4832 + Interview Questions in Computer viruses and spyware in Software Page 62 InterviewSolution

3051.	Solve : Frozen!!!!?
Answer» Yes sir!! Thankyou sir!!You're very welcome, my yuckkkkkkkkkkkkkkkkssssss she's sooooo eegghhhh..... Have you ever seen how I LOOK!!!!!!!!!! Oh boy!!!!! I'd rather be the princess if thats how queens look!!Well, for someone born in 1926, I'd say she looks pretty good! (Her mother died in 2002, at age 101.) I'm sure Queen IVY remembers these small facts.Nope I didn't know NOTHING of that sort, shorryy!! But its your duty to remind me of these things noble Knight... Quote Have you ever seen how I look!!!!!!!!!! May I? Better?::: NUDGES Broni, whispers ::: She's already a princess. Yup I like that. You may make it as your new avatar

3051.

Solve : Frozen!!!!?

Answer»

Yes sir!!

Thankyou sir!!You're very welcome, my yuckkkkkkkkkkkkkkkkssssss she's sooooo eegghhhh.....

Have you ever seen how I LOOK!!!!!!!!!!

Oh boy!!!!!

I'd rather be the princess if thats how queens look!!Well, for someone born in 1926, I'd say she looks pretty good! (Her mother died in 2002, at age 101.)

I'm sure Queen IVY remembers these small facts.Nope I didn't know NOTHING of that sort, shorryy!!

But its your duty to remind me of these things noble Knight... Quote

Have you ever seen how I look!!!!!!!!!!

May I?

Better?::: NUDGES Broni, whispers ::: She's already a princess. Yup I like that.

You may make it as your new avatar

3053.	Solve : Spyguarder removal?
Answer» Somehow I have downloaded something called spyguarder, it tells me my computer is infected with all sorts and every page I try to enter is an infected site. Remove programme wont get rid of it as it tells you that you cannot remove the programme whilst in use but there is no way of getting out of it. Can any one tell me what to do. Im on windows xp home edition.Print these INSTRUCTIONS out. 1. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your DESKTOP. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * CLOSE SUPERAntiSpyware. PHYSICALLY DISCONNECT FROM THE INTERNET Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under SCANNER Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are SEVERAL logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RECONNECT TO THE INTERNET RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log.

3055.	Solve : Help Me please!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?
Answer» i need some help from you if you can help me ! My computer is infected with NVMINI.SYS I cant remove it ,I ccannttt... I scaned my Pc with regrun but with out succses If you have just few minuts to tell me what will i do to remove that censored virus that will be good . GoodBay Need...more...info...gasp Operating system / antivirus &AMP; antispyware protection / service packs installed / when did it start happening / did it ever work right / installed any new software / tried booting into Safe Mode and running your antivirus/antispyware programs / tried booting into SM and doing a system restore to a date before this happened? Alan <>< First, watch your language, please! Print these instructions out. 1. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; SELECT Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory THREATS before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/LOGS tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text FILE will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log.

3056.	Solve : help fixing computer problem?
Answer» - About a month ago, my antivirus program(Avast) said it detected a virus in memory. - Suggested I shut computer down and reboot. - Did so. - Everything WENT fine with no resulting errors or messages. - When attempted to return MS-DOS prompt level, received message that it couldn't fine the .pif file. - Researched and found it still there. - Tryed to recreate an ms-dos prompt. - Then receive message that system couldn't find command.com. - Tryed c:\windows\system32\command.com. - System still couldn't find it, even though file is there. - Then ran virus check; spybot checkers(Adaware, Spybot, SpyDoctor, etc.), etc. - They did find instances of viruses, etc. and removed them. - Ran defrag, checkdisk, scandisk, etc. etc. - Check registery for .exe and exefile settings. All o.k. here - Rebooted computer. - Tryed other user logons. - Tryed creating new user logon. - Still same results. - Did extension research into problem. - Can't find anything that works. - Did EXTENSIVE research on this board concerning MS-DOS. - Have not found anything new that is helping. - NOTE: ---- - Can get cmd command to work and get me to DOS level. - However that are certain dos command I use frequently such as 'edit' 'fd(changes date of file(s))', etc. - These are not working. - I don't want to do a system restore at this point. I just want to fix the problem. - B-T-W. - Have Compaq Presario V5305. - WINDOWS XP MEDIA EDITION - VERSION 2002 - SERVICE PACK 2 - Only have restored disk - did not come with OEM disks. - Any suggestions...... -thanks -dan System Restore won't do any good, because it'd bring back all viruses. Let see, if your computer is clean... Print these instructions out. 1. Download SUPERAntiSpyware Free for Home Users: HTTP://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options MAKE sure the following are CHECKED (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log.

3059.	Solve : AVG and WIN98??
Answer» I have been using AVG 7.5 on both my main and back up COMPUTERS. But have received the notice that AVG will soon STOP updates for 7.5 and I have to change to 8.0. No problem with the main COMPUTER running Win XP Pro, but the back up is Win 98 and AVG 8.0 does not run on that apparently. I tried installing Avast on the spare, but it froze. So put back AVG 7.5 for now. Is there another free ANTI virus that you would recommend for Win 98 please?AVG 7.5 will be supported until the end of this year. Avast would be your only other, free choice.Thanks Broni. I will leave AVG on it for now and try Avast again when AVG stops being supported.

3061.	Solve : Looking for help with a virus from you smart people?
Answer» You'll have to make a Bootable WINDOWS 2000 CD with Service PACK INTEGRATED: http://old.bink.nu/bootcd/

3062.	Solve : problems uninstalling AVG 7.5 + problems with tabbed browsing in Firefox?
Answer» I'm glad, things are BACK to normal You MAY WANT to CHECK your monitor on another computer.

3063.	Solve : Internet connection is driving me nuts!?
Answer» I'm GLAD, your internet is back, but still, I'd like to SEE those three logs to see, if your COMPUTER is CLEAN, and it won't happen again.

3067.	Solve : Buffer Overrun?
Answer» Open HJT, checkmark all O1 entries, click "Fix checked". When HJT is done, it'll rescan. Do you still see O1 entries now?Ok I did not restart between them. In fact I didn't restart at all. I hope I wasn't supposed to. [recovering space - attachment deleted by admin]BTW, it didn't rescan, I had to rescan. Does that make a difference?WOW! We got it! Oh, man! Your computer is clean! Very LAST cleaning step. You can do it by yourself. I need to go to bed. 1. DOWNLOAD, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html. Run CCleaner. 2. Turn off System RESTORE: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" window that POPS up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 3. Restart computer. 4. Turn System Restore on. 5. Let me know, how your computer is doing. Oh yea, the hard part's done so you take off and go to bed. Hey thank you very much. I too am going to bed, I'll finish this tomorrow. Just do that last step as a very first thing, so no other crap sets in. Good night

3069.	Solve : Dangerous virus on your computer?
Answer» The original error went away and I got a new one with yop.exe and "CAVFrm.dll not found". I repeated the AutoRuns scan and deleted yop.exe and now there are no more error messages. Considering that yop.exe was tied to the CA antivirus protection that missed the original VIRUSES and that I now have several better programs in place (thanks to you), I am OK DELETING yop.exe. In addition, it seems that YAHOO has changed from OFFERING CA AV to Norton since my original download. Thanks again for all of your help. Hard to believe this kind of help is FREE. You rock. No problem, glad it worked out!

