Explore topic-wise InterviewSolutions in .

This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.

4001.

Solve : infected with virus cryp_tap?

Answer»

Hello pplz, my friend just got infected with a virus called cryp_tap. It was detected with trend micro, and pops up in a dioulouge box every 1 second. he is running a microsoft xp OS and is unsure of his hardware SPECS. He said that whenever the box pops up it makes a clicking noise. He said it is very annoying and that he has alot of assignments to do and is worried about using the internet. Does anyone know it it will steal passwords, and does anyone know how to get rid of it?

thankyou Print these instructions out.

1. Run one of two free on-line scanners:
*** ESET Online Scanner at: http://www.eset.com/onlinescan/
Note: This scanner is for Internet Explorer only
1. You will notice that the "Start" button is grayed out. Place a check mark at "Yes, I accept the Terms of use". The "Start" button will become visible. Click on it.
2. If it wants to install an ActiveX component allow it
3. You will be asked to install an ActiveX, click the "Install" button (Note: If you have a Firewall install you may have to approve the installation)
4. Once ActiveX control is installed click on the "Start" button to initialize the scanner
5. After initialization is complete, make sure, that "Remove found threats", and "Scan unwanted applications" are checkmarked.
6. Click the "Scan" button
7. Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt
Post ESET's log.

*** TrendMicro online scanner, HouseCall
Note: This scanner works with Firefox, and Internet Explorer

Click on
It'll ask you to download small housecall66.exe to your computer.
Double click on the above file to begin scanning process.

HouseCall pop-up window will open.
Accept the agreement.
In next window, select Complete Scan, and click on Start Scanning button.

Relax, it'll take a while...

Upon completion HouseCall will display results under Results tab.
Click Clean now button.
Close application.

Find TrendMicro log, housecall0.log. Its location:
Windows XP: C:\Documents and Settings\username\Application Data\HouseCall 6.6\log
Vista: C:\Users\username\AppData\Roaming\HouseCall 6.6\log


2. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, MANUALLY download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it SCANS your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "QUARANTINE and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply with a new HijackThis log.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

3. Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

4. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.Quote from: nibblit on February 23, 2008, 07:03:08 PM

Does anyone know it it will steal passwords, and does anyone know how to get rid of it?

if its a trojan it willIt's Vundo type of trojan. More info: http://en.wikipedia.org/wiki/Vundo_trojanHey Broni, if you have admin powers can you move this thread to the right place.I can't, but some Mod will.Thanks for the feedback guys, ill let my freind know about it. sorry about posting in the wrong section, ill try and do better next time :SIt's OK. It'd be much better, if your friend could post here by himself, so we have all info first hand.Quote from: Broni on February 25, 2008, 09:23:27 AM
It's OK. It'd be much better, if your friend could post here by himself, so we have all info first hand.

i second that
Discussion
4002.

Solve : Website help please.....?

Answer»

Thanks for all your help with my Malaware/Virus problem from when I logged onto Link Removed[/i ]cc

All nearly fixed..... I have another problem

About 7 weeks ago my poor website was attacked by some strange files, I only upload photos so I can link them from forum posts etc..... Now if any of the experts can help here this would be great, My ISP has ignored the 3 emails I have sent them in the past and I am frightened (LOL) to even look at my webspace in a browser....

I have had a few emails from YAHOO warning me that they have removed my www from their database etc because of the hijacking software that is on my site....

Can anyone explain what has happened....

NOW BE WARNED, DO NOT GO HERE UNLESS YOUR PC IS MEGA SECURE, I CANT BE HELD RESPONSIBLE !

But I need to get to the bottom of this please.....

Here goes....

Link Removed uk which will forward to my Globalnet true webspace etc.....

Thanks

maxmixFirst we prefer that nobody posts links to infected sites. The name of the site is enough information if we need to investigate it.

Second, I am completely confused on what you are asking. Do you click on the banner or popup ads from these sites? If so then the site may be clean but their advertisements may not be. So of this is the case then stop clicking on banner ads.

I understand, it's his own web site (freebie), which he uses to upload screenshots, photos, etc to have links, which can be posted somewhere else.
I don't know anything about disinfecting web sites, but I think, it should be done by by a hosting company.I see. Then I was sort of on to the answer with the popups and banner ads.

If your free site has these ads then they are loaded with malware. Which is why you got the emails from Yahoo. Yahoo is ad supported also but clicking on any of them will not put malware on a users PC. You free site isn't the same case.

If you are just hosting pictures then go to Photobucket, PictureTrail or www.screenshots.cc among many others.

If you are hosting adult photos then www.bayimg.comQuote from: Broni on February 20, 2008, 08:22:08 PM

I understand, it's his own web site (freebie), which he uses to upload screenshots, photos, etc to have links, which can be posted somewhere else.
I don't know anything about disinfecting web sites, but I think, it should be done by by a hosting company.

Thanks Broni.... This is my own web page hosted by Globalnet now Madasafish, I have been with them for more than 10 years, my site hhd.co.uk and domain I have owned for many years.... but since Globalnet.co.uk was bought out by Madasafish.com I cannot get any answers....

(BTW There should be no adverts at all on my site.... Only my personal business details)

My hhd.co.uk forwards to http://www.users.globalnet.co.uk/~hamishd/ which is my true webspace for my retail shop jere in The Mull of Kintyre, Scotland etc....

I have had numerous emails from Yahoo that they have removed my site becouse it has been compromised which is a shame, loacal people got my shop phone number and address from my site etc....

Because of all the virus problems I have had I am frightened lol to check out my webspace etc....

I'll post a ZIP (If someone can check it out) This is what my site should look like etc....

Thanks

Hamish AKA maxmix

ZIP NOW ATTACHED !

[file cleanup - saving space - attachment deleted by admin]I can't even get to the site with the link you provided.

It may be a tough decision but it may be time to look into a new web host. Me neither.
I assume, this is free web hosting provided by your ISP. If so, why don't you just call them:
Technical Support: 0844 395 0830 press 1
You pay for your internet connection, don't you? They provide some services, which in your case are not delivered in full.Ah well, thanks again Broni.... Phoned them up, had a nightmare with an Indian numpty for about 40 mins.... On hold for about 30 of them....

No joy with them.... Cam to the end of his flowchart and that was it.... Game Over....

So I started doing some research tonight myself on Yahoo.... Managed to find a tiny file at a few KB with a php extension etc.... I then found out from another forum that people had had php code injected into their index.html page..... These guys did not have a CLUE how they got infected on their servers either....

Anyway got into SmartFTP deleted the php and index, uploaded a new (Backed up) index file I had on a flash drive and all is well, all my photos, zips and mp3's are still working....

http://www.users.globalnet.co.uk/~hamishd/

Thanks for you suggestions (Again)

Just need BB-Online to direct my hhd.co.uk back to my index file..... Have emailed them....



NN

maxmix

PS Can close this ONE lol Cool As it was....

www.hhd.co.uk (Bit outdated lol) but it works

maxmix
Discussion
4003.

Solve : Need virus removing help?

Answer»

Fixed what do i do if rougue remover does not FIND anything?Are you saying it didn't?yes it didnt detect anythingYou are GOING to need to work the steps in this THREAD and post the LOGS when complete.Quote from: brandonb122 on February 17, 2008, 01:59:22 PM

its norton 2004 and it says my subscription is expired, but it will still scan, do you think it will be able to detect the viruses? and should i scan my computer in safe mode or in normal
I'd also dump Norton...be SURE to use the Norton Removal Tool and then install either AVG Free or Avast Free...both fine Anti-Virus apps at the right price.
But finish your cleanout steps with EF here first...
Discussion
4004.

Solve : Corrupting of Media Files?

Answer»

I downloaded an audio file using Ares about two weeks ago. When I played the file, it was corrupted and didn't play properly. I deleted it immediately. Since then, I have been having trouble playing video's from youtube.com and also playing my other media files. They STILL play however, sometimes without SOUND or the vocals appear to be in the background, ETC. On youtube, it asks me to download AdobeFlash version 7. It was working yesterday, however, the sound was very faint. I downloaded a recent version of AdobeFlash hoping this would solve the problem but obviously hasn't. I have run a virus scan and also malware software to no avail. Don't know what to do. I have WINDOWS XP, with 512 ram Pent 4.

Thanks for any help

SalUninstall Adobe Flash, using this: http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14157
Install fresh copy.Thanks for your help Broni. I did as you suggested and it appears to be working fine. Once again, Thank you.

SalCool
Discussion
4005.

Solve : Some bad malware;?

Answer»

My laptop had a bit of an episode earlier, and I noted that there are 2 bits of malware. Something named NNrun, and something named Win32:Neptunia? Anyway, here's a HijackThis Log - could someone help me out? Thanks!

LOGFILE of Trend Micro HijackThis v2.0.2
Scan saved at 00:36:24, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Netcom Corporation\U-Disk Format Tool\uManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.EXE
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,[emailprotected]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PnPUI Registrator] C:\Program Files\Common Files\Sitecom Shared\PnP Universal Installer\PnPUIReg.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: uManager.lnk = C:\Program Files\Netcom Corporation\U-Disk Format Tool\LoadProcess.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {45A0A292-ECC6-4D8F-9EA9-A4BD411D24C1} (king.com) - http://www.king.com/ctl/kingcomie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4560946-A18D-466A-9121-9439F01C86C9}: NameServer = 195.92.195.94 195.92.195.95
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NNServ - New.net, INC. - C:\Program Files\NewDotNet\nnrun.exe

--
End of file - 6877 bytesOpen Hijackthis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitial Setup1.0.0.8-2.cab
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe

Important: Close all windows except for Hijackthis and then click Fix checked.

Exit Hijackthis.

----------

Download OTMoveIt2 by OldTimer.

  • Save it to your desktop.
  • Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: [Select]C:\Program Files\IM Names\IM-svr.EXE
    C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    C:\Program Files\NewDotNet\nnrun.exe
  • Return to OTMoveIt2, right click in the "Paste Standard List of Files/Folders to Move" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

----------

Please download Combofix by sUBs from one of the below links.
(Try all THREE if necessary)Important! Combofix.exe MUST be saved to and ran from the Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting Combofix.
  • Important! Temporarily disable your antivirus, script blocking and any antispyware real time protection before performing a scan.
    • Click this link to see a list of security programs that should be disabled and how to disable them.
    • If yours is not listed and you don't know how to disable it, please ask.
  • Warning: Combofix disconnects your computer from the internet. The connection is automatically restored before Combofix completes its run.
  • Double click combofix.exe & follow the prompts.

      • From the keyboard select 1 and press Enter[/COLOR]
      • When finished, it will produce a log for you.
      • Post that log in your next reply.
      Warning: Do not mouseclick combofix's window while it is running. That may cause it to stall
      • If Combofix runs into DIFFICULTY and terminates prematurely, the connection can be MANUALLY restored by restarting your computer.
      • Important: Remember to re-enable your antivirus and antispyware before reconnecting to the Internet.
      ----------

      Next post please add
      OTMoveIt log
      Combofix log
    Right, that went pretty well. I had to get ComboFix from elsewhere because the 3 links didn't seem to work.

    MoveIt Log

    File/Folder C:\Program Files\IM Names\IM-svr.EXE not found.
    C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe moved successfully.
    C:\Program Files\NewDotNet\nnrun.exe moved successfully.

    OTMoveIt2 v1.0.20 log created on 02182008_195101

    ComboFix Log

    Start Time= 18/02/2008 19:55:48.37

    QuickScan did not find any signs of infected files

    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2008-02-18 00:35:42 ( .D... ) "C:\Program Files\Trend Micro"
    2008-02-18 00:13:54 ( .D... ) "C:\Documents and Settings\Daniel\Application Data\PrevxCSI"
    2008-02-04 15:09:48 18214008 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
    2007-12-07 01:07:14 532480 ( A.... ) "C:\WINDOWS\system32\mstime.dll"
    2007-12-07 01:07:14 449024 ( A.... ) "C:\WINDOWS\system32\mshtmled.dll"
    2007-12-07 01:07:14 146432 ( A.... ) "C:\WINDOWS\system32\msrating.dll"
    2007-12-07 01:07:14 39424 ( A.... ) "C:\WINDOWS\system32\pngfilt.dll"
    2007-12-07 01:07:12 1054208 ( A.... ) "C:\WINDOWS\system32\danim.dll"
    2007-12-07 01:07:12 357888 ( A.... ) "C:\WINDOWS\system32\dxtmsft.dll"
    2007-12-07 01:07:12 251392 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"
    2007-12-07 01:07:12 205312 ( A.... ) "C:\WINDOWS\system32\dxtrans.dll"
    2007-12-07 01:07:12 151040 ( A.... ) "C:\WINDOWS\system32\cdfview.dll"
    2007-12-07 01:07:12 96256 ( A.... ) "C:\WINDOWS\system32\inseng.dll"
    2007-12-07 01:07:12 55808 ( A.... ) "C:\WINDOWS\system32\extmgr.dll"
    2007-12-07 01:07:12 16384 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
    2007-12-04 18:38:14 550912 ( A.... ) "C:\WINDOWS\system32\oleaut32.dll"


    ((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "LaunchApp"="Alaunch"
    "IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "AGRSMMSG"="AGRSMMSG.exe"
    "LtMoh"="C:\\Program Files\\ltmoh\\Ltmoh.exe"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "EPM-DM"="c:\\acer\\epm\\epm-dm.exe"
    "ePowerManagement"="C:\\Acer\\ePM\\ePM.exe boot"
    "LManager"="C:\\PROGRA~1\\LAUNCH~1\\LManager.EXE"
    "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
    "LXCFCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCFtime.dll,[emailprotected]"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "PnPUI Registrator"="C:\\Program Files\\Common Files\\Sitecom Shared\\PnP Universal Installer\\PnPUIReg.exe -s"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""


    Contents of the 'Scheduled Tasks' folder

    Completion time: 18/02/2008 19:58:17.92
    ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txtPlease delete Combofix and download it again from this link.

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Run a new scan and post that log.
    Discussion
    4006.

