Explore topic-wise InterviewSolutions in .

Hi There -

I am a computer beginner. I updated my anti-virus program to AVG 8.5 after getting repeated warnings that I would be unable to update it after 4/30 and I am regretting it.

I love to surf the web and my download speed for images is way too loooooooooooong now. It happened immediately after I did the upgrade so I am sure the two are related.

Can anyone tell me what might be WRONG? I turned off the AVG toolbar thinking that would help and I haven't noticed much change.

Thanks in advance for any help, LCyeah i`ve noticed that it slows everything down i haven`t figured it out yet it`s kind of lagging when i start up my PC it`s slowing down some of my programs when is starts to update the definitions and when it scans hopefully they will fix the bugs and stuff plus it has CRASH issues i took avg out because it slowed the pc down and took 2/3 hours to SCAN , and

installed avast free far better , harryNote that scanning speed depends on how many files are on your computer, hard disk size/used space, number of processes running, what you are doing at the time of the scan.

For example, normally, a scan may take an hour but if you are burning CDs during the scan, it will take much longer for the scan to complete.carbon i was only on here and it took hoursHow many files do you have? What are your computer specs?hm , a good question , dont know Haha, I see.well PLEASE tell me how to please do and i'll let you know Is it really that important?

Right Click My Computer and go to Properties / Start --> Run --> type DXDIAG and press Enter.

As for how many files you've got, go to Command Prompt and type dir C:\ /s
It may take quite a while, but it will tell you how many files and directories you have.its not really you asked me how many i had and i'm keen to find out how to do things at my age , i let you know soon , harry Heh, ok.As for how many files you've got, go to Command Prompt and type dir C:\ /s
It may take quite a while, but it will tell you how many files and directories you have.

went to start run for above would not work


pc specs below


[attachment deleted by admin]

Hey i bought my laptop about a year ago and upgraded to 4gigs of ram for GRAPHIC design.

but, recently ive been having some problem

Overall it runs way to slow for having 4 gigs of ram

Second thing is that the system tray started to randomly disapear . this just started recently



ANOTHER problem ive never really figured out is why my PHOTOSHOP loads extremly slow and FUNCTIONS extremly slow compared to other laptops with 4 gigs of ram .


i did download the version of photoshop i have on my computer though if that has anything to do with it .





any ideas or programs i should grab to get my computer back in shape?
Quote

i did download the version of photoshop i have on my computer though if that has anything to do with it .

i got this below when the scan finished was there something i should have ticked to be scanned

[attachment deleted by admin]Harry,

Some files are locked by your operating system, or they're password protected. In which case, avast cannot scan. Avast is just letting you know which files and then gives you a reason. By the looks of the image...it would seem these are all Archived files...correct?

Nothing to worry about, my friend.seem these are all Archived files...correct?

i do not have a clue , but thats ok i thought i had to tick a box to get the files scanned , harry

Those are Spybots quarantined files.

Edit: From here http://forums.spybot.info/showpost.php?p=251998&postcount=8

Each time Spybot removes/fixes items it puts them in a recovery file which is a compressed zip file. These zip file are encrypted/passworded so they are not able to be accessed by other programs as protection, and that is what your scan has told you, it can't access them, which is as it should be.

These are stored in: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip\sbRecovery.reg

At any time you wish you can clean these out. Open Spybot and click on the Recovery icon. Items which have been "fixed/removed" are shown with checkboxes next to them. Tick those you want to purge (remove completely) and click on the "Purge Selected items". Be careful not to click on recover selected items, or it will put them back into your system.

The above acts like a quarantine. When "fixed" the items are placed in the encryped zip files where they can't do any harm, and can be left there. If you find that has crippled something on your PC, or that they were removed as the result of a false positive, then they can be recovered, otherwise from time to time they can be purged or cleaned out.

Hope this helps for give me , but how can they be spybot when i have not got it in my pcYou had it at some point.about 2 years agoC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

Delete that folder.i took that out and another 7 rubbish folders out as well from a while back

i have a few of these around the pc ( below ) is there a program i can open them with to see what they are , but i would only take them out if they are rubbish

[attachment deleted by admin]You don't want to open them if they are quarantined.no sorry i took out spybot fisrt and then started a file clear out and then this one is the last one i no nothing about , if its rubbish i'll clear it out , it's not quarantined If you don't know what it is then don't delete it. I don't know what it is either.


File Extension .DT2 Details
Details for file extension .DT2 are on this page. Because there is no central registry for file extensions and their associated programs there may be multiple entries on this page. And, because there are many (some say over a million) such associations not all may be listed here.



Windows can't open .DT2 files?
If Windows is unable to open files with the extension .DT2 you may not have the appropriate program installed or, you may have registry errors. To help, we strongly recommend you run this free registry scan.

A search on the file extension you submitted shows 1 record(s). The details for each of these are shown below. The best FILExt can do for you is provide the details we know about. Selecting the information that applies to your particular situation is up to you. Use any hints provided. If the information here is not helpful, FILExt is sorry; but as a research site FILExt cannot provide personal support. If you need further information you might try the research tips on the FILExt Help Me page.

Extension: DT2
Program and/or Extension Function [What's This?] Company [What's This?]
DTED Level 2 National Geospatial-Intelligence Agency
Specific Notes [What's This?]
A data file of DTED (DIGITAL Terrain Elevation Data) is a cell defined by latitudes and longitudes of a geographic reference system. The terrain elevation information is expressed in meters. The locations of elevation posts are defined by the intersections of rows and columns within a matrix. The required matrix intervals, defined in terms of geographic ARC seconds, vary according to latitude. DT2 is generally 1 arcseconds.
Recommended: Find DT2 errors now.

MIME Type [What's This?] File Classification [What's This?] Associated Links [What's This?]
NONE

Identifying Characters [What's This?]
(None or UNKNOWN)

Program ID [What's This?]
(None or Unknown)
General Notes [What's This?]
(None)

This is record 18069 last modified on 2005-05-01 and created on 2005-05-01.
File extension DT2 description:
File extension used by Microsoft Live Messenger

".dt2" files are display pictures.

Like I said, if you don't know what it is then don't delete it.ok THANKS evil

hi

i've started running on a wireless system for the first time, and after a few trials and errors, i'v finally got it going...i think.

anyway, i'm having difficulty with the CPU running up to 100% every now and again, so i ran an SAS scan and a HijackThis scan. just wondering if someone can take a look and let me know if there's anything amiss.

SAS scan log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/02/2009 at 09:38 PM

Application Version : 4.0.1154

Core Rules Database Version : 3875
Trace Rules Database Version: 1823

Scan type : Complete Scan
Total Scan Time : 01:54:48

Memory items scanned : 371
Memory threats detected : 0
Registry items scanned : 5618
Registry threats detected : 1
File items scanned : 25311
File threats detected : 9

Adware.Tracking Cookie
C:\Documents and Settings\user\Cookies\[emailprotected][1].txt
C:\Documents and Settings\user\Cookies\[emailprotected][2].txt
C:\Documents and Settings\user\Cookies\[emailprotected][1].txt
C:\Documents and Settings\user\Cookies\[emailprotected][1].txt
C:\Documents and Settings\user\Cookies\[emailprotected][2].txt
C:\Documents and Settings\user\Cookies\[emailprotected][1].txt
C:\Documents and Settings\user\Cookies\[emailprotected][1].txt
C:\Documents and Settings\user\Cookies\[emailprotected][1].txt
C:\Documents and Settings\user\Cookies\[emailprotected][2].txt

Trojan.SVCHost/Fake
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe#Debugger [ "c:\windows\system32\uiakbacq.old" ]


Hijack This log:

Logfile of Trend MICRO HijackThis v2.0.2
Scan saved at 12.01.32, on 03/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot MODE: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alltheweb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SKYPE add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&SPORTA in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' MENUITEM: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4524 bytes


Thanks much

ok, thank you so much for your help!!! it's greatly appreciated!check the device manager. Does it display, next to the disk drive thing a yellow triangle with an exclamation point in it? When you click on the device properties, what does it say? an error or is thing okay?

http://support.microsoft.com/default.aspx?scid=314060 is a microsoft solution for non working CD/DVD DRIVES, but give it a shot anyway after you sure you have a good system restore point in place. I don't know if this will WORK for you because I'm not sitting at your computer.

Otherwise, try posting in the Windows forum.Quote from: mcxeb52! on November 10, 2008, 04:28:55 PM

check the device manager. Does it display, next to the disk drive thing a yellow triangle with an exclamation point in it? When you click on the device properties, what does it say? an error or is thing okay?

http://support.microsoft.com/default.aspx?scid=314060 is a microsoft solution for non working CD/DVD drives, but give it a shot anyway after you sure you have a good system restore point in place. I don't know if this will work for you because I'm not sitting at your computer.

Otherwise, try posting in the Windows forum.

I copied this from a previous post word for word because it is the same problem I'm having. Any help would be GREAT.
"Some odd behavior started on Oct 26th - for example:
IE started by itself and going to ad sites (not our home page).
Pop up error messages - "The application or DLL c:\Windows\System32\msansspc.dll is not a valid Windows image. Please check this against your installation disk." In the blue top border of the message box would be "KBD.EXE" or "Mantispm.exe" or "jusched.exe".
I googled the message text and found references to "getpack23" and searched for and found that on my system. Another website gave instructions for using msconfig to turn off getpack23 from startup. Meanwhile I also found "getmodule25" and stopped that from startup. I looked into add/remove software and found something called "icheck" that I uninstalled. I deleted the getpack23 and getmodule25 also. These 3 executables had creation dates of October 26th. (I deleted them when I found them over the past 2 days.)"
Thank you very much for any help anyone could give me.