3070.	Solve : MicroSoft Windows Malicious Software Removal tool?
Answer» I just DL'd this up-date and shortly afterward I got a message stating that it had found and removed Trojan Downloader:Win32/Zlob. I can't understand how this could have got in considering all the protections I have in place. I have Avast, Windows firewall, Windows Defender, Threatfire, Spybot S&D and Spywareblaster and Ad-Aware. Could this be a case of false positives?Possible. Don't clean ANYTHING.... Print these instructions out. 1. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; SELECT Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o SCAN for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log.Too late. The aformentioned program already removed it but I'll run the other checks anyway. Be right back.Smart enough After an almost 3 hrs. scan I came up with no logs. When I re-opened the program, there were no logs showing. There were 16 items fixed. 14 were adware and tracking cookies. I'll continue on with the other scansFair enough Malwarebytes' Anti-Malware 1.12 Database version: 755 Scan type: Full Scan (C:\\|E:\\|F:\\|G:\\|) OBJECTS scanned: 113766 Time elapsed: 31 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\Software\Ares Gold (Adware.WhenUSave) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{E86671B7-0B27-4F2F-B076-666F9A93935E}\RP601\A0040726.dll (Trojan.Zlob) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E86671B7-0B27-4F2F-B076-666F9A93935E}\RP602\A0041031.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E86671B7-0B27-4F2F-B076-666F9A93935E}\RP602\A0041032.Dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E86671B7-0B27-4F2F-B076-666F9A93935E}\RP603\A0041172.Dll (Rogue.Multiple) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{E86671B7-0B27-4F2F-B076-666F9A93935E}\RP603\A0041173.exe (Rogue.VirusHeat) -> Quarantined and deleted successfully. C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. Keep going Here's the hijack log. It looks good to my inexperienced but learning eyes. I think the only ones I need to fix are # 20 and #23 Service: Ad-aware- no file [recovering space - attachment deleted by admin]Checkmark: - O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - (no file) Click "Fix checked" button. Other, then that the log is clean. Don't forget to reset System Restore. Thanks, Broni. I suppose those bugs could have gotten in before I installed all the protection I now have. I guess it begs the question; is there such a thing as a clean computer?Some people come close, but there is no 100% protection.

3060.	Solve : Rundll system error system32/bxlghumi.dll?
Answer» Hi, I recently found many VIRUSES on my computer and deleted them. Now I am getting two rundll error messages everytime I turn on my computer. One reads Error loading C:/WINDOWS/systme32/bxlghumi.dll The specified module could not be found. And Error loading C:/WINDOWS/system32/{afdb6c83-10d3-c922-bcda-9c83b9fb91f8}.dll The specified module could not be found. What should I do? Thanks!!Print these instructions out. 1. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log.Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:14:06 PM, on 5/12/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal RUNNING processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\zHotkey.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\QUICKTIME\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Belkin\F5D8051v2\Belkinwcui.exe C:\Program Files\Belkin\F5D8051v2\chkdev.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\dlcxcoms.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cmich.edu/portal/portal_welcome.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/ O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {4829CE73-E1B5-4F77-B44E-DDD70246951D} - C:\WINDOWS\system32\qoMgfGXp.dll (file missing) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: superiorads browser optimizer - {af1beead-8595-9e09-50c2-bbcc7ed8e26b} - C:\WINDOWS\system32\{afdb6c83-10d3-c922-bcda-9c83b9fb91f8}.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[emailprotected] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [fcd9ef24] rundll32.exe "C:\WINDOWS\system32\bxlghumi.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKLM\..\Policies\Explorer\Run: [MHilJTloPl] C:\Documents and Settings\All Users\Application Data\efcxanuv\inylirij.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\My Backup -- 28-05-07 1814\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188030619140 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: jkkIayya - C:\WINDOWS\ O21 - SSODL: SysKbd - {69d864a8-f4f6-4b39-adc9-975837a2a674} - C:\WINDOWS\Resources\SysKbd.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 9863 bytes okay half way there I did all the steps and now the only eror found at startup is the system32/bxlghumi.dll* Is Windows firewall on? * Check your Java version: http://www.java.com/en/download/installed.jsp Update, if necessary. Uninstall all other Java versions thorugh Add\Remove. *** Disable Windows Defender, as it'll interfere with cleaning process: * Open Windows Defender * Click Tools * Click General Settings * Scroll down to Real Time Protection Options * Uncheck Turn on Real Time Protection * After you uncheck this, click on the Save button * Close Windows Defender 1. Print this post out, since you won't have an access to it, at some point. 2. Close all windows, except for HijackThis. 3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with ), no actual program will be removed): - O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) - O2 - BHO: (no name) - {4829CE73-E1B5-4F77-B44E-DDD70246951D} - C:\WINDOWS\system32\qoMgfGXp.dll (file missing) - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) - O2 - BHO: superiorads browser optimizer - {af1beead-8595-9e09-50c2-bbcc7ed8e26b} - C:\WINDOWS\system32\{afdb6c83-10d3-c922-bcda-9c83b9fb91f8}.dll (file missing) - O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE - O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER - O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot - O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup - O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start - O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime - O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" - O4 - HKLM\..\Run: [fcd9ef24] rundll32.exe "C:\WINDOWS\system32\bxlghumi.dll",b - O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe - O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - O4 - HKLM\..\Policies\Explorer\Run: [MHilJTloPl] C:\Documents and Settings\All Users\Application Data\efcxanuv\inylirij.exe - O4 - Global Startup: Belkin Wireless Networking Utility.lnk = ? - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - O20 - Winlogon Notify: jkkIayya - C:\WINDOWS\ 4. Click on Fix checked* button. 5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears) 6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders. 7. Delete following files/folders (if present): - qoMgfGXp.dll, bxlghumi.dll files from C:\WINDOWS\system32 - efcxanuv folder from C:\Documents and Settings\All Users\Application Data - jkkIayya file from C:\WINDOWS 8. Restart in Normal Mode. 9. Post new HijackThis log.firewall is on should i turn it off?NO! Just checking...Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:56:53 PM, on 5/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\dlcxcoms.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\dllhost.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 1735 bytes This is not a whole log.Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:15:41 PM, on 5/12/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Digital Media Reader\shwiconem.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Dell Photo AIO Printer 926\memcard.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\dlcxcoms.exe C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\zHotkey.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cmich.edu/portal/portal_welcome.asp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://google.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[emailprotected] O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe" O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0 O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\My Backup -- 28-05-07 1814\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188030619140 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O21 - SSODL: SysKbd - {69d864a8-f4f6-4b39-adc9-975837a2a674} - C:\WINDOWS\Resources\SysKbd.dll (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- End of file - 8297 bytes sorryYour computer is clean is clean 1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html. Run CCleaner. 2. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the TASKS column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 3. Restart computer. 4. Turn System Restore on. 5. Let me know, how your computer is doing. my computer is running a lot smoother, no problems at the last startup! Thank you sooo much! Good Keep it this way...