    Solve : Virus found and I don't know how to remove it!?

    Answer»

    My friend sent me a file on MSN and it turned out to have Trojan Horse SHeur.APSR and I think ntoskrnl.exe

    I can't remove these as I deleted the picture file I think. I use:

    AVG Free Antivirus
    Windows Defender
    Windows Firewall.

    Any help would be great thanks.Edit:

    It scanned but it says it's deleted. Is it well and truley gone?Post a Hijackthis LOG so we can see.Just one PROBLEM... Ths site I went to for HJT (Googled) isn't working. Can SOMEONE post a link?Here you go.Sorry I'm TAKING so long. Internet problems. I'm about to do it.
    Discussion
    4007.

    Solve : Do macs get Viruses or Spyware or Malware??

    Answer»

    Well i've heard in ads and my friends saying that Macs never get Viruses or Spyware or Malware because they're hasn't been one made yet.Macs aren't immune to viruses, but they are very rare.

    http://antivirus.about.com/od/macintoshresource/Macintosh_Viruses_and_Mac_Virus_Resources.htmany operating system is GOING to able to get spyware or malware provided somebody WRITES one and it gets into your system.

    it MIGHT be not to affect mac users that MUCH only because macs are USED by less people in comparison to windows but there are antivirus and malware software ffor all major os's so....
    Discussion
    4008.

    Solve : MalWareAlarm and others attacking my computer!!?

    Answer»

    Honestly I think uninstalling it and going with other free solutions is the best choice. SpySweeper is good but in my opinion not the best. An excellent free Firewall to go with is Comodo http://filehippo.com/download_comodo Be sure to install it with the advanced protection enabled.

    We still need to do some cleanup steps.



    Let's clear out the programs we've been using to clean up your computer, they are not SUITABLE for
    general malware removal and could cause damage if launched accidentally.

    Download OTMoveIt2 by OldTimer OTMoveIt2.exe and place it on your desktop. (unless you already have it installed)

    1. Double click OTMoveIt2.exe to launch it.
    2. Click on the CleanUp! button.
    3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
    4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
    5. Once complete exit out of OTMoveIt2

    This is a good time to clear your infected system restore points and establish a new clean restore point:

    • Go to Start > All Programs > Accessories > System Tools > System Restore
    • Select Create a restore point, and click Next.
    • Next, go to Start > Run and TYPE in cleanmgr
    • Select the More options tab
    • Next to System Restore click Clean up...
    This will remove all restore points except the new one you just created.

    Here are some great tools to help you keep from getting infected again.

    Spybot Search & Destroy - A safe and effective spyware scanner.
    * Official Spybot Tutorial
    * Spybot FAQ

    AVG Anti-Spyware Free Edition - Very reliable with a high detection rate.
    * AVG Anti-Spyware User Manual

    SpywareBlaster - Secure your Internet EXPLORER to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
    * SpywareBlaster Tutorial

    Comodo BOClean - Stops trojans and many more malicious attacks.

    Use a Firewall - It can not be stressed enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over.
    * Click here for a list of free firewalls.
    * Why would I consider a third party firewall?

    UPDATE!!! UPDATE!!! UPDATE!!! - If you do not have automatic updates enabled then visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer.
    * Help with Windows updates

    Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

    Let us know if anything else comes up.I followed your instructions, and I dont seem to be experiencing any more problems (thankfully)!!

    My only and last question is: Are all of the following compatible/ should I have them all on my computer:
    -SpyWare blaster
    -SpyBot search and destroy
    -Combo BOclean
    -Combo firewall
    -SuperAntiSpy free ed
    -AVG 7.5
    -Hijack this

    If they are all compatible, then I think I am all good to go!
    Again, I trully appreciate the help! THANK YOU THANK YOU THANK YOUThey are all compatible. Use the scanners every week or so to make sure nothing has crept in.

    Glad everything SEEMS to be OK now.

    Safe surfing..........
    Discussion
    4009.

    Solve : email from friend keeps sending?

    Answer»

    I have RECEIVED an email from a friend entitled "Awesome-Horse!!(you'll LOVE it). I opened the email and it is a video stream of a woman controlling the horse she is RIDING with no bridal..OK. Now...this email has arrived hundreds of times. The only way I can stop it is to put her email address in my spam folder. I did that for 24 hours...REINSTATED her and it all began again! Everyone she sent this to is experiencing the same problem. Is this a worm..virus? My computer is protected by Symantec. When I scan the computer it says there are no viruses. It seems that it wants to fill my mailbox so that I cannot receive mail. Any help or ideas would be APPRECIATED. This is a good friend and she is horrified...it has not happened to her...just the people she emailed. It was a forward. Thanks so much!The problem is on her end...suggest to her to contact her ISP....and suggest to her to scan her computer...
    Discussion
    4010.

    Solve : Virus that can change your system 32 item?

    Answer»

    Hi
    My computer is infected by some virus that I don't know, but this virus CHANGED some of my computer's system 32 item like kernel32.dll, user32.dll, shell32.dll, ntoskrnl.exe .Sometimes I can't use my keyboard or my monitor have no signal even if my computer is running. My friend has that virus and all of her drive C is changed.

    If I re-setup my windows, that virus can be deleted, but my usb and my ipod is infected too, and if I connect them to the computer, my computer is infected, so there is no point in re-setup my windows, RIGHT?

    Can you please help me remove this virus. By the way, do you know how to format the usb without making my computer infect by this virus again?

    I'm very grateful if you can help me.Thank you.For the iPod and any other USB devices.

    To remove this INFECTION, download & run this file.

    Download Flash_Disinfector.exe by sUBs and save it to your desktop:

    • Double-click Flash_Disinfector.exe to run it.
    • Your desktop and icons may disappear. This is normal.
    • Follow any prompts that may appear.
    • Wait until the program has finished scanning, then please exit the program.
      • The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
      [/LIST]
      • Please restart your computer.
      Running sUBs Flash Disinfector will target alot of auto run infections and create a hidden folder named autorun.inf on each partition and any USB drive you plug in, these dummy autorun.inf files will help protect your PC from reinfection because if the infected flash drive is then inserted, autorun looks for autorun.inf which would normally run the WORM but its then prevented by the dummy autorun.inf that is in place. If you have any USB drives please insert them when prompted when running the tool.

      ----------

      Then see this post to clean the PC of malware.Thank you so much for your help.I have some question to ask, that's about how to use flash_disinfection.

      Quote
      Double-click Flash_Disinfector.exe to run it.
      Your desktop and icons may disappear. This is normal.
      Follow any prompts that may appear.
      Wait until the program has finished scanning, then please exit the program.
      The tool may ask you to insert your flash drive, or other removable drives. Please do so and allow the tool to clean it up as well.
      Please restart your computer.

      Ok, so if I have 3 usbs which are infected, do I have to do all this 3 times or I have just do this 1 time and any usbs I PUT in after will be disinfected?

      Do I have to repeat all that anytime I put my usbs in?

      By the way, I've already re-setup my computer, that virus is not found when I run AVG 7.5 Free editor anymore. When I used flash_disinfection on my ipod which is infected before (it showed files that were changed when I run AVG ), then I scan my ipod with AVG, it shows nothing too. Does that mean that my ipod was not infected before or just because the program influenced the result of the test?.

      Thank you for your help.
      You will need to do it to any usb device that is infected.

      I don't know what to think of the results from AVG. If you think something is infected it won't hurt to run them through Flash Disinfector.Keep in mind those files listed are changed whenever an AVG scan is run...this is normal AVG behaviour.Quote from: patio on February 21, 2008, 10:18:35 AM
      Keep in mind those files listed are changed whenever an AVG scan is run...this is normal AVG behaviour.

      Good point Patio. AVG will report changes. As long as they aren't flagged as malicious then you are OK.Quote
      AVG will report changes. As long as they aren't flagged as malicious then you are OK.

      I'll keep that in mind, if I have any problem, I hope I can ask for your help.

      Quote
      You will need to do it to any usb device that is infected.

      Ok, 2 last questions, if I used flash_disinfection on my usb and removed it, the next time I put the same usb in, do I have to run flash_disinfection on that usb again?

      Did flash_disinfection just help us to access to our usb without infectting our PC or it can help us cure the infected usb too (you know, make that usb is free of all viruses). If it just help us to access to our usb without infectting our PC, can I copy some files from the usb to PC or paste some files from my PC to that usb for use? Did that make PC infected?

      My usb is infected by virus, if I format that usb, does that usb still be infected or it is cured?

      Thank your very much for your help.Flash disinfector will clean it...but as EF says make sure to run it on ALL USB devices.

      If you have copies of the files you need a format will clean a USB drive as well...

      Safe Computing !
      Discussion
      4011.

      Solve : blahblah is not a valid Win32 application?

      Answer» Do you have pets? One doggy
      How many hours a DAY do you spend on the computer? 30
      How many computers do you own? 3
      What is your favorite color? dark
      What kind of music do you like? classic rock
      What are your goals? LIVING to be 102
      Who are your heroes? any one that lives to 102
      What kind of sports are you into? sleeping
      Do you have any piercings? not by choice
      Left hand or right handed?r
      Any tattoo's?nein
      What is your favorite website? ?
      Playing any computer or console games if so which ones? none
      Married? y
      Have kids? y
      What languages do you speak?2 englic and klingon
      How many keys are on your keyring?to d--n many
      What is your favorite beverage?
      What is your hair color? ha ha ha


      I am having trouble accessing some programs. My anti-virus prog, My SpyBot Searech and Destroy and now another Anti Virus prog I just bought and downloaded. After installing and clicking finish I click the icon on the DT and get a message such and such program "is not a valid Win32 application My AV prog I had for 8 months just started doing this three days ago. Just tried EasyCleaner, no luck. Downloaded NoAware and ran it and it showed more crap and some Trojans and W32's , but I can't delete unless I but the registered prog for 49 bucks. Nortons on line virus scan did not show these Trojans or worms. Makes me skeptical of buying more. Some programs work and other don't. I tried System Restore not lick there either. I have been working on this for 2 days.

      Windows XP Home Ver 5.1 Ser Pack2
      C:\ProgramFiles\Spybot-SearchandDestroy\SpyBot.exe is not a valid Win32 application
      C:ProgramFiles\Avira\AntiVir\PersonalEdition Premium\avcernter.exe is not a valid Win32 application
      C:ProgramFiles\FRISK Software\F-PROT Antivirus for Windows\FPWin.exe is not a valid Win32 application

      Dell 4550 Dimention
      Pentium4 Intel
      2.53GHZ, 1.0GB Ram, 60GB HD



      Do you have Windows XP CD?Have you tried scanning in safe mode

      To get into the Windows 2000 / XP Safe mode, as the computer is booting press and hold your "F8 Key" which should BRING up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.

      Note: With some computers if you press and hold a key as the computer is booting you will get a stuck key message. If this occurs, instead of pressing and HOLDING the "F8 key", tap the "F8 key" continuously until you get the startup menu.

      Trouble Getting into Windows 2000 or Windows XP Safe mode - If after several attempts you are unable to get into Windows 2000 or Windows XP Safe Mode as the computer is booting into Windows, turn off your computer. When the computer is turned on the next time Windows should notice that the computer did not successfully boot and GIVE you the Safe Mode screen.
      Where are these programs coming from that won't run ? ?
      And as Broni asked do you have a XP CD ? ?
      Discussion
      4012.

      Solve : problem with AVG?

      Answer»

      I have Intel Pentium 4 computer with Intel processor 3.2 GHz with 512 DDR RAM. I am using Windows XP SP2 operating system. Recently I change the PRODUCT key of Windows OS from pirated to genuine one. But the problem after updating the product key is the antivirus AVG – free edition is giving message that “AVG is not able to recognize your license No.” It tells to either activate or reinstall. While doing so it is asking for license no. which I don’t have. So please help to solve this problem.You are going to need to work that out with AVG.

      http://forum.grisoft.cz/freeforum/Quick check, were you using the free version of AVG or did you buy a copy from them? If you were using the free version just uninstall, and install the new version. If you bought a copy the follow Evilfantasy's advice.Quote

      Recently I change the product key of Windows OS from pirated to genuine one.

      How exactly did you do this ? ?
      Did you re-install XP or contact MS ? ?i was using free version. i will try to reinstall it. i didn't installed XP just CHANGED the product key.You may also try using Revo to uninstall it to ensure everything is REMOVED. Then try a fresh install.

      Also, are you downloading it from AVG or another site? You may want to try another sites installer.

      www.filehippo.com

      Download Revo Uninstaller
      • GO in to Revo, right click what you want to uninstall and choose Uninstall.
      • Next choose Advanced Mode
      • This will launch the programs built in uninstaller and go through the normal uninstall process.
      • Once complete: In Revo Uninstaller click Next and Revo will scan the registry for leftovers.
        • This scan can take several seconds.
      • Once the results are shown look at each one to ensure they are all related to the program that was uninstalled.
      • Choose Select Allthen click Delete
      • Click Next and Revo will scan for any files or folders that were not removed.
      • If any files/folders are found choose Select all > Delete
      i unstalled AVG. downloaded latest free edition & it STARTED worling properly as usual. thanx all of u for ur great help.Strange, it must not have completely uninstalled before. Glad you got it working.
      Discussion
      4013.

      Solve : Some, not all, .exe files destroyed.?

      Answer» HI Broni and jagwinn.

      A few more tools to try that help repair and rebuild the windows shell and internet explorer.

      IEFix: http://www.majorgeeks.com/download4467.html

      Dial-a-fix: http://www.majorgeeks.com/download4899.htmlTuesday morning at 11:00.

      Just powered up the infected laptop.

      It is sitting with windows popping up (over 20 so far, one every 5 seconds) saying "It is time to die".

      Also in toolbar is an icon with a balloon saying to download a certain spyware program.

      I am GOING to delete all downloads I did last NIGHT on the flashdrive before I infect the other 3 computers in my lan system.

      I'll keep you updated as to what happens, but truly, it looks like I will have to go software shopping for a CD of Win2000 Pro.

      Over 100 warnings now.