[Saving space - attachment deleted by admin]Hello cthis.

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

- O3 - Toolbar: (no name) - {41C29B07-6F91-4966-91BE-2E2841643C83} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Download ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.

For Windows XP Systems install the Recovery Console:

- If you are using Windows XP and do not already have the Recovery Console installed, please ensure your Internet connection is active (if possible) and click Yes.
- If for some reason your Internet is not working click No.
- If you are not using Windows XP, you will not be prompted.
- When prompted to accept the EULA click OK.
- Accept Microsoft's EULA (Click Yes).
- When you are told that the RC is installed correctly click YES to continue scanning for malware.

When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That MAY cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.


Also let me know what problems still remain, if any.Hello Evilfantasy,

Thank you so much for your help, here is the log. One question, I've downloaded 5 antispy, malware and cleaner programs, is it necessary to keep all of these on my computer? Per your request I've got CCleaner, SuperAntispyware, Malwarebytes, sniper.com, and ComboFix. By the way, why was I told to change the name of Hijackthis to sniper?

[Saving space - attachment deleted by admin]Changing the name of Hijackthis to sniper helps to make some malware easier to find.

We will clean up everything that isn't needed when we are done. You will only be left with the tools from the malware removal GUIDE, which you will want to keep and scan with now and then.

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt2.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]:Processes
explorer.exe

:files
c:\windows\system32\CF31297.exe.vir
c:\windows\system32\CF30607.exe.vir

:Commands
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the RESULTS window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

Also let me know how everything is now.

Thanks again, I hope this works. Here is the new log.

[Saving space - attachment deleted by admin]

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.
.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.
.
----------

Download

• Under Main: Select Files to Delete choose: Select All.
  
• Click the Empty Selected button.
  
• If you use Firefox browser click Firefox at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would LIKE to keep your saved passwords click No at the prompt.
  
• If you use Opera browser click Opera at the top and choose: Select All
  
• Click the Empty Selected button.
  If you would like to keep your saved passwords click No at the prompt.
  
• Click Exit on the Main menu to close the program.

• Double-click OTCleanIt.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it yourself.

All I can say is that the XP Media Center CD is the same thing as XP Pro. They have the same files.I don't have another XP CD, but I was able to fix my control panel by:

Going to: Start > Run, and typing gpedit.msc

Then clicking on the left hand pane, under User Configuration, then clicking on Control Panel, and setting it to Not Configured.

I've done another virus scan, and it looks like I'm totally in the clear now! Thank you so so much, evilfantasy! You're a life saver!Set a NEW Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the FIRST screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

(not sure if RIGHT forum~~~~~~~~~~~~)
my compt is being wierd ... everyonce in a while, it keeps on "auto" tabbing... like what ever happens when you press tab, just done without me touching... and is very annoying im not sure if its a virus or its my keyboard, cuz i use a laptop with a wireless keyboard, the keyboard tab key functions while the laptop one doesnt everyonce in a while... especially on startup... or more li

i have a hijack log...




Logfile of Trend Micro HijackThis v2.0.2
Scan SAVED at 下午 08:09:56, on 2008/11/6
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\VirusScan\Mcshield.exe
C:\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ASUS\Asus MultiFrame\MultiFrame.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON STYLUS C79 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGP.EXE /FU "C:\WINDOWS\TEMP\E_S9C.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [ShStatEXE] "C:\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file MISSING)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O23 - Service: Atheros 設定服務 (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7867 bytes
I don't see anything as far as malware is concerned but the Ask Toolbar is considered spyware since it is usually installed without the users approval. You can uninstall it in Add/Remove Programs.

Also...

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa

• Unzip the file and open the JavaRa.exe
• Click Remove Older Versions
  
• JavaRa will search for and remove any outdated version of Java and remove any that are found.
• Click Additional Tasks
  
• Place a check next to Remove Useless JRE Files and click Go
  
• Exit JavaRa
  
• Delete the JavaRa files from the Desktop

I have searched extensively on this - no answers to be found. I did find a lot of other people having the same problem though! Lots of posts on the web with this issue but no solutions except for some that had the problem fixed by removing AVG free. That didn't work for me though. I can download files from anywhere with Opera just fine but with IE7 the file looks LIKE it's downloading but when it completes the file disappears. It's as though an anti-virus program is killing it or something. There is no error message. There used to be a bar at the top that you had to click on to download the files (same bar that warns about pop-ups) but this doesn't appear anymore. This is a relatively new HP laptop set up by Best Buy. I've gone through the malware removal stuff - it found some things and should be clean now just can't figure why it won't allow downloads. Any ideas?

Things I've tried recently:
Removed Norton AV
Reset IE7
Ran IE7 in no-addons mode
Downloaded and installed SP1
Right-clicked ie7 and ran as administrator
Deleted temporary Internet Files in IE
Installed and ran Adaware, Spybot, Malwarebytes, AVG free
Installed Hijack this and looked at log - seems ok but I'm no expert
Disabled UAC
Tried turning off protected mode
Disabled Windows Defender
Removed AVG free (saw that there are a lot of posts with this causing this problem)
Removed Spybot, Malwarebytes, and Adaware
Created new account with admin rights and logged into it - same problem
Changed security settings in IE7 to medium high
Tried enabling and disabling automatic prompt for download in security settings
I'm kinda running out of ideas :-)

Does this happen with all downloads?

You might as well post a HijackThis log for our Specialists to have a look at.Yes - all downloads. I like Opera but need IE for certain sites that use active x. Here's my hijackthis log:

And thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:54 AM, on 11/8/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
BOOT mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Vongo\Tray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AT&T\Communication Manager\ATTCM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [lightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O4 - Global Startup: Vongo Tray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: AT&T Con App Svc (CAATT) - PCTEL - C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GtDetectSc - OptionNV - C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision CORPORATION - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Vongo Service - Starz Entertainment Group LLC - C:\Program Files\Vongo\VongoService.exe
O23 - Service: XAudioService - Conexant SYSTEMS, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7673 bytes
All right. In the mean time, i'll move this to the Computer Virus and Spyware Section.

I know I have a trojan, things wrong with it, when i turn on pc i have to pick user account, NEVER did that before, plus my clock never stays the right time the minutes yes but never the hours.


here are the posts: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Malwarebytes' Anti-Malware 1.30
Database version: 1370
Windows 5.1.2600 Service Pack 2

11/6/2008 9:59:03 PM
mbam-log-2008-11-06 (21-59-03).txt

Scan type: Quick Scan
Objects scanned: 47865
Time elapsed: 17 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
REGISTRY KEYS Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/06/2008 at 09:14 PM

Application Version : 4.21.1004

Core Rules Database Version : 3622
Trace Rules Database Version: 1606

Scan type : Complete Scan
Total Scan Time : 00:40:36

Memory items scanned : 500
Memory threats detected : 0
Registry items scanned : 4224
Registry threats detected : 0
File items scanned : 11931
File threats detected : 75

Adware.Tracking Cookie
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][3].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][1].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt
C:\Documents and Settings\xxxx\Cookies\[emailprotected][2].txt

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:36 PM, on 11/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AirLink101\AWLL3025V2\ZDWlan.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
C:\Program Files\Final Draft 7\Final Draft.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search PAGE = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: IEEE 802.11g USB Wireless LAN Utility.lnk = C:\Program Files\AirLink101\AWLL3025V2\ZDWlan.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207948767812
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9530 bytes
This does not appear to be a malware issue. I suggest making a new topic in the Microsoft Windows forum so they can help you figure out what all is wrong.this is a computer store copy of windows,,,, with my last pc I had a store copy of windows I downloaded updates and it crashed my computer.

I have this trojan from a bad music file, it came on this one tim ewhen i was loading songs to my mp3 player. We can do a more thorough scan and find anything that might be there.

Run the Kaspersky Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

• Click on SCAN NOW
  
• Click Accept.
  
• The program will then begin downloading the latest DEFINITION files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
  
• The scan will take a while, so be patient and let it finish.

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

Any good FREE ONLINE scans for checking viruses etc.Combines 18 MAJOR anti viruses:
http://virusscan.jotti.org/

here is what i use sometimesKaspersky has an online SCANNER:
http://www.kaspersky.com/virusscanner

Hello

I had a serious PROBLEM with a Trojan that XOFTSPY SE was able to detect but unable to remove permenantly (every time the computer was RESTARTED the same infection appeared). I followed your step by step guide and the infection seems to have been fully removed at the 'Malwarebytes' Anti-Malware' step.

I'd like just to thank you guys very much as you REALLY have solved a major problem for me which no other software I came accross seemed to be able to do.
If you want us to make sure your computer is completely CLEAN and that there is nothing hiding in your computer, we can analyze your logs if you post them up.

In that case thanks for all your help! I just have two more queries. Sorry if I'm stretching this.

1.
FIRST - since activating Zone Alarm firewall I've received only four blocked intrusion attempts within 3 days. Most people I query about this seem to be getting 1k+ intrusion attempts per week. They say more blocked intrusions is better because it shows the firewall is working. Could my low count possibly mean ZA isn't successfully blocking these intrusions? Will I even be warned if someone gets through?

Another problem with this is that those 4 blocks are all from the same IP address. The address is 192.168.1.1:3074. Except for the 3074 PART its the same as my old router access IP. I'm now on a different router ending with digits '1.254'. Why am I being pinged from my old router address if I've now GOT a different router and LIVE on the opposite end of the country?