3072.	Solve : Uh Oh! Please help... Viruses?
Answer» COOL HAPPY COMPUTING!

3075.	Solve : HJ log?
Answer» Can someone please cheeck this for someone as there internet is down. Scan saved at 7:56:30 AM, on 14/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWSLogfile of HijackThis v1.99.1 Scan saved at 7:56:30 AM, on 14/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRAM Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Mr.Murray\Desktop\hijackthis_199\HijackTh is.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {3D0EEAFE-E90D-4BB9-881E-3DF2369A1858} - C:\WINDOWS\system32\efcbcCrr.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: {60b5e5a7-b125-78f9-1fd4-1df53882611f} - {f1162883-5fd1-4df1-9f87-521b7a5e5b06} - C:\WINDOWS\system32\owwuqpiw.dll O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [soundman] SOUNDMAN.EXE O4 - HKLM\..\Run: [remotecontrol] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MOTIVE smartbridge] C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [launchapp] Alaunch O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [hp software update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [agrsmmsg] AGRSMMSG.exe O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Mr.Murray\Local Settings\Temporary Internet Files\Content.IE5\WLIRQ72W\install_sbd_en[1].exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: WEB Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Support - {6A1E322D-A3D1-453E-922D-347C663BEF84} - http://support.primus.ca (file missing) (HKCU) O9 - Extra button: Setup - {88E53018-61C2-4E5B-A69C-257DD10F8208} - https://signup.primus.ca (file missing) (HKCU) O9 - Extra button: Account - {A99F899A-3298-4DF0-ADC0-4E8458F31E38} - http://setup.primus.ca:8000/ (file missing) (HKCU) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.primus.ca O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/wardmedia/grinstall_wm1001_sp2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181491216296 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {8F4213B4-A970-4B3C-820D-343C693D5BF0} (SelfProvisioning.Wizard) - http://dsp03.eastlink.ca/SelfProvisioning.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: efcDUkLb - C:\WINDOWS\ O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Documents and Settings\Mr.Murray\Desktop\hijackthis_199\HijackTh is.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {3D0EEAFE-E90D-4BB9-881E-3DF2369A1858} - C:\WINDOWS\system32\efcbcCrr.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: {60b5e5a7-b125-78f9-1fd4-1df53882611f} - {f1162883-5fd1-4df1-9f87-521b7a5e5b06} - C:\WINDOWS\system32\owwuqpiw.dll O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [soundman] SOUNDMAN.EXE O4 - HKLM\..\Run: [remotecontrol] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [quicktime task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [motive smartbridge] C:\PROGRA~1\ALIANT\NETASS~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [launchapp] Alaunch O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [hp software update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [agrsmmsg] AGRSMMSG.exe O4 - HKLM\..\Run: [SBI] C:\Documents and Settings\Mr.Murray\Local Settings\Temporary Internet Files\Content.IE5\WLIRQ72W\install_sbd_en[1].exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Support - {6A1E322D-A3D1-453E-922D-347C663BEF84} - http://support.primus.ca (file missing) (HKCU) O9 - Extra button: Setup - {88E53018-61C2-4E5B-A69C-257DD10F8208} - https://signup.primus.ca (file missing) (HKCU) O9 - Extra button: Account - {A99F899A-3298-4DF0-ADC0-4E8458F31E38} - http://setup.primus.ca:8000/ (file missing) (HKCU) O11 - Options group: [INTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://www.primus.ca O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} - http://www.icannnews.com/app/ST/ActiveX.ocx O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/wardmedia/grinstall_wm1001_sp2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181491216296 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {8F4213B4-A970-4B3C-820D-343C693D5BF0} (SelfProvisioning.Wizard) - http://dsp03.eastlink.ca/SelfProvisioning.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: efcDUkLb - C:\WINDOWS\ O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)Please go to this thread and read the instructions for posting the required logs.Sorry to bother you he just wanted a check. Im sorry for taking up your time.I wouldn't ask you to go through the steps if it weren't necessary. The log is bad. You need to uninstall one of the antivirus suites. Running TWO is never advised.

3079.	Solve : How does everything look??
Answer» Just wanted to make sure everything was running well on my girflirend's comp....... Please run through this quick? thank you! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:03:15 PM, on 5/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Lexmark X74-X75\lxbbbmon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.verizon.net/newsroom/portals/newsroom.portal R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QUICKTIME Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user') O4 - Global STARTUP: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java CONSOLE - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\AIM95_c1\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 6483 bytes Looks fine Thanks Broni!

3076.	Solve : Boot Virus New Laptop (Xmas) please help!?
Answer» Hi I got a new Compaq PRESARIO v6000 laptop at Xmas now someone I trusted sent me a “SOMETHING” over MSN/WLM. I now know this “virus” for want of a better WORD stopped my computer from booting (even getting to the Compaq screen before windows loads) I cured this virus by removing the laptop battery yay fixed but then it came back seeming randomly a few weeks later ad again today. I had full AVG trial installed and windows firewall along with WIN Defender at the time oh and I’m running on windows Vista home Pre and my hard drive is sectioned into my laptop recovery drive (D) and my main drive (C). So my question is how to I get rid of this forever? And what is it? PS yes I reformatted it still came back! Thankyou all!You reformatted hard drive, or you reinstalled Windows over the top?I used recovery partition to reinstall windows (hope my problem is fixable)Print these instructions out. 1. Download SUPERAntiSpyware Free for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default SETTINGS for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o Scan for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please copy and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Download HijackThis: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log.SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/16/2008 at 09:36 AM Application Version : 4.0.1154 Core Rules Database Version : 3461 Trace Rules Database Version: 1452 Scan type : Complete Scan Total Scan Time : 00:45:23 Memory items scanned : 218 Memory threats detected : 0 Registry items scanned : 6759 Registry threats detected : 0 File items scanned : 100053 File threats detected : 3 Adware.Tracking Cookie C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][1].txt C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt C:\Users\Josh\AppData\Roaming\Microsoft\Windows\Cookies\[emailprotected][2].txt Malwarebytes' Anti-Malware 1.12 Database version: 755 Scan type: Full Scan (C:\\|D:\\|) Objects scanned: 139930 Time elapsed: 17 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:15:28, on 16/05/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\WINDOWS\RtHDVCpl.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\WINDOWS\System32\igfxpers.exe C:\Program Files\AVG8\avgtray.exe C:\Program Files\Lexmark 3400 Series\ezprint.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\unsecapp.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=73&bd=PRESARIO&pf=laptop R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG8\avgtray.exe O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3 \LXCYtime.dll,[emailprotected] O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12 \EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1 \MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3 \Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG8 \avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG8 \avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG8 \avgwdsvc.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: lxcy_device - - C:\Windows\system32\lxcycoms.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0 \SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 6623 bytes All 3 logs someone has said to me it might be somthing to do with the MBR or Bootsector?Can anyone help me please?Remember, we don't have 911 service. All volunteers, here. We need to work, eat, and sleep You need to repost HJT log, but this time disable "word wrap" in Notepad, because the log is hard to read.