      John At this point, I agree with you. You can GET Win 2K CD for $30-40...You will be quite happy with Win2K Pro.
      The most stable OS the Mothership ever released IMHO.

      P.S. There are 4 Service Packs for that OS...make SURE to grab them.
      Discussion
      4014.

      Solve : Anyone know what this means: http://home-admin.rr?

      Answer»

      This message has POPPED up in a window a few times on my computer. Is SOMEONE trying to BREAK into it?

      THANKS!Try Google.Could be malware.
      Do you have up to date antispyware/antivirus software installed?Its the RoadRunner setup page. MEANS you have RoadRunner as your cable internet provider and you installed their stupid software.But I don't have Roadrunner.

      Either way, that's what it is. If you could provide some more details about where/how you saw this maybe I could give you some more precise advice.
      Discussion
      4015.

      Solve : And does anyone know what this means: *nslookup ip*?

      Answer»

      This message popped up with the other one.

      Thanks.Nslookup is a tool used to query name SERVERS to FIND out what IP address is associated with a host name.
      I would need more information on what you mean by "popped up" to help further. Perhaps you could take a screenshot (Shitft + PrintScreen, then paste into Paint and save as .PNG) and attach it here so I could see what you are talking about?I don't have the original screen, sorry.

      I'm WONDERING if someone was trying to hack into my e-mail? Nslookup would have nothing to do with your email. How often does the screen APPEAR? did you only see it once? What did it LOOK like? what were you doing when it appeared?
      Discussion
      4016.

      Solve : TRYING TO CLEAN UP HARD DRIVE?

      Answer»

      Yeah, if you don't mind. I'd like to find out, if registry called for that file.
      I'm glad "the welcome file" is gone.Good Morning Broni,

      I hope you slept well. I have run the search, however, I can't figure out how to post the results.I slept well, THANK you.
      Lot of entries? More, then one page?
      Is startup pop-up still gone?Yes startup pop-up is still gone. There are a lot of entries. I made sure the back up before deletion was checked, but, where did it back up to?I didn't ask you to delete anything...Did you?
      If you did, open RegSeaker again, and click on Backups to restore whatever you deleted.I didn't delete anything. I have the sreen minimized. You asked me to post the search results. i can't figure out how to do that.If all search results fit into one page, you can post a screenshot.There are a total of 25 items that came up in the search. I don't know how to post a screenshot. Can you tell me how?Sure thing...One more thing to learn...Get free version of ScreenHunter: http://wisdom-soft.com/products/screenhunter.htm
      You should figure it out, how to use it...OK. I always liked gaining knowledge. While I'm doing that, can you tell me why I can't hear on you tube. I tried to watch the video from your post about windows 7 & vista. No sound. I do have divx, installed it last NIGHT, along with codecs installer & detector. That's where I got divx from. Maybe there's just to much junk on my computer and I don't know how to get to it, use it or get rid of what I don't need.

      The codec installer said I have 24 vidoe, 10 audio and 3 otherWhat browser? Actually divx has NOTHING to do here. Those videos play using Flash Player. Test it here: http://www.adobe.com/shockwave/welcome/I must really be computer un-savvy. I can't figure out how to get the image - I felt so good about taking a picture of- onto this screen.

      Give me some of your patience, because mine is RUNNING out.
      This is a screenshot from paid version, but, if I remember correctly, it's very similar in free version.


      [file cleanup - saving space - attachment deleted by admin]After pressing hot KEY, hold your mouse left button, and drag capture area to desired size. Release mouse button, when done.
      Discussion
      4017.

      Solve : Problems booting RM Window Box with xp pro?

      Answer»

      Hi All,

      I am trying to fix the computer of a local PRIMARY SCHOOL. When it's TURNED on it goes to the xp pro page and then on to a black page with a mouse cursor. I have tried starting in safe mode but get the same black page. I have a techi tool cd with loads of programs on, most i dont understand so stay clear of but i can run erd commander and get a DESKTOP type page open. Therefore I can access start up, my computer, regedit etc.. only thing is I'm not sure what to do in there! I cant get online with it yet as it says it cant find the network adapter and cant run another cd whilst the techi tool cd is in there so really NEED to know how to find and solve the problem manually. Can anyone advise me as to what I can do?

      Thank you for any help.

      Deb.
      Discussion
      4018.

      Solve : Windows Updates downloading and installing over and over??

      Answer»

      Ok, I would appreciate it SO much if someone would help me with this. EVERY time I shutdown my computer, I get this picture of the Windows Security SHIELD by the "Shut Down" button.

      My computer doesnt immediately shut down, it says installing download 1 out 2 or whatever and then eventually it shuts down. Then I reeboot and the same cycle happens over and over when I shut down my computer. Why arent my updates installing? Thats quite nervewracking.. This is not normal, possibly something MALICIOUS is blocking your downloads if it occurs daily.

      Go to windows update and do a full scan and see how many more you are missing.

      Download them.

      Then do the scans....and have a MS interpret them for you to be sure you don't have a nasty one.http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?querymode=express&mkt=en-gb&ln=en-us

      go to the above for download check , this has HAPPENED to me in the past , state what security your have on your PC , harryCouldn't it be like Malware if so then why not download Malwarebyets http://malwarebyets.org and do a scan and see if any malware is on your computer. Then remove it.
      Discussion
      4019.

      Solve : Spyblaster scan option??

      Answer»

      i've been using spybot for years but read somewhere that spyblaster someone how a better program so i installed it on my new laptop with Vista 64 Homr Premium Media edition.

      Spyblaster installed with no problems that i can tell but there is no active "SCAN" button as i see on thier WEBSITE. In fact the window doesn't look like window in their video. Does anyone know this product? If so how do i activate that scan window?It blocks INCOMING spyware and adware You don't scan with it. You just update it once a week or so and that's it. It adds known bad sites to your Hosts file so the bad content on them will be blocked.

      You did download this right? SpywareBlaster

      Also see here Using SpywareBlaster to protect your computer from Spyware and MalwareYep, this looks like the spyblaster that's on my computer. i'm not at that computer now but my recollection is that in the help file it has a link to a video which SHOWS a different window with a "scan" button similar to spybot which if i understand how that one works it's monitoring while on the internet and has a scan button also which removes cookies and temp files.

      i won't be back at that computer until Monday so i'll have to check it again at that time.Quote from: evilfantasy on March 23, 2009, 10:46:56 AM

      You don't scan with it. You just update it once a week or so and that's it. It adds known bad sites to your Hosts file so the bad content on them will be blocked.

      You did download this right? SpywareBlaster

      Also see here Using SpywareBlaster to protect your computer from Spyware and Malware

      Back at the computer i can see that it's the correct program installed. When i did a search to find a help page i cam up with this
      hxxp://www.spyblaster.com/ which is a different program.
      They say it's only marketing....right!See here http://www.mywot.com/en/scorecard/spyblaster.com
      Discussion
      4020.

      Solve : desktop background locked?

      Answer»

      Superanti-spyware log
      RAntiSpyware SCAN Log
      http://www.superantispyware.com

      Generated 04/04/2009 at 07:39 PM

      Application Version : 4.26.1000

      Core RULES Database Version : 3816
      Trace Rules Database Version: 1770

      Scan type : Complete Scan
      Total Scan Time : 02:02:37

      Memory items SCANNED : 425
      Memory threats detected : 0
      Registry items scanned : 3552
      Registry threats detected : 46
      File items scanned : 116527
      File threats detected : 247

      Adware.HotBar/ShopperReports (Low RISK)
      HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

      Adware.Zango/ShoppingReport
      HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
      HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}
      HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}
      HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0
      HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0
      HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\0\win32
      HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\FLAGS
      HKCR\TypeLib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2}\1.0\HELPDIR
      HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}
      HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0
      HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0
      HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\0\win32
      HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\FLAGS
      HKCR\TypeLib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF}\1.0\HELPDIR
      HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}
      HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid
      HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\ProxyStubClsid32
      HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib
      HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB}\TypeLib#Version
      HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
      HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid
      HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\ProxyStubClsid32
      HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib
      HKCR\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}\TypeLib#Version
      HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}
      HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid
      HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\ProxyStubClsid32
      HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib
      HKCR\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082}\TypeLib#Version
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Default Visible
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ButtonText
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#HotIcon
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#Icon
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#CLSID
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2}#ClsidExtension
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Default Visible
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ButtonText
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#HotIcon
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#Icon
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#CLSID
      HKLM\Software\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3}#ClsidExtension
      D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\Config.xml
      D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\db\Aliases.dbs
      D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\db\Sites.dbs
      D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\db
      D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
      D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\dwld
      D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\report\aggr_storage.xml
      D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\report\send_storage.xml
      D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\report
      D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
      D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs\res2
      D:\Documents and Settings\engineering\Application Data\ShoppingReport\cs
      D:\Documents and Settings\engineering\Application Data\ShoppingReport

      Adware.Tracking Cookie
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected]_6w7r[2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][5].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected]ncolncountynews[2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][3].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected]_9c9l[1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected]k[2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][3].txt
      D:\Documents and Settings\engineering\Cookies\[emailprotected][4].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][2].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\engineering\Local Settings\Temp\Cookies\[emailprotected][1].txt
      D:\Documents and Settings\maximo 19\Cookies\maximo [emailprotected][2].txt
      D:\Documents and Settings\maximo 19\Cookies\maximo [emailprotected][1].txt
      D:\Documents and Settings\maximo 19\Cookies\maximo [emailprotected][1].txt
      D:\Documents and Settings\maximo 19\Cookies\maximo [emailprotected][2].txt
      D:\Documents and Settings\maximo 19\Cookies\maximo [emailprotected][1].txt
      D:\Documents and Settings\maximo 19\Cookies\maximo [emailprotected][1].txt
      D:\Documents and Settings\maximo 19\Cookies\maximo [emailprotected][1].txt
      D:\Documents and Settings\maximo 19\Cookies\maximo [emailprotected][1].txt
      D:\Documents and Settings\maximo 19\Cookies\maximo [emailprotected][2].txt
      D:\Documents and Settings\maximo 19\Cookies\maximo [emailprotected][1].txt
      D:\Documents and Settings\maximo 19\Cookies\maximo [emailprotected][2].txt

      Malware.SpyShredder
      HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\SpyShredder
      HKU\S-1-5-21-1715567821-746137067-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#SpyShredder [ C:\Program Files\SpyShredder\SpyShredder.exe ]
      D:\Documents and Settings\engineering\Start Menu\Programs\SpyShredder\SpyShredder.lnk
      D:\Documents and Settings\engineering\Start Menu\Programs\SpyShredder\Uninstall.lnk
      D:\Documents and Settings\engineering\Start Menu\Programs\SpyShredder

      Trojan.WinAntiSpyware/WinAntiVirus 2006
      D:\DOCUMENTS AND SETTINGS\ENGINEERING\LOCAL SETTINGS\TEMP\NI.UWAS6_0001_N85M1306\SETUP.EXE
      D:\DOCUMENTS AND SETTINGS\ENGINEERING\LOCAL SETTINGS\TEMP\WINANTISPYWARE2006SETUP.EXE
      Discussion
      4021.

      Solve : tr/agent.byvg trojan please help?

      Answer»

      I have an Amd athlon(tm) xp2400+ 2.00ghz, 896mb of ram with xp home EDITION version 2002 sp 3. My AVP free edition pops up a virus as soon as i start up my comp. It says C:/windows/fonrsjm.dll is the Tr/agent.byvg trojn...after i click deny access windows immediatly says error loading c:/windows/fonrsjm.dll Access is denied. and the process continues until i disable avp...Internet explorer 8 is the only thing i have downloaded recently and i got it from microsoft.com
      here is my HjT log
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 5:41:51 PM, on 4/4/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\Program Files\WEBROOT\WebrootSecurity\WRConsumerService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\wltrysvc.exe
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Dynex G Desktop Card Adapter\DynexWCUI.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.net/toolbar2.0/search/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
      O4 - HKLM\..\RUN: [byte tool tons mail] C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool\pop bows.exe
      O4 - HKLM\..\Run: [adobe reader speed launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [Ocigepasuleboduy] rundll32.exe "C:\WINDOWS\odirupoh.dll",e
      O4 - HKCU\..\Run: [jsf8j34rgfght] C:\DOCUME~1\Chad\LOCALS~1\Temp\winloggn.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKLM\..\Policies\Explorer\Run: [kV1vXEXpFY] C:\Documents and Settings\All Users\Application Data\bybifgzi\jstcvwjg.exe
      O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl CLASS) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230333014462
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
      O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (antivirscheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (antivirservice) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
      O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

      --
      End of file - 6661 bytes

      i have also attached a current Malwarebytes log

      [attachment deleted by admin]
      Discussion
      4022.

      Solve : Kaspersky on-line scan?

      Answer»

      I'm trying to run a scan on my Toshiba LAPTOP running Vista Home basic. I opened the browser as Administrator, disabled my AV CLICK on scan on the Kaspersky site and my computer HANGS. CPU usage is only around 5%, I can open other programs but I have to use Task Manager to close the link. I've waited QUITE a while for it to scan my computer configuration but the accept button is grayed out. Any ideas?I tried it on my DESKTOP computer a few months ago, and it never completed. That's not much help. I'm just stating that I had a simiar experience.
      Discussion
      4023.

      Solve : HijackThis Log - Please help!?