(there's also 2 intrusion attempts coming from Brisbane, Australia. I don't know anyone there.)

2.
The second problem is about my current IP address, which I mentioned above has changed suddenly. I'm familiar with dynamic IP but for a long time mine has had the same first two digits (within range) since the connection was established - I don't like fixed IPs so I actually made attempts to change my IP using online guides, but to no avail. Now all of a sudden I see my IP has changed to a significantly greater value without warning. I don't know if anyone else but me can see it but look at the IP address under my posts in this thread to see the difference. Why has this suddenly changed now of all times?
Depending on how much you are doing on the web and what all is running on the computer would determine the difference in attempts. It will be different for everyone.

Not sure on the IP. You might want to ask that in the Windows FORUM.

Starting yesterday, I GOT some weird audio streaming in the background when the Live Messenger is running. I checked in the task manager and there is no suspicious process running (maybe yes but I could not recognize). As soon as I quit Live Messenger, the audio streaming stops. The audio streaming is apparently from a Chinese source.

Attached is my Hijackthis log.

[Saving space - attachment deleted by admin]BTW, I have scanned my computer with AVG Anti-Virus, AVG Anti-Spyware, Malwarebytes' Anti-Malware and ThreatFire but NOTHING is found.Update Windows.

Update AVG 7.5 to AVG 8.0.

Should clear it up.Quote

Update Windows.

Update AVG 7.5 to AVG 8.0.

Update Windows.

Update AVG 7.5 to AVG 8.0.

Quote

Update AVG 7.5 to AVG 8.0.

I cannot upgrade to AVG 8.0.
I have posted about it before (check here) but no solution.

Here are my Log files for SuperAntiSpyware, Malwarebytes and hijack this

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2

04/11/2008 21:30:01
mbam-log-2008-11-04 (21-30-01).txt

Scan type: Quick Scan
Objects scanned: 44156
Time elapsed: 13 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry DATA Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:44, on 04/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1225049667890
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Image Converter video recording MONITOR for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe

--
End of file - 7628 bytes


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/04/2008 at 06:09 PM

Application Version : 4.21.1004

Core Rules Database Version : 3622
Trace Rules Database Version: 1606

Scan type : Complete Scan
Total Scan Time : 06:14:50

Memory items scanned : 396
Memory threats detected : 0
Registry items scanned : 4699
Registry threats detected : 0
File items scanned : 37598
File threats detected : 0
Quote

Can someone tell me if there is anything wrong.

It began yesterday, I was doing my thing on my computer and all the sudden my computer seemed to freeze and i noticed that a 6-point white star had appeared down in my Task bar by the clock. I put the mouse over it to see if i could see what it was but it wouldn't show anything, nor would it show anything else. its like the whole bar had frozen, i could not click on the start menu or any icons on my desktop. I Ctrl,Alt,Del and opened task manager and it instantly froze it up. The weird thing was i could still surf the web, it would;d let me use firefox if it was already open.
If i ctrl-alt-del and choose to switch users then signed back on to the same account it would unfreeze everything for about 10-15 sec to let me open or close things then it would repeat the freezing process. But a 2ND star would appear and so on 3rd 4Th or 5Th. I ran my anti virus program (avg pro) and it found a Trojan along with a few cookies. It fixed them but the problem still persisted. So i resorted to perform a "go-back" to 2 days before. it ran its thing and went back 2 days but the star still showed up. I can start in in safe mode and it will work fine, i left eh computer off all day and just booted it and the star did not show up. This is fine with me, but i want to know what the heck it was and how to make it never happen again.

System OS is Vista ultimate 64-bit.

Any help would be great.Is everything fine in Safe Mode?

If it does, go back to Normal Mode (Restart the computer) and do this:
Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Install it, Run it, and post a HijackThis Log.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:37 AM, on 11/4/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\Ash & Amanda\Program Files (x86)\DNA\btdna.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\AVG\AVG8\avgtray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\PremierOpinion\pmropn.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
c:\program files (x86)\premieropinion\pmropn.exe
C:\Windows\SysWOW64\netsh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~2\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Ash & Amanda\Program Files (x86)\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Adobe Media Player.lnk = C:\Program Files (x86)\Adobe Media Player\Adobe Media Player.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG8\avgpp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PremierOpinion - PremierOpinion - C:\Program Files (x86)\PremierOpinion\pmservice.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7755 bytesOkay, this is what i noticed. c:\program files (x86)\premieropinion\pmropn.exe Appeares twice. There was also 2 of those 6-point start in my task bar when i ran it. so i signed off and signed back on Ran HJT and it wasnt there. A few sec later the star showed back up i ran it again and c:\program files (x86)\premieropinion\pmropn.exe was there. I THINK it may have something to do with that, But why? and what is C:\Windows\SysWOW64\netsh.exe?Download Malwarebytes' Anti-Malware (MBAM)

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware

• Then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

• Double click on RSIT.exe to run.
  
• Click CONTINUE at the disclaimer screen.
  
• Once it has finished, two logs will open.
• log.txt <will be maximized and info.txt <will be minimized
  
• Please post the contents of both logs in the next reply.

My computer seems to be getting slower every few days. This doesn't seem to be normal. I'm not using up more SPACE on it. Also, now, a lot of websites arn't loading for me. Especially sites with flash apps on. Things like YAHOO answers, Youtube etc don't load. Game sites dont load at all. I have the latest versions of both Flash and Java. I was thinking this might be a virus? Could I post a HJT log? I know a lot of stuff but I don't understand them, so if someone could CHECK it out I'd be greatful.

I have AVG free and it hasn't picked anything up.
Go ahead and post the HIJACKTHIS Log and one of our Malware Specialists will have a look at it.

Hi,

This is my first post. I'm trying to help a friend/neighbour. A few evenings ago she brought her laptop to me saying she couldn't connect to the internet. She has XP installed on a seven(?)-year-old computer. After starting her computer, Windows said that it could find no program. She said that she had had one of some kind (she couldn't remember what) but now it was nowhere to be seen, at least not in the system tray.

I had the Kaspersky Virus Removal Tool on my USB stick and after running it (which took a couple of hours) it found 503 infections, mostly trojans. I got rid of those and ran Antirootkit, which found 5 infections. I noticed that she only had the Windows Firewall so before she tried connecting to the internet I installed the Comodo firewall. I also installed Avira and ran a scan, which found another 80 or so infections. I then left the computer with her for reasons too complicated to go into.

Two days later she was back because she still couldn't connect to the internet. Avira didn't seem to be loading either (or maybe she had uninstalled it in trying to find out what was wrong?). We decided to try restoring the system to an earlier configuration that might at least allow us to connect to the internet, even if the PC was still infected, but System Restore was unable to finish. I remembered then that one of the scans I had run had found several viruses in the restore points.

I was hoping that she had Dell PC Restore because her computer is a Dell, but it isn't installed on her computer and she has no idea where the CDs are (somewhere back in Australia, she says).

I put several software programs that I happened to have on my USB stick onto her computer and installed one or two of them. Several of them are a month or two old so maybe their virus signatures are a little out of date. I tried running HijackThis but it wouldn't load. It was the same story with several other monitoring programs (which I probably couldn't have read anyway. I'm still a relative beginner).

On startup a message would come up saying that RUND(something).dll couldn't start. I looked it up and found this was a virus. Looking in msconfig I found I it in the startup menu. There I also found yt8a, which also turned out to be a virus. It kept starting up, even when I disabled it and tried to delete it with msconfig CleanUp. It just wouldn't go away! Finally, by running a trial version of Norton 2009 antivirus in safemode I think I have managed to get rid of it. However, Norton later didn't want to start in normal mode. Of course, I'm not able to connect to the internet so can't update any of these programs and I'd rather not keep downloading programs to my USB stick and putting them on my friend's computer if it can be avoided. Even just plugging my USB stick into my friend's computer got me two infections (that Kaspersky was able to get rid of).

Finally after reading some threads on this site, I found that by changing HijackThis.exe to sniper.exe I might be able to run HijackThis. I did and ran a scan. I also ran SuperAntiSpyware as you suggested with the correct BOXES ticked and it found nothing. I then ran Malwarebytes. It found 121 infections. I re-scanned after reboot and the scan was clean. I then re-ran HijackThis because it seemed to have to be in that order. Before this I ran Ccleaner and ATFcleaner. Below are the SAS scan, the Malwarebytes scan and the HijackThis scan. Please help!

Sorry, too much info. I'm posting the logs in another message.SAS and HJT logs to the above message. MWB log is attached because too big:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/08/2008 at 04:16 AM

Application Version : 4.21.1004

Core Rules Database Version : 3555
Trace Rules Database Version: 1543

Scan type : Complete Scan
Total Scan Time : 01:12:28

Memory items scanned : 341
Memory threats detected : 0
Registry items scanned : 4318
Registry threats detected : 0
File items scanned : 44975
File threats detected : 0


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:09:37 PM, on 11/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DadApp] "C:\Program Files\Dell\AccessDirect\dadapp.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Digital Line Detect.lnk = ?
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: HBmhly.dll,HBASKTAO.dll Æ×ÄÊÀ‹ÁÉÉ kandawf.dll ÈÌ×ÒßËÑ‹ÁÉÉ ÝÖÌÖÆÊ‹ÁÉÉ ×ÀÝÉÏÀÍ‹ÁÉÉ docyanx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: gvlcgcko.dll - {D1CC9DC6-F0BC-40fc-9552-E497B05E05B8} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google UPDATER Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: is-9RETM - Kaspersky Lab - (no file)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 5136 bytes


[SAVING space - attachment deleted by admin]Hi,

If anyone was going to respond don't worry, I've now resolved it.Can you tell us what you did to resolve it? I would also post some clean scans and let the specialist here look at them just to be sure every thing is OK.
I have no idea what it was that finally did the trick. I disabled 'Restore points' and then re-enabled it so as to get rid of any viruses hiding there. I could see one virus on the HijackThis scan and deleted it directly from HijackThis. I wasn't sure if this was a great idea but my friend couldn't wait a whole weekend for better advice. At some stage the Windows warning showing that we had no antivirus software disappeared and Norton re-appeared in the systems tray. Suddenly we could connect to the internet again.

