore point.

Alan <><

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:24 PM, on 5/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Documents and Settings\Eileen Goode\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\sniper.exe\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1239741793&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-US
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High DEFINITION Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Eileen Goode\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://www.boschappliances.com/laundry/viewpoint/model.html?noreloadredir
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} (Snapfish Outlook Import ActiveX Control) - http://www2.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190046237125
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.closetcad.net/cortona/cortvrml42.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - FILTER: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec EVENT Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PML Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Unknown OWNER - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/EILEEN~1/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg

--
End of file - 17155 bytes

Hi,
My computer is running xp sp2. With kapersky LABS virus protection.
Whenever I start up the machine is goes straight to 100% cpu usage even when no programs are running. The internet connection is also very intermittent and has only been this way since it GOT infected.
I have run normal virus scans with no help.
The file: Toolbar; .NET CLR 3.0.04506.30) also keeps appearing in my documents after restart, even after they have been deleted.
Posted below is the superantispyware log, then malware bytes log then HJT log is attached. If you can spot the virus/malware then please help. Thanks heap in advance...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/04/2009 at 05:00 AM

Application Version : 4.26.1002

Core Rules Database Version : 3875
Trace Rules Database Version: 1823

Scan type : Complete Scan
Total Scan Time : 06:36:13

Memory items scanned : 515
Memory threats detected : 0
REGISTRY items scanned : 4905
Registry threats detected : 0
File items scanned : 17990
File threats detected : 0


Malwarebytes' Anti-Malware 1.36
Database version: 2069
Windows 5.1.2600 Service Pack 3

5/4/2009 7:02:40 AM
mbam-log-2009-05-04 (07-02-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 102811
Time elapsed: 53 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The HJT txt file is attached


[attachment deleted by admin]Do you know what the .NET CLR is?

If not then why are you deleting it? http://en.wikipedia.org/wiki/.NET_Framework

O4 - HKLM\..\Run: [StopHid] StopHid.exe <- Do you know what this is?Evilfantasy,
Thanks for the reply. Point taken on .net files

No I dont really know what stophid.exe is. But I do know that it is a non esential file that can be infected...

So what to do next?

P.S. there is another application in the same folder called setform.exe about 500kb in size, I have no idea what it is and it dosent seem to have a ligitimate purpose there.

Thanks,
Scan with Panda ActiveScan 2.0

This scanner requires Internet Explorer

• Once you are on the Panda site click the Scan your PC now button
  
• A new window will open...click the Check Now button
  
• Enter your Country
  
• Enter your State/Province
  
• Enter your e-mail address and click send
  
• Select either Home User or Company
  
• Select the appropriate Yes or No to receiving marketing information
• Click the Free Online Scan button
  
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• When download is complete, click on My Computer to start the scan
  
• When the scan completes, if ANYTHING malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Hey,
Everyone, I Need Help
I Was Wondering Why My Uncels Computer Keeps Crashing,
I Am Like a Comp Geek To Them,
Cause They Dont Understand Comps Like
But Anyways,
I Have a Problem,
When i Start Up My Uncels CPU
Its a
Acer Aspire 3502LCi
Windows XP
1.00 GB

When I Logged On It Froze After About 10mins WELL It Was Being Extremely Laggy when i first Turned ON,
Its Full Battery,
Possible Virus
Blinking Red LIGHT,
Waited For It To Unfreeze About 1 Hour,
Didnt Unfreeze, ..
MOuse Wont Move At All After 10mins,
Cannot Turn Off By START>SHUTDOWN
I Have To Turn Off By The Power Button
Wont, Open Task Manager
It GOt Laggy After I Turned It On,
Also It Popped Up A Blue Screen
SAYING Check Disk C://
Its Because He Turns Off By The Button Though,
No AntiVirus,
I Had To Turn On The AntiVirus (Nub One)(Windows Virus Protection)
<removed>
But I Cant Even Install It Cause It Freezes Soo Fast,

Thanks,
For Reading
And PLEASE Help,

TorrentIt©



Do you hear the fan running.... has it been cleaned recently.....can you get into safe mode F8..... and see if it remains stable....if so then you can try run malware programs...memory MAY have to be reseated.

http://lifehacker.com/software/hardware-installation/laptop-troubleshooting-tip--re+seat-your-ram-250169.phpQuote from: Karnac on May 02, 2009, 11:11:07 AM

Do you hear the fan running.... has it been cleaned recently.....can you get into safe mode F8..... and see if it remains stable....if so then you can try run malware programs...memory may have to be reseated.

http://lifehacker.com/software/hardware-installation/laptop-troubleshooting-tip--re+seat-your-ram-250169.php

i can't run DDS as administrator, there is no option, I dragged it from my downloads to my desktop RIGHT clicked, and there were no optionsTry double clicking it.it says it doesn't support my operating systemi still need helpRight click DDS and rename it to DDS.com and then try running it.iono why but all my files seem to be WORKIN fine nwoAre you going to post the LOGS or not?i would if the program could run, i'm sorry, but it seems the problem has been fixed somehow. all my files seems to work and i'll have an update in a few daysit still says it can't run on my operating systemQuote from: slipknotthe9 on May 03, 2009, 03:51:47 PM

i would if the program could run, i'm sorry, but it seems the problem has been fixed somehow.

• Double click on RSIT.exe to run.
  
• Click Continue at the DISCLAIMER screen.
  
• Once it has finished, two logs will open.
• log.txt <will be maximized and info.txt <will be minimized
  
• Please post the contents of both logs in the next reply.

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet EXPLORER to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, SEE here

Check out Keeping Yourself Safe On The Web for tips and free tools to HELP keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.First, I downloaded IE 8 because it was an update from microsoft, but is there anyway to delete all the search providers as add-ons?
As for WOT, I already have it, but I'm not sure how much good it is doing for I don't really know how to USE it properly. I also have WinPatrol, but again, I don't know how to use much. When it asks if I want to allow something or not, sometimes I don't really know what the program is or whether or not to say yes. I usually say not just in case, but I'm worried that I need to allow the change or whatever but am not.
Other than that, it looks good. WOT http://www.mywot.com/en/support/main

You can probably just ninstall Winpatrol.

Removing Search Provider from IE8 see picture.



[attachment deleted by admin]IE won't let me delete the default, so there is going to always be one there, but I guess I'll just deal with it.

If you think everything is good now, should I delete the AFT-cleaner if I have Ccleaner? Is there anything else you feel I should do?

Thanks so much for all your help!!Yes you can delete the AFT-cleaner.

Just be careful...