      Answer»

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 03:06, on 2009-04-04
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
      C:\Program Files\SpywareDetector\SDMainService.exe
      C:\Program Files\SpywareDetector\SDService.exe
      C:\WINDOWS\system32\slserv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\SpiralFrog\Spiralfrog.exe
      C:\Program Files\SpywareDetector\SDActiveMonitor.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Program Files\MESSENGER\msmsgs.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101676&l=dis
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\2.bin\A2SRCHAS.DLL
      O1 - HOSTS: 82.98.231.89 browser-security.microsoft.com
      O1 - Hosts: 82.98.231.89 best-click-scanner.info
      O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
      O1 - Hosts: 82.98.231.89 microsoft.infosecuritycenter.com
      O1 - Hosts: 82.98.231.89 microsoft.softwaresecurityhelp.com
      O1 - Hosts: 82.98.231.89 onlinenotifyq.net
      O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
      O1 - Hosts: 82.98.231.89 microsoft.browser-security-center.com
      O2 - BHO: (no name) - rsion - (no file)
      O2 - BHO: (no name) - {af632abb-0d6b-46d3-bc23-61378734e588} - C:\WINDOWS\system32\yavafike.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SpiralFrog] C:\Program Files\SpiralFrog\Spiralfrog.exe
      O4 - HKLM\..\Run: [SDActiveMonitor] C:\Program Files\SpywareDetector\SDActiveMonitor.exe -AUTO
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [DVDtoiPodConverter_upgrade] "C:\Program Files\E-Zsoft\DVDtoiPodConverter\DVDtoiPodConverter.exe" /upgrade
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [Wgipugu] rundll32.exe "C:\WINDOWS\udusafuza.dll",e
      O4 - HKLM\..\Run: [CPMe72650fc] Rundll32.exe "c:\windows\system32\wavovozi.dll",a
      O4 - HKLM\..\Run: [e4156360] rundll32.exe "C:\WINDOWS\system32\nimuhoke.dll",B
      O4 - HKLM\..\Run: [niguwufosa] Rundll32.exe "C:\WINDOWS\system32\kokemabo.dll",s
      O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
      O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent
      O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
      O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Tom\LOCALS~1\Temp\3207210426.exe
      O4 - HKUS\S-1-5-19\..\Run: [niguwufosa] Rundll32.exe "C:\WINDOWS\system32\kokemabo.dll",s (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [niguwufosa] Rundll32.exe "C:\WINDOWS\system32\kokemabo.dll",s (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: HP Photosmart Premier FAST Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab50997.cab
      O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O20 - AppInit_DLLs: c:\windows\system32\wavovozi.dll,C:\WINDOWS\system32\lijuhidi.dll
      O21 - SSODL: WPDShServiceObj - b{aaa288ba-9a4c-45b0-95d7-94d524869db5} - (no file)
      O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wavovozi.dll
      O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wavovozi.dll
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Google Software UPDATER (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: SDMainSvc - Max Secure Software - C:\Program Files\SpywareDetector\SDMainService.exe
      O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe
      O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

      --
      End of file - 12472 bytes







      I'm all messed up... fake anti-spyware, random pop-ups and my computer is like 100% slower than usual. Please help me!
      Discussion
      4024.

      Solve : File/Folder opening issues.?

      Answer»

      I have an extremely odd and frustrating problem on my laptop. Whenever I try to open ANY file or folder (My computer, saved documents, control panel..) all I get is a white screen. I'm fairly certain that it is either a software or more likely a virus that has infected my computer. I recently got Norton Internet security, hoping that that WOULD solve the problem, but after a scan that took two days (for 405k files, about four times longer than it should take) it found NOTHING but a tracking cookie.

      Is there a definitive answer whether it is or isn't a virus? What should i do if it is, and if it isn't? I would simply buy spy sweeper and find out for myself, but money has been very tight lately, and cost effective solutions would be most appreciated. We are very cost effective. EVERYTHING we use is free

      Download Malwarebytes' Anti-Malware (MBAM)

      • Double-click mbam-setup.exe and follow the prompts to install the program.
      • At the end, be sure a checkmark is placed next to the following:
        • Update Malwarebytes' Anti-Malware
        • Launch Malwarebytes' Anti-Malware
        • Then click Finish.
        • If an update is found, it will download and install the latest version.
        • Once the program has LOADED, select Perform quick scan, then click Scan.
        • When the scan is complete, click OK, then Show Results to view the results.
        • Be sure that everything is checked, and click Remove Selected.
        • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
        • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
        • Copy and Paste the entire report in your next reply.
        .
        Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

        ----------

        Download TrendMicro HijackThis.exe (HJT) to the Desktop.

        • Double-click on HJTInstall.
        • Click on the Install button.
        • It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
        • Upon install, HijackThis should open for you.
        • Click on the Do a system scan and save a log file button
        • HijackThis will scan and then a log will open in notepad.
        • Copy and then paste the entire contents of the log in your post.
        • Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.
        .
        Post the MBAM and HJT logs in the next reply.Here is the report for malwarebytes:Malwarebytes' Anti-Malware 1.35
        Database version: 1939
        Windows 6.0.6001 Service Pack 1

        4/3/2009 9:43:56 PM
        mbam-log-2009-04-03 (21-43-56).txt

        Scan type: Quick Scan
        Objects scanned: 66664
        Time elapsed: 35 minute(s), 33 second(s)

        Memory Processes Infected: 2
        Memory Modules Infected: 5
        Registry Keys Infected: 142
        Registry Values Infected: 10
        Registry Data Items Infected: 0
        Folders Infected: 13
        Files Infected: 67

        Memory Processes Infected:
        C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWeb) -> Unloaded process successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWeb) -> Unloaded process successfully.

        Memory Modules Infected:
        C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWeb) -> Delete on reboot.
        C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
        C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Delete on reboot.
        C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWeb) -> Delete on reboot.
        C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot.

        Registry Keys Infected:
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mywebsearchservice (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\TypeLib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\TypeLib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\TypeLib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\TypeLib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\TypeLib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\TypeLib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\TypeLib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\TypeLib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\TypeLib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Fun WEB Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

        Registry Values Infected:
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\my web search bar search scope monitor (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch email plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mywebsearch plugin (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWeb) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Delete on reboot.
        C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Delete on reboot.
        C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Delete on reboot.
        C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

        Files Infected:
        C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWeb) -> Delete on reboot.
        C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
        C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
        C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWeb) -> Delete on reboot.
        C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Delete on reboot.
        C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWeb) -> Delete on reboot.
        C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWeb) -> Delete on reboot.
        C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Delete on reboot.
        C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
        Here is the Report for HiJack This:
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 10:00:19 PM, on 4/3/2009
        Platform: Windows Vista SP1 (WinNT 6.00.1905)
        MSIE: Internet Explorer v7.00 (7.00.6001.18000)
        Boot mode: Normal

        Running processes:
        C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
        C:\Windows\system32\taskeng.exe
        C:\Windows\system32\Dwm.exe
        C:\Windows\Explorer.EXE
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Windows\System32\igfxtray.exe
        C:\Windows\System32\hkcmd.exe
        C:\Windows\System32\igfxpers.exe
        C:\Windows\system32\igfxsrvc.exe
        C:\Program Files\HP\QuickPlay\QPService.exe
        C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
        C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
        C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
        C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
        C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
        C:\Windows\System32\wpcumi.exe
        C:\Program Files\Windows Sidebar\sidebar.exe
        C:\Program Files\Windows Live\Messenger\msnmsgr.exe
        C:\Program Files\Ares\Ares.exe
        C:\Program Files\Steam\steam.exe
        C:\Program Files\Windows Media Player\wmpnscfg.exe
        C:\Users\Dylan\Documents\My Games\Game Cube\Emulator\bin\TSVNCache.exe
        C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
        C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
        C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Windows\system32\SearchFilterHost.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.knightstar.net
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        O1 - Hosts: ::1 localhost
        O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
        O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
        O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
        O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
        O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
        O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
        O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
        O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
        O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
        O4 - HKLM\..\Run: [Adobe Reader SPEED Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
        O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
        O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
        O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
        O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
        O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
        O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
        O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
        O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
        O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
        O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
        O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
        O13 - Gopher Prefix:
        O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
        O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
        O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
        O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
        O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
        O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
        O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
        O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
        O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
        O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
        O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

        --
        End of file - 9105 bytes
        Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

        Link #1
        Link #2

        **Note: It is important that it is saved directly to your Desktop

        Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

        Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

        Double click combofix.exe & follow the prompts.
        When finished ComboFix will produce a log for you.
        Post the ComboFix log in your next reply.

        Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

        Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

        If you have problems with ComboFix usage, see How to use ComboFix
        I'm having trouble doing anything with ComboFix after i download the setup for it. A bar with the logo over it appears when i try to open it, which goes up until it's about 95%, but the stops and the bar disappears. But, the problem with opening/viewing files does seem to be fixed. Rename ComboFix to Combo-Fix and try running it again.
        Discussion
        4025.

        Solve : Wireless Network Connection Weirdness?

        Answer»

        Hey everyone.

        This past week, I have noticed a weird change with my internet.

        Ya know those 2 icons at the bottom right of your screen , in your toolbar?

        The wireless icon and the direct Local Area Connection.

        Well for some REASON, when I'm doing work or whatever the case may be, including just being on msn, my wireless icon dissappears from my toolbar, and from my Network Connections [in my control panel] and the internet STOPS working completely.

        This only happens for the wireless, and it happens randomly. The only way to get my internet back, is to restart my computer.

        I am hoping that this is not a virus, but I'm coming to you guys for help. Any idea as to why this happens / what I can do?

        Thanks in advance.

        p.s [I have ran a scan with Avira, Malware Bytes Anti Malware, and SuperAntispyware, and they all came up clean]When this happens again you need to go network connections and show all connections. (Windos XP) When the wireless fails you will have a LAN icon that gets a red X on it. his means the hardware is still there and it reports a broken connection. If your stuff has auto-enable it will fix itself.
        Devices that use 802.11 are all subject to interference from other devices. You may want to do a scan for other wireless APs and note what signal strength they have wand channel number they are using. You would prefer to use chan 1, 6 or 11 if possible in your area. Or try to stay two channels away from anybody. And you might consider adjusting your antenna to reject interference.Hmm , I'm completely lost.

        Whats CABINET connections? and how do i scan for that AP thing you were talking about?This happens for numerous reasons. It can be caused from RFI interference, the biggest culpret is cordless telephones, but it can be caused from a broad range of things including garage door openers to thermostats to touch lamps. I would suggest changing the channel on your wireless router to something else a few gigahertz from your cordless phone if you have ONE. In any event I would do it anyway to see if it corrects the problem. It has worked for me and many others.

        Good Luck,

        EdOhhhh I seeee.

        How do you know what channel your router and wireless home phone are at?
        Try your wireless routers configuration page first its easier. If that does'nt help try the following:

        1. Open a web browser (such as Internet Explorer, Netscape, FireFox)
        2. When the browser opens, go to the "Address" bar and input the IP address of the Wireless Router (The default IP Address is 192.168.1.1).
        3. A "User Name" and "Password" prompt will appear, leave the "User Name" field blank and input the Wireless Routers password (The default password of a Linksys Router is admin) into the "Password" field.
        4. After the "Setup" Page loads, click on the Wireless tab.
        Good Luck Again

        Aloha Nui,

        Ed
        Discussion
        4026.

        Solve : Folding at home virus??

        Answer»

        This is weird. AVAST came up with this thing 5 times and counting. And usually when I get false positives its just WIN32 generic. This one is different.



        Folding at home is also saying error starting the work core and now its saying its GOING to sleep because there have been 5 consecutive cores executed which all failed to start a work unit

        I restarted it and it is still telling me there is a virus. It also wont start again. It seems to only GIVE me the virus thing every time it downloads new files. I pressed no action

        Is this a real trojan or not? What should I do?reinstall it?Strange... my computer restarted and its working. It restarted by itself though. But, is that a real virus?http://foldingforum.org/viewtopic.php?f=4&t=1343Ok so I GUESS its not
        Discussion
        4027.

        Solve : extra iexplorer?

        Answer»

        Ran the uninstaller and went to delete NORTON from add/remove and it will not let me delete it without disc. Have not run the killall yet nor the combofix is this correct?
        Go ahead with the rest of the steps.OK thanksHere"s the log

        [attachment deleted by admin]

          • CLICK START then RUN
          • Now type Combofix /u in the runbox
          • Make sure there's a space between Combofix and /u
          • Then hit ENTER.
          • The above procedure will:
          • Delete the FOLLOWING:
          • ComboFix and its associated files and folders.
          • Reset the clock settings.
          • Hide file extensions, if required.
          • Hide System/Hidden files, if required.
          • Set a new, clean Restore Point.
          .
          ----------

          How is the computer running now?
        Its running great!! Thanks for all your time and knowledge, I hope you have a great weekend.
        You da man!!!!!!!!!!!!!Use the Secunia Software Inspector to check for out of date software.
        • Click Start Now
        • Check the box next to Enable thorough system inspection.
        • Click Start
        • Allow the scan to finish and scroll down to see if any updates are needed.
        • Update anything listed.
        .
        ----------

        Go to Microsoft Windows Update and get all critical updates.

        ----------

        I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a RISKY website. It's easy and it's free.

        SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
        * Using SpywareBlaster to protect your computer from Spyware and Malware
        * If you don't know what ActiveX controls are, see here

        Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

        Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
        Discussion
        4028.

        Solve : svchost.exe memory read 0x7564d27e?

        Answer»

        Hello I have a problem with my computer.... here is the log file from hijackthis.