However, an hour later the Windows antivirus warning was back and Norton was no longer there. To be fair to Norton, I had installed it while not CONNECTED to the internet and while the computer was badly infected. It had warned me at the time that it wasn't PROPERLY installed but I ploughed on regardless.

I uninstalled Norton and installed Avira and a scan found the trojan that I had tried to delete from HijackThis:

AppInit_DLLs: HBmhly.dll,HBASKTAO.dll Æ×ÄÊÀ‹ÁÉÉ kandawf.dll ÈÌ×ÒßËÑ‹ÁÉÉ ÝÖÌÖÆÊ‹ÁÉÉ ×ÀÝÉÏÀÍ‹ÁÉÉ docyanx.dll

Different antimalware programs label it differently and I can't remember what Avira called it but other aliases are:

Infostealer.Gampass [Symantec]
Trojan-GameThief.Win32.OnLineGames.tqvt [Kaspersky Lab]
Mal/Dropper-O, Mal/Mdrop-B, Mal/Behav-214, Mal/Behav-106, Mal/Dropper-Y [Sophos]

Anyway, after a reboot, a scan that showed Avira had indeed managed to get rid of it and it hasn't reappeared since.

I have now installed Comodo firewall to replace the Windows firewall that clearly wasn't doing its job. I have also installed Sandboxie and changed the browser to Firefox (while keeping IE on there in case she needs it someday).

If somebody tells me which scans I'm supposed to run to make sure the computer is now really clean I will gladly run them, that is, if my friend gives me access to her computer again now that it safely back in her hands and 'apparently' virus free.

Just as a side issue, when I came to use my USB memory stick, which had been in and out of my friend's infected computer like...I don't know what, it kept asking me which program I wanted to open my E Drive with and none of the options would do. I simply couldn't access anything on my memory pen, despite the fact that Kaspersky scans, Malwarebytes scans and Spysweeper scans said it was clean. Finally I read the following article: (...Sorry. I'm at work and can't find the article. Will find it and post it when I get home).

This cured my USB memory problem.
Below is the link to the article that cleared my problem with my USB memory stick. Incidentally, my USB stick wouldn't open either when connected to my own computer, or to my friend's.

http://www.mydigitallife.info/2007/04/19/unable-to-open-hard-or-usb-flash-drive-with-windows-script-host-cannot-find-script-file-autorunvbs-error/As mroilfield asked me to post some scans, I have done so below. I have just run them. The first is HijackThis and the second Malwarebytes:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:59 PM, on 11/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Secunia\PSI (RC4)\psi.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DadApp] "C:\Program Files\Dell\AccessDirect\dadapp.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - Startup: Secunia PSI (RC4).lnk = C:\Program Files\Secunia\PSI (RC4)\psi.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe

--
End of file - 5577 bytes


Malwarebytes' Anti-Malware 1.30
Database version: 1379
Windows 5.1.2600 Service Pack 2

11/10/2008 9:43:44 PM
mbam-log-2008-11-10 (21-43-44).txt

Scan type: Quick Scan
Objects scanned: 46041
Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{3fdeb171-8f86-0004-0001-69b8db553683} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3fdeb171-8f86-0004-0001-69b8db553683} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Hi,

How do I get rid of this?: O20 - AppInit_DLLs:

...and is there anyone out there? I feel like I'm posting into the void.The Cross-Eyed Bear I'd suggest creating a new post and you'll want to also post your HiJackThis log.

Once again this AVG has STARTED blocking one of my software programs from running. The Resident Shield
keeps telling me that I have a Trojan & am infected. This program has been running fine for the last six
months or more. Even when I add it to the exceptions option, it still won't let it run. What can I do about
this? I finally thought I had AVG tweaked to my liking & now it is acting stupid again. The vendor of the
software is positive it is not an issue from their end & has basically told me to change my anti-virus choice.
Is this just me or are other people having the same problems with AVG?Report it to AVG.

http://freeforum.avg.com/what is the program that you are trying to run that is being blocked by AVG?

Also within the AVG, go to tools --> advanced settings --> resident shield --> exceptions and click add path and add your program's location to the AVG to prevent AVG from bugging you it's a trojan or something if you're sure that AVG has a false positive on your program.

And you should report it so it can get fixed by the AVG guys if you're sure AVG has made an error on your program.The program is Mmm+. It's a context menu editor that has never given me any trouble. Like I said in my first post...I have added it to the exceptions list in Resident Shield about twenty different times...then when AVG
runs the next day it does it all over again. As for reporting the error to AVG, I have yet to get anything in the
way of a response. I finally got fed up & uninstalled AVG & installed Avast. So far so GOOD. Besides the fact
that AVG bogged my SYSTEM down at startup & took over 3 hours to complete it's scan ...Avast does the scan
in about 45 MINUTES & isn't giving me a headache. AVG 7.5 never seemed to be so bloated or cause any
problems...maybe some day they will figure out the 8.0 version is over rated. Got rid of mine, nothing but problems.AVG 8 has no problem yet on my end.

i need haelp on knowing what the best anti virus is. i got windows live onecare and the trial has ended so its not updating and my parents wont but the full. i wanna kniw what the best free antivirus it can be a free editon asling as it updated its virus library.

p.s: please dont send mcaffe antivirus i aleady know that that one sucks, i should know i had an infecton and it WOULD not do anything but scan.

plesse send the download link

thanks for the help omg srry its"reserch on antivirusissrry i was asleep when posting thisok heres it remade so you can understand

ok IM doing reserch on what antivirus is the best out there. i have windows live one care and the 90day free trial has ended so im looking for an antivirus that it would be free but still updates.

to make shore whats the best antivirus?
I have a all-in anti-virus, but i've read that most people USE AVG Anti-virus which can be found here http://free.avg.com/

I'm not sure if this is the right spot, or even if I'm asking my question right. I did a search but didn't find any posts referring to these data mining sites.

something called "secure-us.imrworldwide.com" is constantly transferring data from my PC when I go to a free stock chart site using Mozilla browser. It appears at the foot of my screen, and slows down my browser on that site.

When I go to the site in IE, I don't notice anything telling me it's doing it thru IE browser.

From a google search, some have ID'd it as connected to redsherrif.com, e.g., http://kalsey.com/2002/11/java_spyware/

I'm not a programmer and can't figure out how to "replaced their Java class file (measure.class) with a blank file and set it to read-only" LIKE this blogger suggests.

I use AVG 8.0 (free virus/spyware software). I also periodically use the free AdAware to check for spyware/etc., but it's not running in the background.

I went into my Mozilla "options" menu and tried to put both these companies in the cookies "exception" file to block them both (secure-us.imrworldwide.com and redsherrif.com) but it doesn't affect it.



Is there a way to block these sites and keep them from constantly transferring data?
Or is it just one of those annoyances we have to put up w/?

i fear they are stealing my SOUL? ;-)

Besides the software mentioned above, my hardware is:

Dell Dimension 3000 – Desktop/Tower model
Processor Speed 2.34 GHz
512 MB RAM
Microsoft Windows XP Home Edition
Also I have service pack 3 installed recently
Let's get a look at a HJT log and see what we can find in it.

Download and rename TrendMicro HijackThis.exe (HJT)

• Double-click on HJTInstall.
• Click on the INSTALL button.
  
• It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  
• Upon install, HijackThis should open for you.

• Close HijackThis and rename it.
  
• Go to C:\Program Files\Trend Micro\HijackThis.exe
  
• Right click on HijackThis.exe and select Rename.
  
• Type in sniper.exe and press Enter.
  
• Right-click on sniper.exe and select Send To > Desktop (create shortcut)

• From the desktop open Hijackthis.
• If using Windows Vista, Right-click and Run As Administrator.
  
• Click on the Do a system scan and save a log file button
  
• Hijackthis will scan and then a log will open in notepad.
• Copy and then PASTE the entire contents of the log in your post.
  
• Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Almost there.

Download

• Save it to your desktop.

• Double-click OTMoveIt2.exe to run it.
  
• Copy the lines in the codebox below.

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) and paste it in your next reply.
  
• Close OTMoveIt2

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean RESTORE Point.

• GO to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

hello, recently i was under a virus attack, after fending it off and scanning it, i disconnected all my network connections. then after running another scan, a screensaver would show up every once in a while. it was a bunch of bugs, eating up the desktop, at the move of my mouse it would dissapear. it acts like a screen saver, but under my desktop settings no screensaver is set, and i have no recollection of ever installing said screensaver.

any help would be appreciated thank youwhat windows version are you using?

And if XP or vista, try system restore....Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be CREATED on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.Quote from: mcxeb52! on April 27, 2008, 07:56:25 PM

what windows version are you using?

And if XP or vista, try system restore....

Quote from: mcxeb52! on April 27, 2008, 07:56:25 PM

what windows version are you using?