3077.	Solve : Help Please, Spyware/Adware issue.?
Answer» Well, I believe it has to do with both adware and spyware. It started last night, midnight my time. My entire desktop, once having an ironman background, suddenly had something different. Instead of my original background it now has ads ATTACHED to it so there's no way to EXIT them out. Also, it won't let me change the background back to how it was. I even went to change it and it won't let me click on any of the offered wallpapers in the system. I performed a scan and had found that I had quite a bit of spyware and such on my computer. I quarantined and removed them. This was done in safe MODE. I went back to the normal mode ((Restarted the computer as I was advised by my program)) It's still there and I still am unable to change my wallpaper. Does anyone have any suggestions on fixing this issue? It would be muchly appreciated.PLEASE start here. Please read this before requesting malware removal help

3080.	Solve : computer problems post-Trojan.Win32.Blackbird and friends?
Answer» I'm not sure what to do. Can you get an XP CD and try a repair install?I don't have an XP CD... I'm just gonna reformat my hardrive, thanks anyway thoughweird... well, I had SERVICE pack 2, and I DOWNLOADED service pack 3, now my internet works (and I haven't reformatted), but it's very testy. sometimes the IP address is invalid... sometimes there's a problem with the DNS, and now my AIM no LONGER functions properly... I'm so confused! Try reinstalling anything that doesn't work right.

3082.	Solve : "Task Manger" is not available for clicking, please help....?
Answer» My computer contracted some nasty malware yesterday and I think I got rid of it all by following the steps in the "Please read this before requesting malware removal help". However, when I press ALT+CONTROL+DELETE the option to click the Task Manager button is not available. Can anyone help me to fix this? Thanks in advance!If you have posted no logs you haven't followed the instructions in the Please Read This section...Here are the logs that I have from Superantispyware, Malwarebytes and hijackthis. [recovering space - attachment deleted by admin]* Go Start>Control Panel>Add\Remove, and... Uninstall any of the following programs associated with Viewpoint*: Viewpoint Manager * Viewpoint Media Player * Viewpoint Toolbar 1. Print this post out, since you won't have an access to it, at some point. 2. Close all windows, except for HijackThis. 3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with ), no actual program will be removed): - R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=%tb_id - R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id - R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=%tb_id - O2 - BHO: (no name) - {4A9FD117-0E8D-4B21-B75B-E21DFC9F0C09} - C:\WINDOWS\system32\iifccaBr.dll (file missing) - O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime - O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" - O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background - O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe - O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://www.spywarelabs.com/1203030306/VBouncerOuter1203.EXE - O18 - Protocol: relatedlinks - {CD8D1CAA-FE4A-45DF-A06C-028AAF1821DE} - C:\PROGRA~1\COMMON~1\BTLINK\btlink.dll (file missing) - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe 4. Click on Fix checked* button. 5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears) 6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders. 7. Delete following files/folders (if present): - Viewpoint folder from C:\Program Files 8. Restart in Normal Mode. 9. Post new HijackThis log.I followed all the steps outlined above. Here is the new hijackthis log. [recovering space - attachment deleted by admin]Your computer is clean 1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. GET "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html. Run CCleaner. 2. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore POINTS will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" WINDOW that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 3. Restart computer. 4. Turn System Restore on. 5. Read So how did I get infected in the first place?: http://www.castlecops.com/postlite7736-.html 6. Let me know, how your computer is doing. Thanks for all the help in getting my computer clean!! For some reason though I still do not have the option to click on "Task Manager" when I press ALT+CTRL+DELETE. Any ideas as to why?Yeah, it happens when computer gets infected. See here: http://www.raymond.cc/blog/archives/2007/06/28/restore-task-manager-regedit-and-folder-options-disabled-by-virus/ for solution.Broni- Task Manager is functioning normaly now, thanks! Thanks for all the help in getting my computer clean!! I really do appreciate it!You're very welcome

3084.	Solve : Is any malicious software in my computer? Please help!?
Answer» This is what I get running hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:17:16 PM, on 5/15/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\IPSSVC.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe c:\program files\lenovo\system update\suservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\FSRremoS.EXE C:\Program Files\ThinkVantage\AMSG\Amsg.exe C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Lenovo\AwayTask\AwaySch.EXE C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Lenovo\Client Security Solution\cssauth.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\ScanSoft\OmniPageSE\opware32.exe C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe C:\Program Files\Common Files\Lenovo\Logger\logmon.exe C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNP.EXE C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Pando Networks\Pando\pando.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Ares\Ares.exe C:\PROGRA~1\Grisoft\AVG7\avgwb.dat C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lenovo.com/welcome/thinkcentre R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com/welcome/thinkcentre R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search BAR = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll (file missing) O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [OMNIPAGE] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe O4 - HKLM\..\Run: [TXP] c:\program files\topthemesxp\txp.exe O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ares lite] "C:\Program Files\Ares Lite\Ares.exe" -h O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [EPSON Stylus Photo R270 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNP.EXE /FU "C:\WINDOWS\TEMP\E_SCC.tmp" /EF "HKCU" O4 - HKCU\..\Run: [Start WINGMAN Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [viwc] C:\WINDOWS\system32\viwc.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [ActiveX Message Killer] C:\Program Files\ActiveXMessageKiller\ActiveXMessageKiller.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user') O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Global Startup: BlueSoleil.lnk = ? O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Search - ?p=ZNxmk789YYSG O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: System Update - {DA320635-F48C-4613-8325-D75A933C549E} - C:\Program Files\Lenovo\System Update\sulauncher.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.lenovo.com/welcome/thinkcentre O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development GROUP - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O24 - Desktop COMPONENT 0: (no name) - http://gfx2.hotmail.com/mail/w2/ltr/i_safe.gif -- End of file - 14166 bytes I don't know is my computer has any virus in it....Please help!There are some questionable entries in the log, go to this thread and read the instructions. Post all of the logs here when complete. Once the logs are posted a malware specialist will be along to assist you in further removal instructions.