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 1:09:32 PM, on 4/3/2009
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: INTERNET Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
        c:\Program Files\Common Files\LightScribe\LSSrvc.exe
        C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
        C:\Program Files\Network Associates\VirusScan\Mcshield.exe
        C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
        C:\HP\KBD\KBD.EXE
        C:\windows\system\hpsysdrv.exe
        C:\WINDOWS\system32\hphmon06.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\ALCWZRD.EXE
        C:\WINDOWS\ALCMTR.EXE
        C:\WINDOWS\AGRSMMSG.exe
        C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
        C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
        C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Portrait Displays\HP My DISPLAY\DTHtml.exe
        C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Cosmi\HelpExpress\HXDL.EXE
        C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        C:\Program Files\ArcSoft\Software Suite\TotalMedia Backup & Record\uBBMonitor.exe
        C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
        C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
        C:\WINDOWS\system32\HPZipm12.exe
        C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS07
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
        R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
        O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
        O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
        O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\8969KFMN\WinAntiVirusPro2006FreeInstall[1].exe" -nag
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
        O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
        O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
        O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
        O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
        O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
        O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
        O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
        O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
        O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
        O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
        O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
        O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder
        O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [HXDL.EXE] C:\Program Files\Cosmi\HelpExpress\HXDL.EXE -from="HXIUL.EXE" -to="HXIUL.EXE" -run
        O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O4 - Global Startup: TotalMedia Backup & Record Monitor.lnk = C:\Program Files\ArcSoft\Software Suite\TotalMedia Backup & Record\uBBMonitor.exe
        O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
        O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
        O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
        O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
        O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
        O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
        O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
        O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://sslvpn.tmhs.org/CACHE/stc/1/binaries/vpnweb.cab
        O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://myhrweb.tmhs.com/dana-cached/setup/JuniperSetupSP1.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{4324323B-57FC-4E7E-A1E1-3E4B2967270B}: NameServer = 85.255.112.209,85.255.112.191
        O17 - HKLM\System\CCS\Services\Tcpip\..\{DB4CC985-E4F8-4D71-AD83-240C80841E67}: NameServer = 85.255.112.209,85.255.112.191
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.209,85.255.112.191
        O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
        O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
        O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
        O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
        O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

        --
        END of file - 10058 bytes
        I ran Ad-Aware and now I'm getting these errors after fixing all that CAME up:
        svchost.exe 0x7c911800 in 0000008
        svchost.exe 0x75606c6a in 0000000
        svchost.exe 0x76f6122f in 0000000OK, so far so good!!!! I guess McAffee isn't as good as ppl say it is. I used Avast and it fixed everything so far.
        Discussion
        4029.

        Solve : Do you see anything odd here??

        Answer»

        I have a Toshiba Satellite LAPTOP with Vista. Yesterday I started having a few problems here and there. Mainly freezing pages and programs not responding. I ran Norton and Malwarebytes and they didn't find anything. I just want to make sure if something is going on that I catch it early. This laptop is only 2 months old. Here's my log:

        Running processes:
        C:\Windows\system32\Dwm.exe
        C:\Windows\Explorer.EXE
        C:\Windows\system32\taskeng.exe
        C:\Windows\System32\igfxtray.exe
        C:\Windows\System32\hkcmd.exe
        C:\Windows\System32\igfxpers.exe
        C:\Windows\RtHDVCpl.exe
        C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
        C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
        C:\Program Files\Toshiba\SmoothView\SmoothView.exe
        C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
        C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
        C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
        C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
        C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
        C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
        C:\Windows\system32\igfxsrvc.exe
        C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Windows Media Player\wmpnscfg.exe
        C:\Windows\System\w98eject.exe
        C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
        C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
        C:\Program Files\Internet Explorer\ieuser.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
        C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
        C:\Windows\system32\Macromed\Flash\FlashUtil10b.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
        O1 - Hosts: ::1 localhost
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
        O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
        O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
        O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
        O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
        O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
        O4 - HKLM\..\Run: [PERSISTENCE] C:\Windows\system32\igfxpers.exe
        O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
        O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
        O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
        O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
        O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
        O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
        O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
        O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
        O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
        O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
        O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
        O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
        O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
        O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
        O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
        O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
        O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
        O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
        O4 - Global Startup: w98Eject.lnk = ?
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O13 - Gopher Prefix:
        O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Yahtzee/Images/stg_drm.ocx
        O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - https://mygp.gp.com/includes/,DanaInfo=ess.srv.gapac.com,SSL+ScriptX.cab
        O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://download-games.pogo.com/online2/pogo/luxor_2/mjolauncher.cab
        O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Yahtzee/Images/armhelper.ocx
        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
        O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://mygp.gp.com/dana-cached/sc/JuniperSetupClient.cab
        O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
        O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
        O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
        O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
        O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
        O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
        O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
        O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
        O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
        O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
        O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
        O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
        O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
        O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
        O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
        O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
        O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
        O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

        --
        End of file - 9989 bytes
        Say, sounds like you have a similar laptop to mine- mines a Satellite L300.


        I don't think you're infected, but a few things caught my eye. Can't say wether they are malicious though:

        C:\Windows\System\w98eject.exe

        My guess is, assuming it isn't malware, this might have been installed by a driver for a USB flash disk or something along those lines.


        It doesn't help but when I got my laptop I was disgusted with the performance so I reformatted and installed my Vista Ultimate; My suggestion for a speed up would be to visit Add/Remove Programs and features and try to determine which programs you really need, since they are taking up valuable,(if not PLENTIFUL) resources.

        For example, I would remove all of Norton, mainly because it's less efficient at detecting and removing viruses and because it's a huge resource hog. you can get equal, if not better. protection from a free offering such as Avast!,Avira or AVG.

        Another idea is the Toshiba software that comes preinstalled. Personally, I removed ALL of it, except for the Synaptics touchpad software.


        A good METHOD would be to remove items one by one, and if you realize you used it's features, you can reinstall it by downloading a new copy from the Toshiba web-site.

        Again, it only appears to me that you aren't infected; just feeling the strain of the bloatware manufacturers feel you want.
        Thanks! I'm hoping it's not infected. Just want to be sure so it doesn't get worse.
        Discussion
        4030.

        Solve : Is this a good download for cleaning registry??

        Answer»

        I was directed to this website (below) from ANOTHER response from in here. ( cant find it now though).
        So I wanted to know if this is a good thing to put on my computer or just a load of crap?

        http://www.pctools.com/registry-mechanic/?utm_source=majorgeeks&utm_medium=textlink&utm_content=us&utm_campaign=rm
        Thank you for looking. ImnoGuru Registry cleaners are a myth and we don't recommend their use here. It isn't ONE of them that is a scam but there is always great risk when using one and there are free solutions like the one built into CCleaner. Just stick with that and save yourself and your computer from CRASHING.

        Read here: Myth #1: Registry Cleaners

        You might not be familiar with Bill Castner but he is a very respected computer 'guru' and many people look up to his contributions to online help forums.Thanks evilfantasy for your reply.
        Ive found that many a time when looking for drivers as well.
        Redirected to DOWNLOAD this special thing that for only a once only fee of $xxx payable by credit card........ and so it GOES on.
        ImnoGuru
        Discussion
        4031.

        Solve : Google and Yahoo Search Results gone?

        Answer»

        Two days ago, while trying to search for things on Google and Yahoo, I noticed every link I clicked on led me to an advertising site (lots of free prescription drugs! ) The search results page on Yahoo also looked different (the search bar was cut in half) and also lead me to false sites.
        Today, whenever I search on Yahoo or Google, I am redirected to a blank page with long scroll bars on both the right side and bottom. I have tried other search engines with the same result! I am able to visit any web page through typing it into the address bar, but god FORBID I try to Google search something.

        I ran Spybot (no help) and deleted the program. I installed a year of McAfee and although it deleted some malicious trojans, I still have the same problem. Below is my hijack log:

        [attachment deleted by admin]Disable Spybot's TeaTimer

        While TeaTimer is an excellent tool for the prevention of spyware, it can also interfere with HijackThis fixes. Please disable TeaTimer for now until you are clean.

        1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D RESIDENT
        2. Run Spybot S&D
        3. Go to the Mode menu, and make sure Advanced Mode is selected.
        4. On the left hand side, choose Tools > Resident
        uncheck Resident TeaTimer and OK any prompt and Restart your computer.

        Note:         If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

        If TeaTimer will not turn off then uninstall Spybot until we are done cleaning.

        ----------

        Open HijackThis and select Do a system scan only.

        Place a check mark next to the following entries: (if there)

        • F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
        • O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
        • O1 - Hosts: 195.245.119.131 spyware-protector-2009.com
        • O1 - Hosts: 195.245.119.131 www .spyware-protector-2009.com
        • O1 - Hosts: 195.245.119.131 secure.spyware-protector-2009.com
        • O1 - Hosts: 195.245.119.131 knocker
        • O2 - BHO: (no name) - {FF67D7AF-D56B-40A8-8181-C0E26D8ECF61} - c:\windows\system32\hysyfso.dll
        • O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
        • O20 - Winlogon Notify: wghaoazz - C:\WINDOWS\SYSTEM32\hysyfso.dll
        .
        Important: Close all windows except for HijackThis and then click Fix checked.

        Exit HijackThis.

        ----------

        Download Malwarebytes' Anti-Malware (MBAM)

        • Double-click mbam-setup.exe and follow the prompts to install the program.
        • At the end, be sure a checkmark is placed next to the following:
          • Update Malwarebytes' Anti-Malware
          • Launch Malwarebytes' Anti-Malware
          • Then click Finish.
          • If an update is found, it will download and install the latest version.
          • Once the program has loaded, select Perform quick scan, then click Scan.
          • When the scan is complete, click OK, then Show Results to view the results.
          • Be sure that everything is checked, and click Remove Selected.
          • When disinfection is completed, a log will open in NOTEPAD and you may be prompted to Restart.(See Extra Note)
          • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
          • Copy and Paste the entire REPORT in your next reply.
          .
          Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

          ----------

          Download GooredFix from one of the locations below and save it to your Desktop.

          Link #1
          Link #2

          * Double-click GooredFix.exe to run it.
          * Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
          * A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

          Note: Do not run Option #2 yet.

          ----------

          Next post please add the MBAM and GooredFix logs.After fixing what you said from Hijack, I went back to do a Yahoo search and now receive search results, though they are same bad links from a few days ago.

          I have tried three times to run MBAM but it will not load. It took several tries to download it, but when I try to open it from the desktop, nothing happens.

          Here is my Goored Log:

          GooredFix v1.92 by jpshortstuff
          Log created at 18:07 on 02/04/2009 running Option #1 (Valued Customer)
          Firefox version 3.0.8 (en-US)

          =====Suspect Goored Entries=====

          =====Dumping Registry Values=====

          [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
          "Plugins"="C:\Program Files\Mozilla Firefox\plugins"

          [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
          "Components"="C:\Program Files\Mozilla Firefox\components"

          [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
          "[emailprotected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

          [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
          "{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"Before you begin the SDFix instructions you should copy these instructions in a Notepad file and save them to your desktop or print them for easy reference. Much of SDFix will be done in Safe mode and you will be unable to access this web page after booting into Safe mode.

          Download SDFix by AndyManchesta and save it to your desktop.

          When using this tool, you must use the Administrator's account or an account with Administrative rights

          * Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
          * A window will now open showing SDFix being extracted into the C:\SDFix folder.
          * Once the installation program has finished extracting SDFix, it will open a Notepad with further instructions.
          * DO NOT use it just yet.

          Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

          When your computer has started in safe mode, and you see the desktop, close all open Windows.

          * Click on the Start button, click on the Run menu option, and type the following text from the Code Box into the Open: field then click the OK button.

          Code: [Select]C:\SDFix\RunThis.bat
          * SDFix window will open containing some brief info and a disclaimer on the use of the tool.
          * Type Y on your keyboard and then press Enter to begin the cleanup process.
          * It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
          * Press any Key and it will restart the PC.
          * When the PC restarts, the Fixtool will run again and complete the REMOVAL process then display Finished, press any key to end the script and load your desktop icons.
          * Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
          * Copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log (from normal boot mode).
          Oh boy.

          I began to run the program in safe mode. I left the room and when I came back it was back to the black screen with 'safe mode' in all four corners. It sat this way without any action for some time, tried cntrl-alt-del but to no avail. I rebooted the computer to try the program again, but when I clicked f8, I get a black screen saying "NTLDR is missing. Press cntrl-alt-del to restart."

          I've pressed ctrl-alt-del, but it went right back to this screen.

          What on earth do I do now Will it restart in Normal Mode?When the computer starts up, it shows the same message. It shows the "Dell" page for a second, with F2=Setup and F12= Boot Menu in the upper right corner. What all besides the mouse and keyboard is plugged into the computer by USB?

          Try unplugging everything but the mouse and keyboard and see if it starts up normally.I have a laptop and all that is plugged in is the power cord. Can you get back to the safe mode options by tapping F8 during startup?Nope, it goes right back to the black screen.Can you burn a disk with the other computer?

          Avira AntiVir Rescue System

          * Download the Avira AntiVir Rescue System
          * Place a blank CD in your burner and double-click on the downloaded file.
          * The program will automatically burn the CD for you.
          * Place the burned CD into the affected computer and start the computer with the CD in the CD tray.
          * On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.
          * Click on the Configuration button.

          - Select Scan all files
          - Select Try to repair infected files and Rename files, if they cannot be removed
          - Select Scan for dialers
          - Select Scan for joke programs (Jokes)
          - Select Scan for games
          - Select Scan for spyware (SPR)

          * Click on Virus scanner
          * Click on Start scanner at the bottom of the screen

          Currently the program does not support saving a log. Please write down the list of items for Records, Suspect files, and Warnings then post them back here.Apparently none of my CD's are writable, so it's off to the computer store tomorrow. Do you have your Windows XP CD? If so start the computer with it in the disk drive and attempt a Repair Install http://www.michaelstevenstech.com/XPrepairinstall.htm#RI
          Discussion
          4032.

          Solve : Warning: Virus Season?

          Answer»

          It's what different companies call it.

          * Win32/Conficker.A (CA) <- http://www.ca.com/us/anti-virus.aspx
          * W32.Downadup (Symantec) Norton/Symantec
          * W32/Downadup.A (F-Secure) <- http://www.f-secure.com/en_EMEA/security/
          * Conficker.A (Panda) <- http://www.pandasecurity.com/infected_or_not/us/

          And so on. The same infection may have multiple names. Depends on what scanner you are using.I wish antivirus companies would use a better naming SYSTEM... it does *look* confusing to newer computer users.
          But, its usually easy to search for... still, I wish they would also use universal names so that solutions could be FOUND EASIER.


          But, competition prevents this from happening.

          Discussion
          4033.

          Solve : Windows Maliscious Software Removal Tool?