And if XP or vista, try system restore....

im using XP pro
i tried system restore, but it has been turned off and there is no restore point to before my little brother downloaded the game, and the virus attack started

Win XP Home SP.3 AVG ZoneAlarm all updated.

One of my Hotmail accounts has been compromised on 17/18.9.2011 and an e-mail sent to all my contacts, 253 of them. My pc was not connected to the Internet (dial-up) or even powered up at the times at which at least some of the e-mails were sent.

Is there anything I can do to RECOVER.

Hacking of Hotmail seems to be a regular occurrence and changing the account login password is the recommended "cure" ENSURING the new password contains alpha and NUMERIC chars plus at least one special character.

Phew!!!Quote from: T.C. on September 20, 2011, 01:57:33 PM

Hacking of Hotmail seems to be a regular occurrence

'relevant knowledge is back' after switching up Linksys for D-Link it seems to have gotten thru SuperDave HELPWhat is the PROBLEM with relevant knowledge?it's back, when we did all that work it went away, it's messing with IE again. We didn't remove all the LOGS off my desktop from our last session. Someone asked me if you gave me a clean bill of HEALTH and i didn't think so. I switched ROUTERS and it may have gotten in. I know it's here because it sends me emails to do surveys. You can download MailWasher here. You can use that to preview your email and delete any spam sent your way.

Quote

Someone asked me if you gave me a clean bill of health and i didn't think so

I ran the program and everything i found was successively Fixed. The Laptop works better and the original problem hasn't show its self again so ill put that in the "WINNING" categorie.

Thanks SuperDavePlease run this scan then we can do some cleanup

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

if i have the standard windows firewall, will a 3rd party firewall interfere with the original windows firewall?

I scanned again with malwarebytes malware thing and this is what I got:

Code: [Select]Malwarebytes' Anti-Malware 1.23
Database version: 1002
Windows 5.1.2600 Service Pack 2

11:51:10 AM 30/07/2008
mbam-log-7-30-2008 (11-51-10).txt

Scan type: Quick Scan
Objects scanned: 40744
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
That was the quick scan. I am now startign a complete scan. Will post log in a bit...........Also, antivir keeps popping up saying I have trojans and stuff, so I move to quarantine. But Idk why it keeps popping up......Post a fresh HJT log.Alright, I've attatched a fresh HJT log and an events log from antivir.

[recovering disk space -- attachment deleted by admin]The events log looks like this Code: [Select]Exported events:
਍ഀഀ
30/07/2008 12:50 [Guard] Malware found
਍      嘀椀爀甀猀 漀爀 甀渀眀愀渀琀攀搀 瀀爀漀最爀愀洀 ✀吀刀⼀䈀䠀伀⸀昀戀礀⸀㌀ 嬀琀爀漀樀愀渀崀✀ഀഀ
detected in file 'C:\System Volume
਍      䤀渀昀漀爀洀愀琀椀漀渀尀开爀攀猀琀漀爀攀笀䈀䐀㌀㠀㜀䐀㈀䌀ⴀ䘀䈀䈀㠀ⴀ㐀㌀㄀䄀ⴀ䄀㌀㄀䐀ⴀ　䌀䔀䔀㔀㜀㌀㜀㤀䔀㤀㄀紀尀刀倀㐀　尀䄀　　㄀㔀㈀　㜀⸀攀砀攀⸀ഀഀ
Action performed: Move file to quarantine
਍ഀഀ
30/07/2008 12:49 [Guard] Malware found
਍      嘀椀爀甀猀 漀爀 甀渀眀愀渀琀攀搀 瀀爀漀最爀愀洀 ✀吀刀⼀䈀䠀伀⸀昀戀礀⸀㌀ 嬀琀爀漀樀愀渀崀✀ഀഀ
detected in file 'C:\System Volume
਍      䤀渀昀漀爀洀愀琀椀漀渀尀开爀攀猀琀漀爀攀笀䈀䐀㌀㠀㜀䐀㈀䌀ⴀ䘀䈀䈀㠀ⴀ㐀㌀㄀䄀ⴀ䄀㌀㄀䐀ⴀ　䌀䔀䔀㔀㜀㌀㜀㤀䔀㤀㄀紀尀䘀椀昀漀攀搀尀䄀　　㄀㐀㔀　　⸀搀氀氀⸀ഀഀ
Action performed: Move file to quarantine
਍ഀഀ
30/07/2008 12:49 [Guard] Malware found
਍      嘀椀爀甀猀 漀爀 甀渀眀愀渀琀攀搀 瀀爀漀最爀愀洀 ✀吀刀⼀䈀䠀伀⸀昀戀礀⸀㌀ 嬀琀爀漀樀愀渀崀✀ഀഀ
detected in file 'C:\System Volume
਍      䤀渀昀漀爀洀愀琀椀漀渀尀开爀攀猀琀漀爀攀笀䈀䐀㌀㠀㜀䐀㈀䌀ⴀ䘀䈀䈀㠀ⴀ㐀㌀㄀䄀ⴀ䄀㌀㄀䐀ⴀ　䌀䔀䔀㔀㜀㌀㜀㤀䔀㤀㄀紀尀䘀椀昀漀攀搀尀䄀　　㄀㐀㐀㤀㤀⸀搀氀氀⸀ഀഀ
Action performed: Move file to quarantine
਍ഀഀ
30/07/2008 12:49 [Guard] Malware found
਍      嘀椀爀甀猀 漀爀 甀渀眀愀渀琀攀搀 瀀爀漀最爀愀洀 ✀吀刀⼀䄀最攀渀琀⸀㈀㐀㠀㠀㌀㈀　 嬀琀爀漀樀愀渀崀✀ഀഀ
detected in file 'C:\System VThats wierd?!?!? Well, here's waht it looks like to me...

Code: [Select]Exported events:

30/07/2008 12:50 [Guard] Malware found
Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
detected in file 'C:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP40\A0015207.exe.
Action performed: Move file to quarantine

30/07/2008 12:49 [Guard] Malware found
Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
detected in file 'C:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014500.dll.
Action performed: Move file to quarantine

30/07/2008 12:49 [Guard] Malware found
Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
detected in file 'C:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014499.dll.
Action performed: Move file to quarantine

30/07/2008 12:49 [Guard] Malware found
Virus or unwanted program 'TR/Agent.2488320 [trojan]'
detected in file 'C:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014497.EXE.
Action performed: Move file to quarantine

30/07/2008 12:21 [Guard] Malware found
Virus or unwanted program 'TR/Agent.2488320 [trojan]'
detected in file 'C:\Documents and Settings\User\My Documents\CE\VE5
1032\VE5_Alter_1032.EXE.
Action performed: Move file to quarantine

30/07/2008 12:20 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.16384.D [trojan]'
detected in file 'C:\Documents and Settings\User\My Documents\CE\VE5
1032\systemcallsignal.exe.
Action performed: Move file to quarantine

30/07/2008 10:45 [Guard] Malware found
Virus or unwanted program 'EXP/CVE-2006-4534 [exploit]'
detected in file 'C:\Documents and Settings\User\My Documents\~WRD2525.tmp.
Action performed: Move file to quarantine

30/07/2008 10:18 [Guard] Malware found
Virus or unwanted program 'TR/Hook.Q [trojan]'
detected in file 'C:\Documents and Settings\User\My Documents\DxWND\dxwnd.dll.
Action performed: Move file to quarantine

30/07/2008 10:03 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.SecondTh.HA [trojan]'
detected in file 'E:\WINDOWS\system32\lwr_bbi6008.exe.
Action performed: Move file to quarantine

30/07/2008 9:31 [Guard] Malware found
Virus or unwanted program 'TR/Hook.Q [trojan]'
detected in file 'H:\Program Files\Maplestory\dxwnd.dll.
Action performed: Move file to quarantine

30/07/2008 9:31 [Guard] Malware found
Virus or unwanted program 'TR/Agent.5599232.Y [trojan]'
detected in file 'H:\Program Files\Maplestory\dagonMS-2.exe.
Action performed: Move file to quarantine

30/07/2008 9:29 [Guard] Malware found
Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
detected in file 'H:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP40\A0015356.exe.
Action performed: Move file to quarantine

30/07/2008 9:28 [Guard] Malware found
Virus or unwanted program 'TR/Mapler.AW [trojan]'
detected in file 'H:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP17\A0001526.exe.
Action performed: Move file to quarantine

30/07/2008 9:28 [Guard] Malware found
Virus or unwanted program 'DR/PSW.Mapler.AK.4 [dropper]'
detected in file 'H:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP17\A0001522.exe.
Action performed: Move file to quarantine

30/07/2008 9:27 [Guard] Malware found
Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
detected in file 'H:\Downloads\c-setup.exe.
Action performed: Move file to quarantine

30/07/2008 9:25 [Guard] Malware found
Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
detected in file
'C:\RECYCLER\S-1-5-21-1445563323-3637782785-1872043566-1004\Dc38.exe.
Action performed: Move file to quarantine

30/07/2008 9:25 [Guard] Malware found
Virus or unwanted program 'TR/Dldr.16384.D [trojan]'
detected in file 'C:\System Volume
Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014495.exe.
Action performed: Move file to quarantine

30/07/2008 8:28 [Guard] Service started
Service started.
Version of service: 8.0.1.26
Version of Engine: 8.1.1.12
Version of VDF: 7.0.5.193

30/07/2008 8:27 [Scheduler] Service started
The service was started.
Version of service 8.0.0.16

30/07/2008 8:26 [Guard] Service stopped
Service stopped.

30/07/2008 8:25 [Scheduler] Service stopped
The service was stopped.