3086.	Solve : Need help. Question about the first aid recovery cd.?
Answer» Thanks Broni. I really appreciate it! Please tell me what else needs to be done. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:04:38, on 2008/06/06 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Verizon Online\Help Support\bin\mpbtn.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! ､uｨ罔C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: ATLAS Translation Bar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V11\ATLIECP.DLL O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: ATLAS Translation Bar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V11\ATLIECP.DLL O3 - Toolbar: Yahoo! ､uｨ罔C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\HELPSU~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Verizon Online Help & Support.lnk = C:\Program Files\Verizon Online\Help Support\bin\matcli.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate by ATLAS - C:\Program Files\ATLAS V11\Atlscript.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLAS V11\Atlscript.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (file missing) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing) O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 8821 bytes Good JOB Your computer is clean 1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html. Run CCleaner. 2. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the TASKS column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 3. Restart computer. 4. Turn System Restore on. 5. (optional) Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against MALWARES. It won't interfere with your antivirus program* 6. Read So how did I get infected in the first place?: http://www.castlecops.com/postlite7736-.html 7. Let me know, how your computer is doing. Thank you so much Broni I can't thank you enough! I thought my computer was terminally ILL but you saved me! Its like new again! This is the last Hijack file after I did what you said. I'll be more careful in the future Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:33:20, on 2008/06/06 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\mozilla.org\Mozilla\mozilla.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! ､uｨ罔C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: ATLAS Translation Bar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V11\ATLIECP.DLL O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: ATLAS Translation Bar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLAS V11\ATLIECP.DLL O3 - Toolbar: Yahoo! ､uｨ罔C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate by ATLAS - C:\Program Files\ATLAS V11\Atlscript.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: ATLAS Translation - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLAS V11\Atlscript.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - (no file) O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Microsoft Office Groove Audit Service - Unknown owner - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (file missing) O23 - Service: Microsoft Office Diagnostics Service (odserv) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (file missing) O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 6674 bytes You're very welcome Enjoy your "new" computer....

3087.	Solve : Something is blocking my games from starting up?
Answer» this is when i RESTARTED my computer and took it off safe mode. I did everything you told me to Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:20:13 AM, on 5/14/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2900.2180) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\ESET\ESET NOD32 Antivirus\EKRN.exe F:\WINDOWS\system32\PnkBstrA.exe F:\WINDOWS\system32\PnkBstrB.exe F:\Program Files\Webroot\Washer\WasherSvc.exe F:\WINDOWS\Explorer.EXE F:\WINDOWS\RTHDCPL.EXE F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe F:\Program Files\DNA\btdna.exe F:\Program Files\Webroot\Washer\wwDisp.exe F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe F:\WINDOWS\system32\wuauclt.exe F:\WINDOWS\system32\wuauclt.exe E:\GF8\Win2KXP 162.18\setup.exe E:\GF8\Win2KXP 162.18\setup.exe F:\PROGRA~1\Mozilla Firefox\firefox.exe F:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) F2 - REG:system.ini: UserInit=F:\WINDOWS\system32\Userinit.exe O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file) O2 - BHO: (no name) - {F156768E-81EF-470C-9057-481BA8380DBA} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing) O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - F:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "F:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus O4 - HKLM\..\Run: [StopSignSsSsMon] Rundll32.exe "F:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll",VerifyStatus O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] F:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKCU\..\Run: [swg] F:\WINDOWS\system32\regsvr32.exe O4 - HKCU\..\Run: [BitTorrent DNA] "F:\Program Files\DNA\btdna.exe" O4 - HKCU\..\Run: [Uniblue SpeedUpMyPC] F:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "F:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [Window Washer] "F:\Program Files\Webroot\Washer\wwDisp.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: Download All by FlashGet - F:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - F:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O20 - Winlogon Notify: Fly - F:\WINDOWS\ O20 - Winlogon Notify: LOVE - F:\WINDOWS\ O23 - Service: McAfee Application Installer Cleanup (0005051207003295) (0005051207003295mcinstcleanup) - Unknown owner - F:\DOCUME~1\Zuratai\LOCALS~1\Temp\000505~1.EXE (file missing) O23 - Service: Apache2.2 - Unknown owner - F:\Documents and Settings\Zuratai\Desktop\AC Web Ultimate Repack\Server\apache\bin\apache.exe (file missing) O23 - Service: eAcceleration Notification Service (eac_notifysvc) - Unknown owner - F:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_svc.exe (file missing) O23 - Service: eAcceleration Product Manager Service (eac_productsvc) - Unknown owner - F:\PROGRA~1\EACCEL~1\FRAMEW~1\eac_productsvc.exe (file missing) O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - Unknown owner - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision CORPORATION - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee HackerWatch Service - Unknown owner - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe (file missing) O23 - Service: McAfee Update Manager (mcmispupdmgr) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe (file missing) O23 - Service: McAfee Services (mcmscsvc) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (file missing) O23 - Service: McAfee Network Agent (McNASvc) - Unknown owner - f:\program files\common files\mcafee\mna\mcnasvc.exe (file missing) O23 - Service: McAfee Scanner (McODS) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (file missing) O23 - Service: McAfee Protection Manager (mcpromgr) - Unknown owner - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe (file missing) O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing) O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing) O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - F:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - F:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - F:\Program Files\Webroot\Washer\WasherSvc.exe -- End of file - 9060 bytes

3089.	Solve : Wondering if desktop computer is infected ...?
Answer» ALRIGHT, I had a problem with the whole bugs screensaver, blue/yellow warning on this desktop, but a couple months ago, it stopped after I ran Malwarebyte's Anti-Malware. I'm on a different computer [different than the laptop that evilfantasy helped me to fix] that I also believe is infected. Before following the procedures in the malware removal post, our internet was just HORRIBLE on this computer. Meaning, it WOULD not receive a signal and also, when we tried to access our homepage, it always said page cannot be displayed. With any page, it mentioned the same error message. However, after running the scans and restarting the computer, we picked up an EXCELLENT signal and our internet is just great. That's how I'm able to type out this message. =) Anyway, here's all the logs that you requested. I just want to cure this computer from any other infections that aren't surfacing yet or that I can't see. =) Thanks for the help !! [recovering space - attachment deleted by admin]Oh! Forgot to mention the fact that the computer now has set restrictions on a lot of options on the computer, such as assessing the Control Panel, the remove/add programs, the desktop properties, etc. The TASK Manager used to be restricted, but I found some .reg file extension from a website designed to fix this problem, saved it on the computer desktop, and it fixed after reboot. The other registry key file edit things for the control panel, add remove programs, etc, would not work; even after reboot it did not work. Another thing is SOMETIMES the desktop likes to freeze, and all the icons on the desktop would disappear, it the computer would be at a stand still. The only way to get out of this problem is just to turn the computer off by pressing the power button. The screen itself would not refresh, it just blanks out. I can see, you're using two antivirus programs: Avira, and McAfee. It looks like Avira is active, and McAfee used to be your antivirus. Please EXPLAIN. One of them has to go.I'll get rid of Mcafee because I recently downloaded Avira to start the malware removal process. I didn't think we had an antivirus program that was active on that computer. Thanks for that information. Quote I didn't think we had an antivirus program that was active on that computer. Not good. Use this tool: http://majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html to remove McAfee. When done, post new HJT log.