          Answer»

          I have Windows Maliscious Software Removal Tool on my Computer & I know I do because it constantly Updates itself.
          I can not for the life of me find out how, or where to access it
          and no matter where I look or Search, on my Computer, I can not find it.
          Does anyone know where it is or how to turn it on ?It's a small tool run with updates. It only removes VERY specific pieces of malware, so in general it's not particularly a good idea to use it as a anti-malware solution.i remember i saw it somewhere.
          c:\windows\system32\mrt.exe

          but when i double-click the exe, it seems nothing happen.So I Should like stop thinking if I need Malware Removal yo try to use this ?
          Just a part of Windows OS Thingies ?
          And Now Thanks to You I can see why I Can't Find it !
          ....................................... ...................................S.W. A.K.Well just get an Antivirus, a firewall, and perhaps a spyware removal program if you want one and that' is enough in my opinion

          Good that Malicious tool is being provided and updated and it's not too big so don't think too much on it.I have a FAQ on it's use here. How To Use Windows Malicious Software UtilityQuote from: Laska on April 01, 2009, 12:00:30 AM

          I have Windows Maliscious Software Removal Tool on my Computer & I know I do because it constantly Updates itself.
          I can not for the life of me find out how, or where to access it
          and no matter where I look or Search, on my Computer, I can not find it.
          Does anyone know where it is or how to turn it on ?

          In your start menu click run and then TYPE in MRT. That will run the program. Like the others have said it's specific to what it removes.Thanks Guys I have run it and can see what it does
          EVIL I saved your page for reference in case I forget and want to know in the FUTURE
          ....................................... ............................MWAA....... .............S.W.A.K. Start > Run and type mrt.exe then click OK.

          Or you could create a SHORTCUT to your Quick Launch...Okie Dokie EVIL Yer faster'n greased lightnin on a runaway FRIEGHT train !
          Discussion
          4034.

          Solve : Windowsupdate redirects to google?

          Answer»

          Combofix ran the script here is the new log

          ComboFix 09-04-01.01 - Gene 2009-04-02 14:28:53.2 - NTFSx86
          Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.674 [GMT -7:00]
          Running from: c:\documents and settings\Gene\Desktop\ComboFix.exe
          Command switches used :: c:\documents and settings\Gene\Desktop\CFScript.txt
          AV: avast! antivirus 4.8.1335 [VPS 090402-1] *On-access scanning disabled* (Updated)
          * Created a new RESTORE point
          .

          ((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
          .

          2009-04-02 13:12 . 2009-04-02 13:12d--------C:\_OTMoveIt
          2009-04-02 12:47 . 2009-04-02 12:47d--------c:\documents and settings\All Users\Application Data\NortonInstaller
          2009-04-01 20:03 . 2009-04-01 20:03d--------c:\PROGRAM files\Alwil Software
          2009-04-01 14:27 . 2009-04-01 14:27d--------c:\program files\Trend Micro
          2009-04-01 13:32 . 2009-04-01 14:03d--------c:\windows\system32\CatRoot_bak
          2009-04-01 10:47 . 2009-04-01 10:47d--------c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
          2009-04-01 10:46 . 2009-04-01 10:46d--------c:\program files\SUPERAntiSpyware
          2009-04-01 10:46 . 2009-04-01 10:46d--------c:\program files\Common Files\Wise Installation Wizard
          2009-04-01 10:46 . 2009-04-01 10:46d--------c:\documents and settings\Gene\Application Data\SUPERAntiSpyware.com
          2009-04-01 10:12 . 2009-04-01 10:12d--------c:\program files\CCleaner
          2009-04-01 09:44 . 2009-04-01 09:4454,156--ah-----c:\windows\QTFont.qfn
          2009-04-01 09:44 . 2009-04-01 09:441,409--a------c:\windows\QTFont.for
          2009-03-31 22:35 . 2009-03-31 22:35d--------c:\program files\Malwarebytes' Anti-Malware
          2009-03-31 22:35 . 2009-03-31 22:35d--------c:\documents and settings\Gene\Application Data\Malwarebytes
          2009-03-31 22:35 . 2009-03-31 22:35d--------c:\documents and settings\All Users\Application Data\Malwarebytes
          2009-03-31 22:35 . 2009-03-26 16:4938,496--a------c:\windows\system32\drivers\mbamswissarmy.sys
          2009-03-31 22:35 . 2009-03-26 16:4915,504--a------c:\windows\system32\drivers\mbam.sys
          2009-03-30 16:01 . 2006-02-28 05:00811,064--a------c:\windows\system32\imjp81k.dll

          .
          (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          2009-04-02 21:32---------d-----wc:\program files\DNA
          2009-04-02 21:32---------d-----wc:\documents and settings\Gene\Application Data\DNA
          2009-04-02 03:00---------d-----wc:\documents and settings\All Users\Application Data\Google Updater
          2009-04-01 21:21---------d-----wc:\program files\Java
          2009-04-01 16:48---------d-----wc:\program files\Starry Night Orion Special Edition
          2009-03-31 19:50---------d-----wc:\documents and settings\Gene\Application Data\Hoyle Card Games
          2009-03-31 04:11---------d-----wc:\program files\World of Warcraft
          2009-03-28 00:50---------d-----wc:\program files\CompuPic
          2009-03-23 23:41---------d-----wc:\documents and settings\Gene\Application Data\TaxCut
          2009-03-23 23:41---------d-----wc:\documents and settings\All Users\Application Data\pdf995
          2009-03-22 19:47---------d-----wc:\documents and settings\All Users\Application Data\TaxCut
          2009-03-21 22:15---------d-----wc:\program files\Cool2000
          2009-03-09 00:34---------d-----wc:\program files\Savings Bond Wizard
          2009-03-03 20:10---------d-----wc:\documents and settings\Gene\Application Data\OpenOffice.org2
          2009-02-25 00:52---------d-----wc:\documents and settings\Gene\Application Data\Hoyle Blackjack
          2009-02-07 18:46---------d-----wc:\program files\Google
          2009-02-02 20:21---------d-----wc:\documents and settings\Gene\Application Data\BITTORRENT
          2008-10-13 02:4024----a-wc:\documents and settings\Gene\jagex_runescape_preferences.dat
          2008-08-12 23:357,670,000----a-wc:\documents and settings\Gene\QuickCareSetup2.exe
          .

          ((((((((((((((((((((((((((((( [emailprotected]_14.00.18.26 )))))))))))))))))))))))))))))))))))))))))
          .
          + 2009-04-02 21:31:4816,384----atwc:\windows\Temp\Perflib_Perfdata_130.dat
          + 2009-04-02 21:31:3816,384----atwc:\windows\Temp\Perflib_Perfdata_5ec.dat
          .
          ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
          .
          .
          *Note* empty entries & legit default entries are not shown
          REGEDIT4

          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
          "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
          "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-15 342848]
          "SansaDispatch"="c:\documents and settings\Gene\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-01-22 79872]
          "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-28 68856]

          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
          "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
          "QuickTime TASK"="c:\program files\QuickTime\qttask.exe" [2007-05-30 98304]
          "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
          "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

          c:\documents and settings\All Users\Start Menu\Programs\Startup\
          Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
          Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
          TV883LP Remote Control.lnk - c:\program files\V-Stream Multimedia\TV883LP Utilities\C8XRCtl.exe [2006-07-09 57344]

          [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
          "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

          [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
          2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

          [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
          BootExecuteREG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt

          [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
          "quickcare2.2"=c:\program files\Qwest\QuickCare\bin\sprtcmd.exe /P QuickCare2.2

          [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
          "%windir%\\system32\\sessmgr.exe"=
          "c:\\Program Files\\DNA\\btdna.exe"=
          "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
          "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

          R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-01 114768]
          R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
          R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
          R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-04-01 20560]
          R2 CX88XBAR;V-Stream TV88X Crossbar;c:\windows\system32\drivers\cx88xbar.sys [2006-07-09 9472]
          S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?]
          S2 SessionLauncher;SessionLauncher;c:\docume~1\Gene\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Gene\LOCALS~1\Temp\DX9\SessionLauncher.exe [?]
          S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]

          [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9d5faa8-bcbe-11dd-b95d-00301b3e2316}]
          \Shell\AutoRun\command - I:\LaunchU3.exe -a
          .
          Contents of the 'Scheduled Tasks' folder

          2009-04-02 c:\windows\Tasks\Google Software Updater.job
          - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 08:14]
          .
          .
          ------- Supplementary Scan -------
          .
          uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
          uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
          .

          **************************************************************************

          disk not found C:\

          please note that you need administrator rights to perform deep scan
          scanning hidden processes ...

          scanning hidden autostart entries ...

          scanning hidden files ...

          scan completed successfully
          hidden files:

          **************************************************************************
          .
          --------------------- LOCKED REGISTRY KEYS ---------------------

          [HKEY_USERS\S-1-5-21-1644491937-1060284298-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
          "??"=hex:ee,55,b7,97,4d,51,fb,d7,89,28,0f,f5,c0,23,b4,43,19,db,c4,9a,3f,a8,a1,
          69,fa,33,0c,6d,b6,cb,5e,37,12,46,0f,2f,a3,4d,d2,04,a9,74,dc,d8,f8,5b,a9,a7,\
          "??"=hex:2b,1a,85,4d,cf,ed,18,b4,75,a3,39,c7,1a,5b,5d,b6
          .
          --------------------- DLLs Loaded Under Running Processes ---------------------

          - - - - - - - > 'winlogon.exe'(724)
          c:\program files\SUPERAntiSpyware\SASWINLO.dll
          .
          ------------------------ Other Running Processes ------------------------
          .
          c:\program files\Alwil Software\Avast4\aswUpdSv.exe
          c:\program files\Alwil Software\Avast4\ashServ.exe
          c:\windows\system32\bgsvcgen.exe
          c:\program files\Java\jre6\bin\jqs.exe
          c:\program files\CDBurnerXP\NMSAccessU.exe
          c:\windows\system32\nvsvc32.exe
          c:\windows\system32\MsPMSPSv.exe
          c:\windows\system32\wscntfy.exe
          .
          **************************************************************************
          .
          Completion time: 2009-04-02 14:34:20 - machine was rebooted
          ComboFix-quarantined-files.txt 2009-04-02 21:34:18
          ComboFix2.txt 2009-04-02 21:01:03

          Pre-Run: 21,404,217,344 bytes free
          Post-Run: 21,387,829,248 bytes free

          147--- E O F ---2007-12-12 16:20:50

          • Click START then RUN
          • Now type Combofix /u in the runbox
          • Make sure there's a space between Combofix and /u
          • Then hit Enter.
          .
          .
          The above procedure will:
          • Delete: ComboFix and its associated files and folders.
          • Reset the clock settings.
          • Hide file extensions, if required.
          • Hide System/Hidden files, if required.
          • Set a new, clean Restore Point.
          .
          ----------

          1. Double click OTMoveIt3.exe to launch it.
          Vista users right click and choose Run As Administrator
          2. Click on the CleanUp! button.
          3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
          4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
          5. Once complete exit out of OTMoveIt3

          ----------

          Run CCleaner.

          How is the computer running now?
          finished clean up computer can access windows update again and seems to be running good.
          thx for the help is there anything else we need to do

          also is avast mainly a av software or is it maleware and or spyware software
          as i think malewarebytes and sas are for running manually if avast is not for spy ware is there a program you recommend that can run in the background realtime?one that is compatible with avast?I use avast and it is very good.

          Here are a few more suggestions and software to help keep you safe.

          Use the Secunia Software Inspector to check for out of date software.
          • Click Start Now
          • Check the box next to Enable thorough system inspection.
          • Click Start
          • Allow the scan to finish and scroll down to see if any updates are needed.
          • Update anything listed.
          .
          ----------

          Go to Microsoft Windows Update and get all critical updates.

          ----------

          I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

          SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
          * Using SpywareBlaster to protect your computer from Spyware and Malware
          * If you don't know what ActiveX controls are, see here

          Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

          Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.ok ILL check these out.
          im going to do windows update first get sp3 ect.
          thx again for the help is there any thing i can do to thankyou for the help or is there anything else we need to do?
          I think we are done now.

          Let me know if anything else comes up... thankyou very much evil you and CHF rockYour welcome.

          Safe surfing...
          Discussion
          4035.

          Solve : Badly infected computer...?

          Answer»

          Just got other computer....Can hardly type without freezing and LAGGING. Avast is reporting things like crazy...Can't just reinstall

          900mhz cpu
          256 ram

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 2:05:42 PM, on 3/22/2009
          Platform: Windows XP SP2 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
          Boot mode: Normal

          RUNNING processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Alwil SOFTWARE\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\Explorer.EXE
          C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
          C:\Program Files\QuickTime\qttask.exe
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\WINDOWS\system32\wuauclt.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
          C:\WINDOWS\SoftwareDistribution\Download\a4c6f78366f403fa7e7d062ca70ddddc\update\update.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O4 - HKLM\..\Run: [Adobe Photo DOWNLOADER] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
          O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
          O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe -z
          O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
          O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
          O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra button: Support - {A1C62740-93D5-4E72-A5B6-B668D58C5197} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
          O18 - Protocol: bw+0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw+0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw-0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw-0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw00 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw00s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw10 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw10s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw20 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw20s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw30 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw30s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw40 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw40s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw50 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw50s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw60 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw60s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw70 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw70s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw80 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw80s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw90 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bw90s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwa0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwa0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwb0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwb0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwc0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwc0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwd0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwd0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwe0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwe0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwf0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwf0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
          O18 - Protocol: bwg0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwg0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwh0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwh0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwi0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwi0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwj0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwj0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwk0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwk0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwl0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwl0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwm0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwm0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwn0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwn0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwo0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwo0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwp0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwp0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwq0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwq0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwr0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwr0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bws0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bws0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwt0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwt0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwu0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwu0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwv0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwv0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bww0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bww0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwx0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwx0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwy0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwy0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwz0 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: bwz0s - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O18 - Protocol: maven-8110 - {8A042C03-78C3-41D6-BE0F-81829EB7B5E3} - C:\Program Files\foxmovies\bin\bin-1\protocolHandler.dll
          O18 - Protocol: offline-8876480 - {22D7A2A7-9722-4859-B3D1-1F5783310A54} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe

          --
          END of file - 15286 bytes

          thats all i have so far..............

          help me! This thing is a mess!mbamstill running sbsd. Mbam is next though!SuperAntiSpyware should be run first followed by MBAM then the HJT log.wow alot of programs in 018Is it a used computer that you just got and have no personal files of yours on it?
          who cares about super. Dont worry about itNo i'm asking cuz, if its a used computer he just got then he could just format the entire thing which is easier than running Avast and dealing with the slow ups, freezes and crashes.and i see 256mb of ram! You are going to need more ram than that. 512 at minimum or better yet 1gb. Doing so will make your PC happier after you have all the malware / virus stuff sorted out and cleared out!He cant reinstall and this is a post about maleware.... not more ramRecovery Console
          Discussion
          4036.