30/07/2008 8:13 [Scanner] Scan
Scan ended [The scan has been done completely.].
Number of files: 5193
Number of folders: 225
Number of malware: 2
Number of errors: 0

30/07/2008 8:09 [Scanner] Malware found
The file 'C:\WINDOWS\system32\hombho.dll'
contained a virus or unwanted program 'TR/BHO.fby.3' [trojan]
Action(s) taken:
The file was moved to '48fd84a2.qua'!

30/07/2008 8:09 [Scanner] Malware found
The file 'C:\WINDOWS\system32\domie.dll'
contained a virus or unwanted program 'TR/BHO.fby.3' [trojan]
Action(s) taken:
The file was moved to '48fd8497.qua'!

30/07/2008 8:03 [Updater] Update successfully COMPLETED
Update of AVIRA AntiVir Personal - Free Antivirus performed via server
http://dl9.freeav.net.
The update was completed successfully on 7/30/2008 8:03.

30/07/2008 8:03 [Guard] Reload engine.
The Engine was reloaded.
Engine Version: 8.01.01.12
VDF Version: 7.00.05.193

30/07/2008 8:01 [Scheduler] JOB started
The job "Immediate Update"
was started successfully.

30/07/2008 8:01 [Guard] Service started
Service started.
Version of service: 8.0.1.26
Version of Engine: 8.1.1.6
Version of VDF: 7.0.5.23

30/07/2008 8:01 [Scheduler] Service started
The service was started.
Version of service 8.0.0.16
Everything was moved to quarantine right?

If so then everything is OK.Yes, it supposedly was, so should I just keep quarantining if they pop up again?? BTW, Thank you so much for all your help. I'll just complete mbam scan, thenpost log. All I have to do after hthat is defrag my EXTERNAL hard drive, then create my final restore point. Any final things I should do?SOUNDS like you have everything covered. Just be careful online and watch what you download.Ok, thanksAlright, heres the mbam log looks alright to me:
Code: [Select]Malwarebytes' Anti-Malware 1.23
Database version: 1002
Windows 5.1.2600 Service Pack 2

3:13:02 PM 30/07/2008
mbam-log-7-30-2008 (15-13-02).txt

Scan type: Full Scan (C:\|E:\|F:\|H:\|)
Objects scanned: 205633
Time elapsed: 2 hour(s), 32 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\User\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP40\A0015207.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:\Downloads\psp_video_express.exe (Adware.Agent) -> Quarantined and deleted successfully.
Now that you have a good antivirus in place that is up to date you should be in good shape.Alright, thanks for all you help-you helped me a thousand times more than the guy who I payed 180 dollars to fix my computer last time!!

-Thanks a million! No problem.

Heeyy!! guess you probably know there is another question. I use facebook and got a POST that SAYS that any person can get hack on facebook if any person that you have on your profile has that hacker on their list of friends so you I mean anyone can get hack by the hacker. Is in spanish so I wont post it UNLESS you know spanish or if you anyway!!! here what the hacker does I mean thats what the post I received says: Do not accept this person Luisa Ledezma or something it doest not matter what she does is that she formats your PC and then stoles your info and get your password from your mail. For me totally sounds way to risky for a hacker to be that dumb so I just want feedback. If you didnt understand or will like more info I can say I post a reply to get exactly what happens. oohh!! Thanks for replying and just letting you know I GAVE up Ill just watch movies at the TV is good that the board does not allow to talk about it. I learn that watching those things on the web is just really BAD and can get anyone in a lot of trouble. Unfortunately, I don't know much about Facebook, but I'm sure, others do, so you may start new topic on this.Great!!! I will!!! but first Ill try to get more info see ya soon No problem Find out; more,about activex,

I see. No hurries Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:54 PM, on 7/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: INTERNET Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Ideazon\ZEngine\Zboard.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Zboard] C:\Program Files\Ideazon\ZEngine\Zboard.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - GLOBAL Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: TrayMin200.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll,avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\DRIVER\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5251 bytes
Everything looks fine, just one empty entry to fix.

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

Everything seem OK?Quote from: evilfantasy on July 29, 2008, 04:02:27 PM

Everything looks fine, just one empty entry to fix.

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

Everything seem OK?

I downloaded Avira fee edition, And every once In a while i get An ad that comes up that tries to get you to UPGRADE there PRODUCT. I like the ANTI virus and may upgrade soon, but In the mean time is there a way to stop that ad from popping up?Nope. thats the only bad thing about the FREE version.

If at all possible, could someone check over my highjack this log for me? I'll be online for the next HOUR or so.. but then I have to go to bed.. Got an early start.

Oh! I've run a new scan, a Superantispyware scan. Did the full one, and it found more stuff and removed it. I'll post the log in a new post since I doubt it'd fit in here, what with all my rambling and stuff.

So yeah. Any help in the next hour would be very much appreciated. (No pressure! Teehee)
DrubySUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/17/2008 at 11:00 PM

Application Version : 4.15.1000

Core Rules Database Version : 3505
Trace Rules Database Version: 1496

Scan type : Complete Scan
Total Scan Time : 02:42:37

Memory items scanned : 359
Memory threats detected : 0
Registry items scanned : 7509
Registry threats detected : 0
File items scanned : 161164
File threats detected : 8

Trojan.Unclassified-Packed/Suspicious
C:\PROGRAM FILES\ACE MEGA CODECS PACK2\UTILITIES\ABCAVI TAG EDITOR\ABCAVIIT.DLL
C:\PROGRAM FILES\ACE MEGA CODECS PACK2\UTILITIES\AVI CODECS\ABCAVI TAG EDITOR\ABCAVIIT.DLL

BearShare File Sharing Client
C:\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE

Adware.Vundo-Variant/J
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51EDC5F3-5074-48E2-B4E0-12F6A3B9A034}\RP908\A0187407.DLL

Trojan.Net-MSV/VPS-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51EDC5F3-5074-48E2-B4E0-12F6A3B9A034}\RP908\A0187408.DLL

Trojan.Unclassified/GTS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51EDC5F3-5074-48E2-B4E0-12F6A3B9A034}\RP908\A0187417.DLL

Adware.EZSearching
C:\SYSTEM VOLUME INFORMATION\_RESTORE{51EDC5F3-5074-48E2-B4E0-12F6A3B9A034}\RP908\A0187418.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\MCRH.TMP


Okay, so it was a LOT shorter than the last one I did. >_>'''Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:30:00, on 17/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\sysinteg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
K:\!!C Drive\New Folder\New Folder\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
K:\!!C Drive\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://oasiz.net/chat
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BTAgile] C:\Program Files\BT Broadband Talk Softphone\BTAgile.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Orb] C:\Program Files\Winamp Remote\bin\OrbTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] K:\!!C Drive\New Folder\New Folder\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [VerifyWinLoad] C:\WINDOWS\Winloadchk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ChatSpace Full Java Client 4.0.0.320 - http://63.102.226.240:8000/Java/cfs40320.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4961235A-AC4D-4EC1-99D2-56F3E8F4C843} (ECHATCONTROL100.installframe) - https://www.echat.net.au/files/ECHATWEBCHAT100.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN PHOTO Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161980467345
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161980458751
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire SHOWDOWN Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - PROTOCOL: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - K:\!!C Drive\New Folder\New Folder\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc LABELING Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 10866 bytes
Very good
I'll take a look.*** You need to update Java:
http://java.sun.com/javase/downloads/index.jsp
Java Runtime Environment (JRE) 6 Update 7
Uninstall all previous versions of Java through Add\Remove.

*** Download, and run CTFMON-Remover: http://www.gerhard-schlager.at/en/projects/ctfmonremover/
The CTFMON-Remover helps you removing the annoying CTFMON.EXE from your Windows operating system. The program is easy to use and displays whether the CTFMON.EXE is installed and running or not. If it was found then you can remove it within seconds. Just in case that you need the CTFMON sometime in the future there is also an option to restore the original one.
Note:The CTFMON.EXE is among other things responsible for changing the language schema of your keyboard (e.g. for switching between the German and English keyboard layout). So in case you are using this feature you shouldn't remove or disable the CTFMON.EXE!

*** Disable Windows Defender, as it'll interfere with cleaning process:
* Open Windows Defender
* Click Tools
* Click General Settings
* Scroll down to Real Time Protection Options
* Uncheck Turn on Real Time Protection
* After you uncheck this, click on the Save button
* Close Windows Defender

*** Upload vsnp2uvc.exe, and sysinteg.exe, located in C:\Windows to http://www.virustotal.com/ for security check.

1. Print this post out, since you won't have an access to it, at some point.

2. Close all windows, except for HijackThis.

3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases [marked with *], no actual program will be removed):

- O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
- *O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
- *O4 - HKCU\..\Run: [SUPERAntiSpyware] K:\!!C Drive\New Folder\New Folder\SUPERAntiSpyware.exe
- *O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
- O4 - HKLM\..\Policies\Explorer\Run: [VerifyWinLoad] C:\WINDOWS\Winloadchk.exe
- *O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
- *O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
- O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present (to be fixed if not done intentionally)
- *O20 - Winlogon Notify: !SASWinLogon - K:\!!C Drive\New Folder\New Folder\SASWINLO.dll

4. Click on Fix checked button.

5. Restart computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears)

6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

7. Delete following files/folders (if present):

- ALCXMNTR.EXE, Winloadchk.exe files from C:\WINDOWS

8. Restart in Normal Mode.

9. Post new HijackThis log, and report from Virustotal.

I own an HP Pavillion desktop that my sisters-in-law got a virus on when i let them borrow it, and it crashed the computer. Now I am trying to figure out how in the heck to wipe the hard drive clean and re-install Windows XP professional so that I can have a system up and running at my house, because I work at home. Best buy geek squad WANTS to charge me an arm and a leg and for the price they quoted me i could go buy a new desktop, but i am not MADE of money unfortunately and either have to suffer GOING ten miles to my parents house or get this thing fixed. Help!You could do a system restore which if anything was added when this happen it WOULD be gone, yeah they usually do cause they try an seem like there better.I cannot even get the start screen to come up when I turn on the computer. I have tried going into the dos system, but I am not that computer literate, I just did what I was told by a friend of mine. He said to load the start up disk for XP professional and start the computer and then it should prompt me, but nothing comes up but a blank screen.Check your cds there should be one. If nothing else try an get a boot disk for your operating system but you need a floppy drive + floppies.1. you can try booting into safe mode, once you are in safe mode I would turn off system restore as the virus could be in the restore points as well once that is done you can run your anti virus and see if you can remove it. Once done with this step reboot your computer and turn system restore back on.