3090.	Solve : Re: Windows Security Center?
Answer» Thanks Savior, I am having the same problems as Arwest had on May 1, 2008, ""I have a HP Pavilion Computer running MICROSOFT XP. When I turned on my compute this morning a Windows Security Center box popped up telling me I was not protected with anitvirus and spyware, even though I have norton antivirus, webroot spyware and adaware, which are all run regularly. When I clicked on the Windows Security box to INSTALL, my Norton BLOCKED it and labeled it a virus. After running all my anitvirus and several spyware programs, I cannot get rid of this. It continues to pop up boxes telling me to click on the security button on my taskbar and download."" The only difference is My computer is a Dell Optiplex 320.Can anyone help me .Moved to Computer Viruses and Spyware. We ask that you read and follow all instructions in the pinned topic titled Please read this before requesting MALWARE removal help. Following the steps in the Guide will ALLOW for us to quickly help you with specific fixes for what may remain on your system. When you have completed those steps post the logs in this thread.

3091.	Solve : Malware Protector 2008/Bug Screen and Background virus?
Answer» Last night I was attacked by this when visiting a video game site and quickly exited. Im running xp with sp2 and Webroot Spy Sweeper with Antivirus. I removed the Malware Protector 2008 shortly after it installed using the Control panel. I think the spy sweeper blocked most of it but I think some traces still remain. I followed the steps in the thread before posting and it seems the background and bug screensaver is gone but if someone could just take a quick look at the logs and tell me how bad the infestation was and if it was completely removed, it would be very much appreciated and thanks. [recovering space - attachment DELETED by admin]Do you use Norton as your AV, and firewall? It's not clear from the log, if it's running in full. Open HJT, checkmark all O18 entries, click "Fix checked", and post new log.I fixed the entries and re-scaned with Hijack. Webroot spysweeper also has antivirus protection and my firewall is the regular Windows one. [recovering space - attachment deleted by admin]It's still not clear. What's the story with Norton? Spysweeper is NOT a substitute for antivirus program.I used to have Norton installed but removed it when I got my new AV. The full name of my AV is "Webroot Spy Sweeper with Antivirus" if that was the thing that was confusing."Webroot Spy Sweeper with Antivirus"...fair enough, but I can see, the above product includes firewall, as well. Is it disabled, since you have Windows firewall up? Run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039 to remove Norton's leftovers, answer my question about firewall, and post new HJT log. I'm off to EURO 2008 soccer game, so I'll be out for couple of hours.Ok, Norton's been removed, Av firewall is disabled which is why I have Windows firewall and heres the new log. Also should I re-scan in safe mode or is that unnessary? Thanks for helping me out Broni [recovering space - attachment deleted by admin]You're welcome I'm not FAMILIAR with Webroot firewall, but Windows firewall is definitely the lowest quality firewall, so you may reconsider. ...and no, HJT has to be run in Normal Mode. 1. Print this post out, since you won't have an access to it, at some point. 2. Close all windows, except for HijackThis. 3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with ), no ACTUAL program will be removed): - O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup - O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start - O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime - O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" - O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe - O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe - O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe - O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet - O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background - O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe" - O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware.exe" - O4 - Startup: GameSpot Download Manager.lnk = D:\stuff\GameSpot\GameSpotDownloadManager_Win32.exe - O4 - Global Startup: Remocon Driver.lnk = ? - O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) - O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) - O16 - DPF: {00000000-7777-0704-0B53-2C8830E9FAEC} - http://gn.one2bill.de/soft/axload.cab - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SASWINLO.dll 4. Click on Fix checked* button. 5. Restart computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears) 6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders. 7. Delete following files/folders (if present): - sysrest32.exe, regscan.exe files from C:\WINDOWS\system32 - GameSpotDownloadManager_Win32.exe file from D:\stuff\GameSpot 8. Restart in Normal Mode. 9. Post new HijackThis log.Ok followed everything you said but the files in Safe mode weren't present and heres the new log: [Saving space - attachment deleted by admin]Very good Your computer is clean 1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. GET "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html. Run CCleaner. 2. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 3. Restart computer. 4. Turn System Restore on. 5. (OPTIONAL) Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't interfere with your antivirus program 6. Read "So how did I get infected in the first place?": http://www.castlecops.com/postlite7736-.html 7. Let me know, how your computer is doing. Thank you very much Broni It was a big help and it seems CCleaner is similar to the program Window Washer.You're very welcome Is computer doing OK?Yes, computers ok. After the computer got infected I didn't really notice any significant change in performance besides the the bug screen saver and background change. Does that mean it wasnt that bad?If you could only see some other logs.... You had just light infection.

Explore topic-wise InterviewSolutions in .

Solve : Frozen!!!!?

Solve : got around 500 viruses on my pc?

Solve : Spyguarder removal?

Solve : new threat?

Solve : Help Me please!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!?

Solve : help fixing computer problem?

Solve : Virus Affecting Search Engines??

Solve : AVG 8.0.1 Preventing attachment and torrent file downloads?

Solve : AVG and WIN98??

Solve : Rundll system error system32/bxlghumi.dll?

Solve : Looking for help with a virus from you smart people?

Solve : problems uninstalling AVG 7.5 + problems with tabbed browsing in Firefox?

Solve : Internet connection is driving me nuts!?

Solve : Roomie's computer infected now...HJT log included.?

Solve : HijackThis log for a win32/vundo!generic problum?

Solve : just a check?

Solve : Buffer Overrun?

Solve : Spyware + some disabled processes?

Solve : Dangerous virus on your computer?

Solve : MicroSoft Windows Malicious Software Removal tool?

Solve : Computer infected with Trojan.Win32.Blackbird (among others!) - logs attached?

Solve : Uh Oh! Please help... Viruses?

Solve : UNKNOWN VIRUS?

Solve : Web browser problems?

Solve : HJ log?

Solve : Boot Virus New Laptop (Xmas) please help!?

Solve : Help Please, Spyware/Adware issue.?

Solve : how to utilize AVG update '.bin' files??

Solve : How does everything look??

Solve : computer problems post-Trojan.Win32.Blackbird and friends?

Solve : Is this registry a malware????