          Solve : "System" in task Manager using a lot of memory.?

          Answer»

          Ok I will do so, thanks for trying your best to help, your time was really appreciated.

          Hey evilfantasy...I realized today that when I run in safe with networking my system runs FINE, then when I switch back to normal there the system is running high again. Does this ring any bells? If not I will be posting like you said in the Windows forum.Try opening task manager and setting its priority to normal
          that should do the trickWell I think I finally have this solved. i tried going in and setting it to "normal" and found it was already at normal. I found this thread while browsing for others that had the same issue: http://apcmag.com/Forum.htm?g=posts&m=4596

          So I un-installed AVG. And guess what the problem went AWAY pronto. Well now the only prob is finding another anti-virus that covers as much as AVG did that I like. I am using a TRIAL of Panda Internet Security 2009. I don't like it bc they have like 10 Process running at once hogging LOADS of memory and VM. I also cause one that was running at 62K+ and stated according to System Explorer it was "Panda Advertising" Not sure what that was about. So now I'm going to browse the threads here see what other Anti-Virus's are suggested.These are what we recommend here.

          Avast! Home Free Edition

          Avira AntiVir Personal

          All free and as good or better than any paid software.

          For a good free firewall.

          Remember only install ONE firewall

          1) Comodo (Uncheck during installation "Install Comodo SafeSurf..", MAKE Comodo my default SEARCH provider" and "Make Comodo Search my homepage" if you choose this one)
          2) Online Armor
          3) Sunbelt/Kerio
          4) Agnitum
          5) PC Tools Firewall Plus
          Discussion
          4037.

          Solve : Error loading dll32?

          Answer»

          I am getting the message "error loading dll32" when I reboot. My internet is working but only through AOL software. I am able to get email through Outlook also. However, when I OPEN IE or Foxfire, it says the page cannot be opened. I am now also missing paths to shortcuts on my computer. This problem started just today. I have followed all of the malware removal instructions and my logs are attached.

          [ATTACHMENT deleted by admin]To completely remove Norton/SYMANTEC go to add remove programs and uninstall anything with Norton, Symantec or Live Update in the name.

          Download the Norton Removal Tool (SymNRT) to your Desktop.

          Once DOWNLOADED please close ALL open browsers, also save any work because this may require a restart.

          • Go to your desktop and double click on the removal tool and then click Setup.
          • Once open Click Next
          • Accept the license agreement and click Next
          • Type in the letters/numbers that you see into the text box then click Next.
          • Then click Next and the tool will start running.
          • Once finished restart the PC.
          • Delete Nortonremoval tool from your Desktop.
          .
          ----------

          Now run a new HijackThis scan and post the log.
          Discussion
          4038.

          Solve : AVG 8.5 out, but not able to uninstall AVG 8.0?

          Answer»

          Hi, I just downloaded AVG antivirus 8.5. Now I'm not able to uninstall AVG 8.0 version. The error shows as

          Uninstall FAILED
          1 error occurred. Click details to show information.

          Local machine: installation failed
          Installation:
          Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
          Error 0x80070005

          Now how do i change my registry. Any idea on how to solve this problem.
          Use the appropriate TOOL based on your operating SYSTEM from here: AVG Removal Tools

          After you have completed the steps to remove the previous version of AVG...try the new installation, again.


          Keep us posted...I used avgremover.exe and was successfully able to uninstall AVG 8.0. But I'm not able to install AVG 8.5. Same error occurs.

          Creating registry value......

          Local machine: installation failed
          Installation:
          Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
          Error 0x80070005

          Attached:
          Snapshot of error
          avgremover.log


          [attachment deleted by admin]I believe your computer may be infected...please start here: Read this before requesting malware removal helpThis is the EXACT reason I left AVG and started using Avast. Yea my system was infected......Finally formated Windows n installed Avast Antivirus.......Hope that works well...THANKS.....Quote from: evilfantasy on March 27, 2009, 11:30:27 AM

          This is the exact reason I left AVG and started using Avast.

          Well, great. AVG hasn't had a problem with my computer yet but if you have AVAST and you like it, that's great too
          Discussion
          4039.

          Solve : Hosts File?

          Answer»

          Running Vista SP1 on a HP notebook.

          When I run a netstat I see ENTRIES for 007guard.com directed to 127.0.0.1. In my HOSTS file I see SEVERAL entries added by Spybot - Search & Destroy for this domain. Should I be concerned about 007guard on my PC or are these entries in the hosts file enough to prevent 007guard from causing any mischief?

          AVG AV, Spybot S&D, and Windows Defender scans all come up as clean. Although, a week ago Windows Defender did alert me to a program that had modified the hosts file, but it was right after I updated Spybot S&D. I let Defender remove whatever it found.

          Thank you in advance for any insights regarding 007guard and/or the effectiveness of Spybot S&D's entries in my hosts file.No you shouldn't be concerned. That is normal with Spybot.Thanks, should I be concerned if there are about 15 to 20 instances of 007guard.com every time I run a netstat? I realize that it is being redirected to 127.0.0.1, but should it be allowed to remain on my PC or does it need to be removed? I'm not familiar with netstat but 127.0.0.1 is the standard IP address used for a loopback network connection so is safe. See here http://what-is-what.com/what_is/127.0.0.1.htmlAlso see this FAQ about Spybots Immunize which is what adds the 007guard and other entries to your Hosts file. http://www.it.northwestern.edu/security/spyware/win-spybot-immunize.html

          This is another free tool similar to what Spybots Immunize feature does. I use this and Immunize for added security. And it uses 0 computer resources.

          SpywareBlaster - SECURE your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
          * Using SpywareBlaster to protect your computer from Spyware and Malware
          * If you don't know what ActiveX controls are, see hereQuote from: evilfantasy on March 31, 2009, 11:29:24 AM

          I'm not familiar with netstat but 127.0.0.1 is the standard IP address used for a loopback network connection so is safe.

          Netstat is a command-line utility used to view active connections. Thanks for your help. Your welcome
          Discussion
          4040.

          Solve : virus list?

          Answer»

          --------------------------------------------------------------------------------
          KASPERSKY ONLINE SCANNER 7 REPORT
          Tuesday, March 31, 2009
          Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
          Kaspersky Online Scanner 7 version: 7.0.25.0
          Program database last update: Tuesday, March 31, 2009 22:49:38
          Records in database: 1990802
          --------------------------------------------------------------------------------

          Scan settings:
          Scan using the following database: extended
          Scan ARCHIVES: yes
          Scan mail databases: yes

          Scan area - My Computer:
          C:\
          D:\
          E:\
          F:\
          G:\
          H:\
          I:\

          Scan statistics:
          Files scanned: 100253
          Threat name: 1
          Infected objects: 1
          Suspicious objects: 0
          Duration of the scan: 02:14:02


          File name / Threat name / Threats count
          C:\Documents and Settings\Owner\My Documents\Incomplete\T-3545427-gary cosby.mp3Infected: Trojan-Downloader.WMA.GetCodec.u1

          The selected area was scanned.
          Quote from: marybeth on March 31, 2009, 06:01:46 PM

          am running kaperskis scan now but i just wanted to know if anyone can open this and see whats on my puter including passwords?


          No. That would go against everything we stand for.

          Delete this file. C:\Documents and Settings\Owner\My Documents\Incomplete\T-3545427-gary cosby.mp3

          How is the computer running now?

          Use the Secunia Software INSPECTOR to check for out of date software.
          • Click Start Now
          • Check the box next to Enable thorough system inspection.
          • Click Start
          • Allow the scan to finish and scroll down to see if any updates are needed.
          • Update anything listed.
          .
          ----------

          Go to Microsoft Windows Update and get all critical updates.

          ----------

          I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

          SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
          * Using SpywareBlaster to protect your computer from Spyware and Malware
          * If you don't know what ActiveX controls are, see here

          Check out Keeping Yourself Safe On The Web for tips and free TOOLS to help keep you safe in the future.

          Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.thank you evil.
          seems to be running good so far. but 1 last question. I had both superanti spywear and AVG on computer, Do i need to keep both or is 1 sufficient.
          maryalso evil
          i am having some problems with IE7 taking forever to open and stalls for short time do u kknow if IE8 is any betterIE8 might be better oyu would just have to try and see.

          AVG and SAS will work fine together.

          For the slowness...

          Download ATF Cleaner by Atribune to your Desktop.

          Alternate download link

          Note: Vista users must use Run As Administrator
          • Under Main: Select Files to Delete choose: Select All.
          • Click the Empty Selected button.
          • If you use Firefox browser click Firefox at the top and choose: Select All
          • Click the Empty Selected button.
            If you would like to keep your saved passwords click No at the prompt.
          • If you use Opera browser click Opera at the top and choose: Select All
          • Click the Empty Selected button.
            If you would like to keep your saved passwords click No at the prompt.
          • Click Exit on the Main menu to close the program.
          Note that your system will run slower for a reboot or two after having used this tool so don't panic.

          Important: Restart the computer before continuing.

          Also don't use ATF Cleaner daily. Use CCleaner for a daily cleaner.

          ----------

          I would also recommend that you Defrag the computer. There may be a lot of fragmented sections on the drive after cleaning the malware.

          You can use the built in Windows Defrag or a faster FREE program. Defraggler is very effective and easy to use. Be sure to clean out temp files and restart the computer just before using this.
          Discussion
          4041.

          Solve : win32/Patched.Z Virus in a .tmp file?

          Answer»

          Hello everyone,

          I have a a virus that my ESET Nod32 anti virus (up to date with virus listings) detected it is called Win32/Patched.Z virus.

          It was found in:
          C:\Users\Bee\AppData\Local\Temp\tmp67C7.tmp - Win32/Patched.Z virus - action selection postponed until scan completion

          This could not be cleaned.

          However I looked at using the Trojan Remover Software and this came up with a result;

          File is in-use/locked, or Access Denied-could not be scanned

          Select REQUIRED Action:
          1. Leave this file in place
          2. Disable this file by renaming it
          3. Delete this file (use with caution)
          4. Exclude this file from future scans (no action will be taken on this file)

          My question is-
          can I delete this file (tmp67C7.tmp) or is this file important?
          can I RENAME this file (tmp67C7.tmp) or is this file important?

          Is there anything I can do to get this virus out?

          Details of my Laptop is;

          ASUS Notebook M50Vc/M50Vm Series
          Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz
          4GB Ram
          32-bit Operating System

          PLease OFFER me some guidance?

          Thank you in advance,
          BeeTry to delete and see what will happen.Hi KingPincer

          Perhaps I shall try renaming it first and if my PC crashes then i'll know i might actually need that file lol

          Thanks for replying KingPincer

          Does anyone ELSE have a suggestion or a recommendation?

          I appreciate you taking your time to reply KingPincer, have you ever heard of a similar virus affecting a temp file? WHat happens if it was deleted completely and the file was actually needed?

          I'll let you know what happens anyhow, wish me luck.

          *bee crosses her fingers*
          Discussion
          4042.

          Solve : Transferring Viruses?

          Answer»

          I had a computer, running on Windows 98, that I used to play The Sims on. A few years ago it was pretty much destroyed by some weird virus that I got through an email (I think). I've got a new computer now that runs on Windows XP and I was wondering if my new computer could be infected with the virus if I ran The Sims on it using the same discs that I used to use with the old one. So, I guess what I'm really asking is: is there any virus that can write itself onto CD-Roms, even if they are write-protected? I'd really appreciate it if someone could tell me, asap! Thaaanks, HAT.[/color]Nope. CD-ROMs cant be altered once they are finalized. FYI, they were finalized WAY before you got them, while they were still in the factory.Ok, thanks for that, just WANTED to make sure. My parents will kill me if I BLOW this one up too. Haha.Infections of the SIMS often come from downloads of extra features that others have created, not from MATERIAL on the original CDs.
          Discussion
          4043.

          Solve : So Infected Flash?

          Answer»

          Quote from: KingPincer on May 17, 2009, 03:26:06 AM

          One question carbon do you still have to TEMPORARILY disable the protection of your anti VIRUS before using this?
          I don't think so.

          If Flash Disinfector or your antivirus is giving you a hard time, simply pause/stop protection and run the disinfector.Ah i see. TYhi all, ok what did I miss?
          expected: disinfection failed, here's the message in the attached IMAGE

          [attachment deleted by admin]Does the USB drive have a lock or hold switch at all?not at all, it's just a plain drive
          Discussion
          4044.

          Solve : Question for Evilfantasy?

          Answer»

          Evil, got a question...... A computer is infected with a backdoor trojan, and the necessary steps are taken to SUCCESSFULLY remove it, is it possible that once the trojan is removed there is still a virtual if not physical point of entry that remains? Or does the removal absolutely remove the access point? Is this why so many techs recommend a reformat to be certain that the door is closed?
          Curious on your thoughts on this......For me reformat is when you have really no choice to remove that certain kind of threat but for some specialist here like evilfantasy he has many software that he can give you to remove that certain kind of threat We can USUALLY remove 100% of any infection. BUT! We never GUARANTEE that a computer i s100% clean. There is always a chance something was missed.Ok ...thanks, I understand now.....but how about the antivirus that actually can't delete the virus?there are some infections that the antivirus can't delete or disinfect lI use other tools to remove those type of infections. i see i've wrote this question because i wanted to know how would you act when the antivirus can't do and i know u have other software for this things i only want to learn as much as possible i want to BECOME good in computers.>> Would you like to learn to fight malware? <Unlocker by Cedrick CollombThx alot i saved the KIT in my stick and it will be helpful for that files that cannot be DELETED . Your welcome.
          Discussion
          4045.