2. If you have your XP CD then you can boot into the XP CD and reformat the hard drive. The link below will give you step by step instructions.

http://www.windowsreinstall.com/winxppro/installxpcdoldhdd/indexfullpage.htm

Hello CH and Thanks ahead of time for your help and advice!

Yesterday was my fathers birthday (66th) and he received a card from a friend that he couldn't open without installing mywebsearch toolbar... or so he say's. My folks are usually pretty diligent in getting ahold of me to see if it is ok or get my advice to install applications from internet, but not this time?
anyhow long story short I got on their comp tried to do a restore, to a point before mywebsearch and the comp said unsuccessful restore and no changes had been made so I went to add/remove programs and uninstalled mywebsearch (which I know doesn't uninstall everything and leaves all sorts of traces) they also wanted norton 360 uninstalled . I went and got norton removal tool and removed norton 360. I then installed latest free avg & windows defender on here, plus turned on windows firewall.

I know there is always tracks left behind on uninstalls so just to be sure I take my folks back a clean comp and maybe get the restore to work again, I would appreciate someone to take a look at logs for me and let me know if their is anything else I need to do? I have all the logs for you and followed your guidelines first so as not to waste your time. I didn't do the ccleaner until after I did superantispyware. so am sorry for all the cookies it found. all info is below so thank you again!

comp info:
80gig hardrive
340 Intel celeron D processor
OS NameMicrosoft Windows XP Home Edition
Version5.1.2600 Service Pack 2 Build 2600
OS ManufacturerMicrosoft Corporation
System ManufacturerCompaq Presario 061
System ModelPS569AA-ABA SR1420NX NA520
System TypeX86-based PC
Processorx86 Family 15 Model 4 Stepping 1 GenuineIntel ~2933 Mhz
BIOS Version/DatePhoenix Technologies, LTD 3.04, 1/26/2005
SMBIOS Version2.3
Windows DirectoryC:\WINDOWS
System DirectoryC:\WINDOWS\system32
Boot Device\Device\HarddiskVolume2
LocaleUnited States
Hardware Abstraction LayerVersion = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
Time ZoneMountain Daylight Time
Total Physical Memory768.00 MB
Available Physical Memory415.68 MB
Total Virtual Memory2.00 GB
Available Virtual Memory1.96 GB
Page File Space1.44 GB
Page FileC:\pagefile.sys


[recovering disk space -- attachment deleted by admin]Your computer is clean

1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html.
Run CCleaner.

2. Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks COLUMN on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

3. Restart computer.

4. Turn System Restore on.

5. Download, and install McAfee SiteAdvisor: http://www.siteadvisor.com/download/ff.html. It'll warn you (in most cases) about dangerous web sites.

6. (optional) Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't interfere with your antivirus program

7. Read "So how did I get infected in the first place?": http://www.castlecops.com/postlite7736-.html

8. Let me know, how your computer is doing.

Hello Broni!!!

I would like to thank you so much for taking the time to look at the logs and giving me good news that it is clean... I normally run ccleaner on their comp but did notice I needed to update it!! Computer is running as good as it can on dial-up...lol... just made major changes like UNINSTALLING norton and getting rid of the mistake my folks made of installing mywebsearch.
I just like to after that, do a major cleanup and run SAS & MBAM and have you guy's take a look for me so I can rest assured their comp is running up to par.
I am so GLAD you guys are here to look for me, as I haven't the knowledge of reading and deciphering the logs. have a good idea on most, but still like a specialists opinion! Will be installing threatfire soon, want to see what it is like on my comp first and then can educate folks on it, being I am supposedly their Computer Technician.. ..lol.. I do tell them I get alot of help from real Tech's in this forum!

Anyhow, thanks again for your time and hope I didn't take too much of it away from others that are having major problems! In my opinion your forum is the best and you are the only forum I come to for problems, so kudos's to y'all

comp is running great again! Very good, my friend

When you run virus scan on your computer , comes up saying have Threats, are they viruses?=( I thought the anti-virus would have alerted me if I had viruses.

Threats could be just cookies, or they could be actual virus. Is there any way you can get a log of whats found?

LET's have a look.

Download and rename TrendMicro HijackThis.exe (HJT)

• Double-click on HJTInstall.
• Click on the Install button.
  
• It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  
• Upon install, HijackThis should open for you.

• Close HijackThis and rename it.
  
• Go to C:\Program Files\Trend Micro\HijackThis.exe
  
• RIGHT click on HijackThis.exe and select Rename.
  
• Type in sniper.exe and PRESS Enter.
  
• Right-click on sniper.exe and select Send To > Desktop (create SHORTCUT)

• From the desktop open Hijackthis.
• If using Windows Vista, Right-click and Run As Administrator.
  
• Click on the Do a system scan and save a log file button
  
• Hijackthis will scan and then a log will open in notepad.
• Copy and then paste the entire contents of the log in your post.
  
• Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

The O17 - HKLM\ entries are from a wareout infection and need to be fixed.

Download FixWareout by LonnyRJonesfrom one of the two below links and save it to your desktop.

• Link #1
  
• Link #2

• Run Fixwareout.
• Click Next
  
• then Install
  
• Make sure Run fixit is checked
  
• Click Finish.
  
• The fix will begin; follow the prompts.
• You will be asked to reboot your computer; please do so.
• Your system may take longer than usual to load; this is normal.

• Go into Control Panel > Network Connections.
  
• Right click on your connection
  
• and click Properties.
  
• On the Properties page, highlight Internet Protocol(TCP/IP)
  
• Click Properties. This will bring up another page.
  
• Select Obtain DNS Server Automatically.
  
• Click the ok button. The page will close.
  
• Press ok on the page in front of you.
  
• Restart the computer.
  
• Reconnect to the Internet using Internet Explorer.
• Add the log from fixwareout in your next reply.
• It will be located at C:\fixwareout\report.txt

@ECHO OFF
sc stop dorairtoe
sc delete dorairtoe
exit

• Save it to your desktop.

• Double-click OTMoveIt2.exe to run it.
  
• Copy the lines in the quotebox below.

[kill explorer]
C:\WINDOWS\system32\e.exe
EmptyTemp
[start explorer]

• Return to OTMoveIt2, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste

• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) and paste it in your next reply.
  
• Close OTMoveIt2

• When finished exit out of OTMoveIt2

• Click Accept.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded locate the Scan Settings and have it scan My Computer.

• Next, in the Save as prompt, Save in area, select: Desktop.
  
• In the File name area use KScan, or something similar.
  
• In Save as type: click the drop arrow and select: Text file [*.txt]
  
• Then, click: Save

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

Okay, here it is.

[recovering disk space -- attachment deleted by admin]It looks better.
This entry:
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
is gone, so you shouldn't have problem running HJT fixes now.
Follow my INSTRUCTIONS from reply #13.
Obviously disregard any entries, which are not present anymore.

When done, post new HJT log.Hallejuah! For now...
I believe my computer is almost fully cured! My start menu and just about everything else is back to normal EXCEPT MProtector is still on there no matter how much I TRY to remove it and I can't turn on my Firewall. Do I have to remove some of these programs to turn it on?

Also, I believe I won't be needing the services of Remove Restricitions Tool, but it remains everytime I reboot my computer. I can't FIND it under Add/Remove Programs list. How can I remove it?

[recovering disk space -- attachment deleted by admin]Quote

I can't turn on my Firewall

I have Mcafee viruscan Enterprise 8.0.0 anti virus installed on my cpu. I downloaded Avg free for my GIRLFRIEND and really liked it. My question is which ones better Avg or mcafee? Or which one would admins recommend?.Neither.
- Avira free antivirus: http://www.free-av.com/en/download/index.html
- Avast! free antivirus: http://filehippo.com/download_avast_antivirus/
Wow, I am impressed. I ran Avira as soon as I downloaded It, It found 3 trojans that mcafee did not FIND!!! One was on a chess game that I downloaded! How do you know when to delete or quarantine a virus?I would quarantine FIRST then delete later if everything is ok. When removing spyware and parasites, on occasion their removal can cause something to not work right. If you quarantine, it cannot run, but it can get restored to get the PC working again if needed. Also sometimes you may delete something that later you decide you wish you had not removed.

I've heard of viruses infecting a system file like Explorer.exe and the anti-virus software detected the infection but INSTEAD of fixing the problem, deleted Explorer.exe. That's just one example. Quarantine is the safest way to remove malware. If your PC and your programs are running correctly after a period of time (say, three weeks), then you can clean out the quarantine files.