Solve : "Task Manger" is not available for clicking, please help....?

Solve : Which Virus Scanner???

Solve : Is any malicious software in my computer? Please help!?

Solve : Dell laptop will not stay shut down?

Solve : Need help. Question about the first aid recovery cd.?

Solve : Something is blocking my games from starting up?

Solve : can't access certain websites?

Solve : Wondering if desktop computer is infected ...?

Solve : Re: Windows Security Center?

Solve : Malware Protector 2008/Bug Screen and Background virus?

Solve : PC running slow after virus removal?

Solve : I to have the bug screensaver herpies?

Solve : Win32.trojan?

Solve : Cant open downloaded zips problems- Hijack log?

Solve : It is me again lol?

Solve : McAfee or Avast... THAT is a question?

Solve : Bug Screensaver Virus...Again?

Solve : Spyware? Please help me :(?

Solve : I am infected with ntos.exe trojan keylogger - please help.?

3092.	Solve : PC running slow after virus removal?
Answer» AVG 8.0 still would not recognize my Win XP SP2. SUPERAntiSpyware still crashes during installation. Other than that, no problem. Thanks.1. Download this diagnostics tool MGADiag.exe and save this to your Desktop. 2. Double-click on MGADiag.exe and click Continue 3. When the program has finished, click on Copy 4. Post the results in your next reply.MGADiag result attached. Thanks. [Saving space - attachment deleted by admin]This may be the problem with the installs. Right now, your computer has a Volume Licensing edition of XP installed, and that installation was done with a now-blocked Volume Licensing Key (VLK). VLKs are blocked by Microsoft at the request of the original keyholder for such reasons as the key was lost, stolen, compromised, misused, or expired. Also, MS may have blocked the key if it notices a pattern of misuse or more installations of XP using that key than authorized. As a rule, VL editions of XP should not be sold to individual consumers. Businesses, schools and gov'ts normally use VL editions for flexibility in installing many computers. This may be why you are getting errors on trying to install some programs and you likely aren't able to install any MS updates either. Look on the computer or in the MATERIALS that came with your computer to see if you have a Certificate of Authenticity (COA). Look for: 1. What edition of Windows XP is it for, Home, Pro, Media Center, or some other edition or version of Windows? 2. Does it read "OEM Software" or "OEM Product" in black lettering? 3. Or, does it have the computer manufacturer's name in black lettering? Not sure what to look for and more information Click here: http://www.microsoft.com/resources/howtotell/en/coa.mspx If you have been sold this copy of XP as new then go here: http://www.microsoft.com/resources/howtotell/reports/report.aspx?displaylang=en You can call 1-866-PCSAFETY (1-866-727-2338). This phone number is for virus and other security-related support. It is available 24 hours a day for the U.S. and Canada. They will help you get your Windows validated. Let me know if you need any more information and I will try to help. At this POINT there isn't MUCH I can do. The Windows came together with the computer when I bought it from the shop. Those information you want me to check is suppose to be on the stickers on the casing, if I'm not mistaken. Unfortunately, my PC is ALMOST 4 years old and I only have some "remaining" of the stickers left on the casing, and I can barely read the printing on it. You said that "VL editions of XP should not be sold to individual consumers", so I'm wondering whether the shop has bought such VL and use it on the computers sold. While VL allows multiple use of the license, they may have misused the VL on PC sold rather than their own PC at work. Is that possible to happen and is that a fault? I can hardly go back and argue with the shop as it's been so many years and I don't think they will admit the fault. Anyway, since it's the problem with the Windows license, and my computer seems to be running fine at the moment, I guess that should be it for now. Thanks for all your support. Thanks to Broni too. The shop probably has a business license to install and sell Windows. The license may have run out and they didn't renew it. Maybe they now install Vista so thought the XP license didn't need to be renewed? Don't know for sure, just speculating. MS is good about working with people on renewing their Windows. It may take supernatural PATIENCE and a bit of your time but it would be best to ring them up and give it a try. You may even call the shop who sold it to you. They should know that their license had expired and they have left their customers hanging. They may even know of a better (quicker) way to take care of it. Or they were installing illegitimate copies, Then MS should be made aware of it. If you have been sold this copy of XP as new then go here: http://www.microsoft.com/resources/howtotell/reports/report.aspx?displaylang=en In the event you are a victim of piracy, help is available from this site: http://www.microsoft.com/piracy/

3094.	Solve : Win32.trojan?
Answer» Is there a program that can get rid of Win32.trojan , Win32.backdoor , and many more. I have had this problem for a while. Yes, i have tried to get rid of them by zonealarm, avast, macafee, avg, ect. But i want to know if there is a program that is specifically designed to get rid of only those. I am aware that they come back but I just aant something to get rid of them when I want to. thx Print these instructions out. 1. Download SUPERAntiSpyware FREE for Home Users: http://www.superantispyware.com/ * Double-click SUPERAntiSpyware.exe and use the default settings for installation. * An icon will be created on your desktop. Double-click that icon to launch the program. * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.) * Close SUPERAntiSpyware. PHYSICALLY DISCONNECT FROM THE INTERNET Restart computer in Safe Mode. To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll SEE "Safe Mode" in all four corners of your screen * Open SUPERAntiSpyware. * Under "Configuration and Preferences", click the Preferences button. * Click the Scanning Control tab. * Under Scanner Options make sure the following are checked (leave all others unchecked): o Close browsers before scanning. o SCAN for tracking cookies. o Terminate memory threats before quarantining. * Click the "Close" button to leave the control center screen. * Back on the main screen, under "Scan for Harmful Software" click Scan your computer. * On the left, make sure you check C:\Fixed Drive. * On the right, under "Complete Scan", choose Perform Complete Scan. * Click "Next" to start the scan. Please be patient while it scans your computer. * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". * Make sure everything has a checkmark next to it and click "Next". * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. * If asked if you want to reboot, click "Yes". * To retrieve the removal information after reboot, launch SUPERAntispyware again. o Click Preferences, then click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. o Please COPY and paste the Scan Log results in your next reply. * Click Close to exit the program. Post SUPERAntiSpyware log. RECONNECT TO THE INTERNET RESTART COMPUTER! 2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform full scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt RESTART COMPUTER! 3. Download HIJACKTHIS: http://www.snapfiles.com/get/hijackthis.html Post HijackThis log.