-Don
<MOD Edit>

You can't promote your site here, sorry. EFQuote from: srtony1946 on July 27, 2008, 04:31:53 AM

I have Mcafee viruscan Enterprise 8.0.0 anti virus installed on my cpu. I downloaded Avg free for my girlfriend and really liked it. My question is which ones better Avg or mcafee? Or which one would admins recommend?.

Spyware Doctor STARTER Edition 5.5 or SPYBOT.I certainly PREFER Spybot - Search & Destroy, but it's all a matter of opinion.Spyware Doctor is too resource hungry. And I can't really justify paying for a program when there are so many good free alternatives.tyIts unanamos spybot is defintly better. I never had any problems that I COULD say an caught alot of nasties for me.

how can i remember my ID and PASSWORD for updating my intivirus programme?What AV PROGRAM?

will ENDING the PROCESS "wrsssdk.exe" stop webroot? i did this and the webroot icon left notification AREA by the clock. i was just wondering what EXACTLY it will stop.http://www.bleepingcomputer.com/startups/WRSSSDK.exe-11742.html

i have got AVG 8.0 anti virus. i have disabled the automatic updates, but it still checks for the updates every time i switch on the computer and connect directly to the internet. i cant access the option of checking for updates periodically. the option of checking for updates daily is checked and i cant disable it.Quote

i have disabled the automatic updates

Then there should be a update once a week at a specific time option right?

(virus detection database) updates happen very often, usually daily.

By DEFAULT, avast checks for virus definitions (IAVS or VPS or database) once every 4 hours when you PC is on.

Link

broadband, but with a download limit.

Everything i click on says not responding i cant install anything new on my computer the sound is not working.. internet explorer is not working. My computer isnt slow or anything dosent pop up with weird messages programs are just not working properly. I have windows xp home edition with service pack 2.

First of all when i try to GO into internet explorer it says has a message named:

RegSvr32 No dll specified Usage Regsvr2[/u] [/s] [n/] [/i[:cmdline]] dllname
/u- unregister server
/s- silent; display no message boxes
/i- Call dllinstall passing it an optional [cmdline]; when used with /u calls dll uninstall
/n do not call dllregisterserver; this option must be used with /i
Thats what i get when i try to use internet explorer. It will freeze up when i click on it

When i try to get into games or alot of application a (not responding) will come up. But then i will Ctrl Alt Dlt and i can still see the process going on in my task messenger. If i click it mulitiple times the process will go in there that many times but it will not WORK.. some times it has the loading glass then just stops.
Also alot of stuff i have the only way to get it to work is going into folder and clicking on the .exe shortcuts dont work unless they are directly on the .exe file
I scanned with superantispyware and got nothing
here is hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:04 AM, on 6/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Mozilla Firefox\firefox.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - F:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "F:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "F:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] F:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [swg] F:\WINDOWS\system32\regsvr32.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "F:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Window WASHER] "F:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - Winlogon Notify: Fly - F:\WINDOWS\
O20 - Winlogon Notify: Love - F:\WINDOWS\
O23 - Service: McAfee Application Installer CLEANUP (0005051207003295) (0005051207003295mcinstcleanup) - Unknown owner - F:\DOCUME~1\Zuratai\LOCALS~1\Temp\000505~1.EXE (file missing)
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - Unknown owner - F:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe (file missing)
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - Unknown owner - F:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - Unknown owner - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - f:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - F:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 8476 bytes
There are some suspect entries in the HJT logfile, please wait for one of the CH authorised malware removal specialists to come calling..

Topic moved to appropriate section

zuratai

Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Post new HijackThis log.ok iam going to to do this Very good I do the scans and they detect nothing here is fresh hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:46 AM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
F:\WINDOWS\system32\PnkBstrA.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Webroot\Washer\WasherSvc.exe
F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
F:\WINDOWS\RTHDCPL.EXE
F:\PROGRA~1\AVG\AVG8\avgtray.exe
F:\PROGRA~1\AVG\AVG8\avgrsx.exe
F:\Program Files\DNA\btdna.exe
F:\Program Files\Webroot\Washer\wwDisp.exe
F:\WINDOWS\system32\ctfmon.exe
F:\PROGRA~1\AVG\AVG8\avgemc.exe
F:\PROGRA~1\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - F:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - F:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] F:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] F:\WINDOWS\system32\regsvr32.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "F:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Window Washer] "F:\Program Files\Webroot\Washer\wwDisp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] F:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: Fly - F:\WINDOWS\
O20 - Winlogon Notify: Love - F:\WINDOWS\
O23 - Service: McAfee Application Installer Cleanup (0005051207003295) (0005051207003295mcinstcleanup) - Unknown owner - F:\DOCUME~1\Zuratai\LOCALS~1\Temp\000505~1.EXE (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - F:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - Unknown owner - F:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe (file missing)
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - Unknown owner - F:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee HackerWatch Service - Unknown owner - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing)
O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing)
O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - f:\program files\common files\mcafee\mna\mcnasvc.exe (file missing)
O23 - Service: McAfee Scanner (McODS) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing)
O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing)
O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - F:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 9329 bytes

I have Windows XP1 Home and Mozilla Thunderbird on Broadband. For a long time now when I launch Thunderbird and click GET MAIL a window come on with the heading: ALERT! "This folder is being processed. Please wait until processing is complete to get messages"
Nothing is being processed and the Windows Task Manager confirms no activity. I therefore would be in for an endless wait. However if I click the X to close the message window and then click on GET MAIL it may allow it or the message may return. Sometimes a single closure works, sometimes a dozen closures WORK but today it always returns and I cannot get past it.
I have run my Kaspersky Internet Security V7 (UPDATED daily) regularly but it reports no PROBLEMS or threats.
I have to assume this is malware of some sort. How can I get rid of it? Has anyone seen this message before?
Any advice would be welcome.
Jimbos. What is Windows XP1? Do you mean XP SP1? If so why are you not running at least XP SP2?

Personally I would turn off email scanning in your antivirus. It's over kill as anything malicious will be caught by the AV anyway. Plus it seems to be giving you problems.There is a good chance, Thunderbird is compacting your mail. That process shouldn't be interrupted, or you may lose your mail.
Let it finish.

iam sorry BRONI its just so frustrating with this computer getting so slow and i just cant wait to get it fixed HELP ME!. Anyways i do what you say and remove the thing then i restart but thing keeps coming back i dunno knkow why then i remove it again with the program you told me to and restart the i do the hijack thing and it says its still in there!My friend said ty for helping her. btw I must admit, I MADE a mistake.
Only lately, I found out, that those O10 entries are legit, and they belong to Stopzilla, which you have installed on your computer.
Give me new HJT log, please.broni i am at my house now and i just have to say ty for all the help but the computer is not even starting up anymore we have decided to go to a SHOP to get it checked or just to buy a new one ty for your time THOUGH. your always a help Let us know what they found....i'll TRY

I have removed the impact of antivirus 2008 and have recovered most functions.

i have windows XP sp2

at this point there is VIRUS ALERT next to the time/clock
the all programs menu is missing from START
hard drive is missing from the My Computer display area

( hard drive is acceptable from applications. ie outlook )

also logoff is not showing next to the turn off computer )

I have run various diagnostics including microsoft scan and the stop acceleration product

i have run both adware snd spybot SD




Print these INSTRUCTIONS out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options MAKE sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.problem ... F8 safe mode is not displayed as an option.. just F1 and F10 ( restore )

also superantispyware wont openhijack log

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27: VIRUS ALERT!, on 7/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\Spybot - Search &AMP; Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\nda.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://qp.acsonline.com/qp2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138551828593
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CAA057EE-809B-48E4-BE9C-367C32486C0D} (Crystal Print Control 10.0) - https://acsreports.acs-inc.com/crystalreportviewers10/ActiveXControls/PrintControl.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mymeetings.webex.com/client/v_mywebex-wbs-mciprodins/webex/ieatgpc.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - https://livewc02.custhelp.com/7520-b289h-turbotax/rnl/java/RntX.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: eAcceleration Notification Service (eac_notifysvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe
O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - eAcceleration Corp - C:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSSysInterv - Unknown owner - c:\winself.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9545 bytes
Quote

F8 safe mode is not displayed as an option.. just F1 and F10

nope not there HP hides the option under esc

I INSTALLED avira free anyways and the volume bug is fixed thank you so much . ANyways I will post BACK if the other bugs (windows freezing,and STUFF appear again) Thank you Broni You're very welcome
That's why, after many years of using AVG, I don't recommend it anymore.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\WINDOWS\System32\oobe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
OK, now we can move on...

First some cleanup.

Let's clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.
.

• Click START then RUN
  
• Now type Combofix /u in the runbox
  
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• Delete:
• ComboFix and its associated files and folders.
• VundoFix backups, if present
• The C:\Deckard folder, if present
• The C:_OtMoveIt folder, if present

• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

• Go to Start > Programs > Accessories > System Tools and click System Restore
  
• Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
  
• The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
• Next go to Start > Run and type Cleanmgr
  
• Click OK
  
• Click the More Options Tab.
  
• Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.

• Link #1
  
• Link #2

• Click Start , then Run
  
• Type notepad.exe in the Run Box.
  

• Click on Online Services and then Online Scanner
  
• Accept the License Agreement.
• Once the ActiveX installs,Click Full System Scan
  
• Once the download completes,the scan will begin automatically.
• The scan will take some time to finish,so please be patient.
• When the scan completes, click the Automatic cleaning (recommended) button.
  
• Click the Show Report button and Copy&Paste the entire report in your next reply.