3095.	Solve : Cant open downloaded zips problems- Hijack log?
Answer» Okay keep in mind that other people use this pc. But I cant open any zips that are downloaded an hope that something will say in it Logfile of HijackThis v1.99.1 Scan saved at 4:17:37 AM, on 6/11/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\HPZipm12.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\System32\tcpsvcs.exe C:\WINNT\System32\snmp.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINNT\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\WINNT\system32\RUNDLL32.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\Program Files\WordWeb\wweb32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Brenda\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bedford.net/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: @msdxmLC.dll,[emailprotected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVAST!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210897146075 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1210944805605 O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1283C04C-107F-4152-B77C-0FCC6C6E5895}: NameServer = 69.72.74.11 69.72.74.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{1283C04C-107F-4152-B77C-0FCC6C6E5895}: NameServer = 69.72.74.11 69.72.74.3 O23 - SERVICE: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe What format of a zip file is it. Here is a note of caution. Hard to open zip files are often related to torrents or warez. Once these hard to open files are finally opened you realize you have just unleashed some of the worst malware known to a PC. A new HDD and/or a CPU is often the only option. Some malware writers don't care to scam anyone, rather they get their kicks from destroying as many PC's as they can.rar an the other format that I cant think of it, but its happens to any an all. Anything I can remove in the HijackThe log was fine. What program are you using to open them with?Winzip its an old versionTry one of these. http://www.filehippo.com/download_izarc/ http://www.filehippo.com/download_7-zip/I like to use something I'm familiar with but I tried reinstalling it an it still happens.Do you get any error messages?The winzip wizard cant open this file, it doesnt appear to be a vaild archive, If you downloaded this file TRY again. But I tried download it again an so on an so but it keeps coming up. These are files I want an it happens to others as wellWill you send it to me in an email so I can check it out. evilfantasy69 at yahoo.com Post here when it is sent so I will know it's you. This is my spam mail account so nobody else try to email me there. I will just DELETE it.What is it that you want??? It happens to any downloaded file of this kind I dont think it will help.winZIP can't open RAR files, at least not the old version your using. I had the same problem with Powerarchiver, except with PA, I could view the RAR, but not extract it. Try to extract it with the programs evilfantasy suggested, or winRAR. even if they are unfamiliar to you.I use wrar to do that I couldnt think of the other format.I downloaded them with a faster connection an they work. Not sure whats WRONG here.

3098.	Solve : Bug Screensaver Virus...Again?
Answer» HELLO. I saw in another THREAD about this virus to DL SuperAntiSpyware, Malwarebytes and HJT. Run them and POST the logs here. I've downloaded the programs and am going to try running them now. Will be back shortly to post the logs. THANKS in advance!

3099.	Solve : Spyware? Please help me :(?
Answer» Very good ....checking....* You need to update your Java: http://java.sun.com/javase/downloads/index.jsp Java Runtime Environment (JRE) 6 Update 6 Uninstall all previous versions of Java through Add\Remove. 1. Print this post out, since you won't have an access to it, at some point.** 2. Close all windows, except for HijackThis. 3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with ), no actual program will be removed): - F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe, - O2 - BHO: gooochi browser optimizer - {2088e8f7-fefb-c842-4abd-e1e7b58f70ab} - C:\WINDOWS\system32\{3dc0d1fa-3623-ea3c-45d4-ebf60842ffde}.dll (file missing) - O2 - BHO: (no name) - {3AB1D3A2-2273-4107-8BC9-F12B3FE93757} - C:\WINDOWS\system32\qoMFyVPh.dll (file missing) - O2 - BHO: (no name) - {65152511-930D-4EB8-9055-CF66D1CAAA15} - C:\WINDOWS\system32\mlJBUKcy.dll (file missing) - O2 - BHO: {740f18a8-c35d-6669-5d04-910197ec46b6} - {6b64ce79-1019-40d5-9666-d53c8a81f047} - C:\WINDOWS\system32\kmiwrwom.dll (file missing) - O2 - BHO: (no name) - {79906AC8-B875-4A64-9EE0-55A2D5E8A18C} - C:\WINDOWS\system32\fccYPiih.dll (file missing) - O2 - BHO: (no name) - {85EA3A83-9765-44EA-80EC-BA2EF1CA1E10} - C:\WINDOWS\system32\yayvTkHW.dll (file missing) - O2 - BHO: (no name) - {C53A682C-2DFB-4332-9879-E4BFBF3D6CFC} - C:\WINDOWS\system32\vtUlLEVm.dll (file missing) - O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background - O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe - O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe - O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 - O4 - HKCU\..\Run: [A00F39131FA1.exe] C:\DOCUME~1\Mimers\LOCALS~1\Temp\_A00F39131FA1.exe - O4 - HKCU\..\Run: [A00FD7484.exe] C:\DOCUME~1\Mimers\LOCALS~1\Temp\_A00FD7484.exe - O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe - O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') - O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') - O4 - Startup: csrss.lnk = ? - O4 - Startup: PowerReg Scheduler.exe - O4 - Global Startup: Digital Line Detect.lnk = ? - O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - O20 - Winlogon Notify: ddcabcd - ddcabcd.dll (file missing) - O20 - Winlogon Notify: ddccb - C:\WINDOWS\ - O20 - Winlogon Notify: qoMCusTj - qoMCusTj.dll (file missing) 4. Click on Fix checked* button. 5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears) 6. Open Windows Explorer. Go Tools&GT;Folder Options>View TAB, put a checkmark next to Show hidden files, and folders. 7. Delete following files/folders (if present): - wmsdkns.exe file from C:\WINDOWS\system32 8. Restart in Normal Mode. 9. Post new HijackThis log.Ok, I wasnt able to get on the computer yesterday, sorry! I am printing out the next set of directions now....think we are close to being fixed?I'll have to see your fresh HJT log.Alright....Hopefully I did everything right this time. However, I could not find the wmsdkns file. here is the new hjt Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:08:32 PM, on 6/8/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = FILE://C:/WINDOWS/HOMEPAGE.HTML R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5061101 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll O2 - BHO: AVG SECURITY Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163217834437 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://cheryl919.myphotoalbum.com/ImageUploader4.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/cinematycoon.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll, O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 8333 bytes Very good Your computer is clean 1. Download, and INSTALL CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version. Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html. Run CCleaner. 2. Turn off System Restore: - Windows XP: 1. Click Start. 2. Right-click the My Computer icon, and then click Properties. 3. Click the System Restore tab. 4. Check "Turn off System Restore". 5. Click Apply. 6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. 7. Click OK. - Windows Vista: 1. Click Start. 2. Right-click the Computer icon, and then click Properties. 3. Click on System Protection under the Tasks column on the left side 4. Click on Continue on the "User Account Control" window that pops up 5. Under the System Protection tab, find Available Disks 6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:") 7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this. 8. Click OK 3. Restart computer. 4. Turn System Restore on. 5. (optional) Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't INTERFERE with your antivirus program* 6. Read "So how did I get infected in the first place?": http://www.castlecops.com/postlite7736-.html 7. Let me know, how your computer is doing. OMG you are seriously not even kidding a GENIOUS! MY HERO!! lol I cant even type how thankful I am for your time and helping me out! You have no idea how thankful I truly am! BRONI IS AMAZING!!!! You just made me smile That's all I need. Happy computing!