          Solve : A dumb question really!?

          Answer»

          On a lighthearted note, nothing to do with viruses (sorry) but this is the forum where you request it the most. As l use Wordpad, why do you always request files sent to be in Notepad FORMAT.
          Just curious that's all.
          ThanksNotepad does not embed font format markers.
          Notepad only does text and does not preserve hidden attributes of a document ogject.
          Just the text, all the text and nothing but the text.
          Code: [Select]This is WordPad
          with different formats
          Notice that is does not paste right.
          Now the same RTF opened by Notepad:

          Code: [Select]{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}{\f1\fmodern\fprq1\fcharset0 Courier New;}{\f2\froman\fprq2\fcharset2 Webdings;}{\f3\froman\fprq2\fcharset0 Palatino Linotype;}}
          {\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs48 This is WordPad\par
          \f1\fs36 with different formats\par
          \f2 that may lookl funny.\f3\par
          \f0\fs48\par
          \fs20\par
          }
          Now you KNOW!
          Wow, another quick and comprehensive response as always.
          Thank you very much Geek, appreciated.
          I'll let you GET back to the real world of answering "real" problems now!
          RegardsIt makes it safer for us to open them. Notepad uses the .txt format which isn't used to DISTRIBUTE malware. Wordpad uses .doc which is able to be infected.

          People used to attach Word documents which were unknowingly infected by whatever was on the computer. I won't open ATTACHED .doc or .zip files from an infected computer. Too risky.
          Discussion
          4046.

          Solve : Slow or Freezing Vista Gateway computer?

          Answer»

          Here's the GIST of the problem. I restart computer and turn on World of Warcraft and play for AWHILE. Turn it off and try to start a web browser. It either takes forever for it to load or when it does the it just says connecting and never brings up a web page. Now I have this same problem when I turn on a P2P program, Vuze. Its like something gets turned on in the background that is sucking all my memory. But I've used a few memory freeing programs and it doesn't seem to help. I also did the memory diagnostic and ran a scandisk. I've already done a virus scan and spyware check and both came up clean. The only thing that helps is to restart the computer. Even when I restart it it will take 5 minutes or more to log off just to restart. I'm wondering if this is something in Vista I don't know how to fix. I'm RUNNING.....

          Gateway GT5657e
          Vista Home Premium SP 1 (up to date)
          AMD 2.2 dual core processor
          3 gig or DDR2 RAM
          Nvidia 9600 GSO 768mgs Card
          300 Gig HDD
          Zonealarm free Firewall
          AVG Free Virus
          Ad-Aware spyware

          *edit*

          I've now ran the other programs LISTED (MALWAREBYTES, super antispyware, and RUBotted) and no malware came out. Here is my hijackthis log:


          I'm also running right now a Kaspersky's online scan but its not finished. I've also added 3 logs from the Process Explorer program. All are titled in order. Any questions let me know.



          [attachment deleted by admin]Do you have 2 antivirus installed both running in same time?no I don't. But I did download a few extra and run scans to make sure everything came back negative.
          Discussion
          4047.

          Solve : MALWARE REMOVAL LOGS - As instructed by Karnac?

          Answer»

          I followed the instructions to the LETTER. I have attached the logs.

          Cheers

          JAH

          [ATTACHMENT DELETED by ADMIN]
          Discussion
          4048.

          Solve : nagefipi.dll and SHEUR2.AEOL, are my computer save now??

          Answer» EDIT: its SHEUR2.AEOL (not SHEAL... , sorry )
          hi!,
          this is my first time here, and sorry for my english, its not really good.
          Its the first time that i got a virus. AVG told me, and the spybot too....but it was too late. After scan one and another time with AVG, allways the same troyan come back (and more malwares with diferent names always).
          The effect that i could see: iexplorer USING like 500mbytes of the ram, always when i start the computer ask me for the file nagefipi.dll (say that rundll32 doesnt find it), ad everytime with firefox, and suddenly the computer turn off!

          I did all the step that you told me, and this is the answer of every logs...but after all everything seems fine, no problems...but i wanna be sure, cos i have to make the presentation of my project (for the end of my degree! ) and i dont wanna have problems the day of the presentation (In june).
          looking foward to hearing from somone, THANKS SO MUCH FOR EVERYTHING!!!!

          PS: do i have to install again Spybot, or i can leave only the Superantyspyware? (i guess that is the same...isnt it?)

          PS.2: i have service pack 1, but i have Vista, so i dont know if exist a new version....

          Malwarebytes' Anti-Malware 1.36
          Versión de la Base de Datos: 2145
          Windows 6.0.6001 Service Pack 1

          17/05/2009 23:24:25
          mbam-log-2009-05-17 (23-24-25).txt

          Tipo de examen : Examen Rápido
          Objetos examinados: 73817
          Tiempo transcurrido: 10 minute(s), 10 second(s)

          Procesos en Memoria Infectados: 0
          Módulos en Memoria Infectados: 1
          Claves del Registro Infectadas: 21
          Valores del Registro Infectados: 1
          Elementos de Datos del Registro Infectados: 2
          Carpetas Infectadas: 3
          Ficheros Infectados: 4

          Procesos en Memoria Infectados:
          (No se han detectado elementos maliciosos)

          Módulos en Memoria Infectados:
          C:\Program Files\Mozilla Firefox\components\WWShow.dll (Adware.BHO) -> Delete on reboot.

          Claves del Registro Infectadas:
          HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\bho_myjavacore.mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\bho_myjavacore.mjcore.1 (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\AppID\{26a98aa8-07fe-46e6-b6df-26704f3b895f} (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Delete on reboot.
          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Delete on reboot.
          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
          HKEY_CLASSES_ROOT\AppID\BHO_CPV.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

          Valores del Registro Infectados:
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmbbff0427 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

          Elementos de Datos del Registro Infectados:
          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

          Carpetas Infectadas:
          C:\Users\Arturo\AppData\Roaming\ptidle (Trojan.Downloader) -> Quarantined and deleted successfully.
          C:\Program Files\WWShow (Trojan.Agent) -> Quarantined and deleted successfully.
          C:\Program Files\Jcore (Trojan.BHO) -> Quarantined and deleted successfully.

          Ficheros Infectados:
          C:\Program Files\Mozilla Firefox\components\WWShow.dll (Adware.BHO) -> Delete on reboot.
          C:\Windows\System32\drivers\ovfsthxkixqgdrqxrbenttviafbddrmflfdmni.sys (Trojan.Agent) -> Quarantined and deleted successfully.
          C:\Windows\System32\ovfsthawqdvjnvtpurvwbcrtewsycpmmdgmvdm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
          C:\Windows\System32\ovfsthcxvigvcenkanxpemtnjexbxkfoeisdhi.dat (Trojan.Agent) -> Quarantined and deleted successfully.











          -------------------------











          SUPERAntiSpyware Scan Log
          http://www.superantispyware.com

          Generated 05/17/2009 at 06:30 PM

          Application Version : 4.26.1002

          Core Rules Database Version : 3897
          Trace Rules Database Version: 1844

          Scan type : Complete Scan
          Total Scan Time : 02:52:54

          Memory items scanned : 370
          Memory threats DETECTED : 0
          Registry items scanned : 8169
          Registry threats detected : 35
          File items scanned : 232834
          File threats detected : 3

          Trojan.Unclassified/TestCPV
          HKLM\Software\Classes\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}
          HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}
          HKU\S-1-5-21-1811891860-318180347-1914469365-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}
          HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}
          HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}\ProgID
          HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}\Programmable
          HKCR\CLSID\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}\VersionIndependentProgID
          HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}
          HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}\ProxyStubClsid
          HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}\ProxyStubClsid32
          HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}\TypeLib
          HKCR\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813}\TypeLib#Version
          HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6}#NoExplorer

          Browser Hijacker.MJCore
          HKLM\Software\Classes\CLSID\{D88E1558-7C2D-407A-953A-C044F5607CEA}
          HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D88E1558-7C2D-407A-953A-C044F5607CEA}
          HKU\S-1-5-21-1811891860-318180347-1914469365-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D88E1558-7C2D-407A-953A-C044F5607CEA}
          HKCR\CLSID\{D88E1558-7C2D-407A-953A-C044F5607CEA}
          HKCR\CLSID\{D88E1558-7C2D-407A-953A-C044F5607CEA}\ProgID
          HKCR\CLSID\{D88E1558-7C2D-407A-953A-C044F5607CEA}\Programmable
          HKCR\CLSID\{D88E1558-7C2D-407A-953A-C044F5607CEA}\TypeLib
          HKCR\CLSID\{D88E1558-7C2D-407A-953A-C044F5607CEA}\VersionIndependentProgID
          HKLM\SOFTWARE\Classes\BHO_MyJavaCore.Mjcore
          HKLM\SOFTWARE\Classes\BHO_MyJavaCore.Mjcore\CLSID
          HKLM\SOFTWARE\Classes\BHO_MyJavaCore.Mjcore\CurVer

          Adware.Vundo Variant
          HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}

          Trojan.DNSChanger-Codec
          HKU\S-1-5-21-1811891860-318180347-1914469365-1000\Software\fcn

          Adware.JavaCore/NoDNS
          HKLM\SOFTWARE\CLASSES\APPID\BHO_MYJAVACORE.DLL
          HKLM\SOFTWARE\CLASSES\APPID\BHO_MYJAVACORE.DLL#AppID

          Adware.Vundo Variant/Rel
          HKLM\SOFTWARE\Microsoft\contim
          HKLM\SOFTWARE\Microsoft\contim#SysShell
          HKLM\SOFTWARE\Microsoft\rdfa
          HKLM\SOFTWARE\Microsoft\rdfa#F
          HKLM\SOFTWARE\Microsoft\rdfa#N
          HKCR\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8}

          Rogue.Component/Trace
          HKU\S-1-5-21-1811891860-318180347-1914469365-1000\Software\Microsoft\FIAS4057

          Trojan.Agent/Gen-AppX
          C:\USERS\ARTURO\APPDATA\LOCAL\QAYSMIU.EXE

          Trojan.Agent/Gen-FSG
          D:\ARTURO\PROGRAMAS\RECUPERADORARCHIVOS\CD_DVD_DATA_RECOVERY_1.0.759\CD DVD DATA RECOVERY 1.0.759\KEYGEN\KEYGEN\KEYGEN.EXE

          Unclassified.Unknown Origin
          D:\ARTURO\PROGRAMAS\RECUPERADORARCHIVOS\CD_DVD_DATA_RECOVERY_1.0.759\CD DVD DATA RECOVERY 1.0.759\KEYGEN\KEYGEN.NFO










          -----------------













          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 0:04:39, on 18/05/2009
          Platform: Windows Vista SP1 (WinNT 6.00.1905)
          MSIE: Internet Explorer v7.00 (7.00.6001.18226)
          Boot mode: Normal

          Running processes:
          C:\Windows\system32\taskeng.exe
          C:\Windows\system32\Dwm.exe
          C:\Windows\Explorer.EXE
          C:\Program Files\Windows Defender\MSASCui.exe
          C:\Windows\RtHDVCpl.exe
          C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
          C:\Program Files\Launch Manager\LManager.exe
          C:\Windows\Domino.exe
          C:\Windows\VMSnap1.exe
          C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
          C:\Program Files\Java\jre6\bin\jusched.exe
          C:\Windows\ehome\ehtray.exe
          C:\Program Files\AVG\AVG8\avgtray.exe
          D:\Program Files\PopTray\PopTray.exe
          C:\Windows\System32\rundll32.exe
          C:\Windows\ehome\ehmsas.exe
          C:\Users\Arturo\AppData\Local\Temp\RtkBtMnt.exe
          C:\Program Files\Mozilla Firefox\firefox.exe
          C:\Windows\system32\taskeng.exe
          C:\Program Files\Trend Micro\HijackThis\sniper.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://es.rd.yahoo.com/customize/ycomp/defaults/sp/*http://es.yahoo.com
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://es.rd.yahoo.com/customize/ycomp/defaults/su/*http://es.yahoo.com
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
          R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          R3 - URLSearchHook: Barra Yahoo! con bloqueador de ventanas emergentes - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
          O1 - Hosts: ::1 localhost
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
          O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
          O2 - BHO: (no name) - {7da8f4ed-c8b3-4378-b03b-965b021194f2} - (no file)
          O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
          O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
          O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
          O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
          O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
          O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
          O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
          O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
          O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
          O4 - HKLM\..\Run: [domino] C:\Windows\domino.exe
          O4 - HKLM\..\Run: [VMSnap1] C:\Windows\VMSnap1.exe
          O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
          O4 - HKCU\..\Run: [] ??e
          O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
          O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
          O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICIO LOCAL')
          O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICIO LOCAL')
          O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Servicio de red')
          O4 - Startup: AVG Free Tray Icon.lnk = C:\Program Files\AVG\AVG8\avgtray.exe
          O4 - Startup: PopTray.lnk = D:\Program Files\PopTray\PopTray.exe
          O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
          O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
          O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\ARCHIV~1\MICROS~1\Office12\REFIEBAR.DLL
          O13 - Gopher Prefix:
          O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
          O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
          O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldes-es.cab
          O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
          O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
          O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://arteqbo.spaces.live.com/PhotoUpload/VistaMsnPUpldes-es.cab
          O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-447553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
          O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
          O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
          O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
          O20 - AppInit_DLLs: eNetHook.dll avgrsstx.dll C:\Windows\system32\zimuroha.dll c:\windows\system32\nagefipi.dll
          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
          O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
          O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
          O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
          O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
          O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
          O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
          O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
          O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
          O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
          O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
          O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
          O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
          O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
          O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
          O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
          O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
          O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
          O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
          O23 - Service: OracleServiceXE - Oracle Corporation - d:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
          O23 - Service: OracleXEClrAgent - Unknown owner - D:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
          O23 - Service: OracleXETNSListener - Unknown owner - D:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
          O23 - Service: Programador de LiveUpdate automático - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
          O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
          O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
          O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
          O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
          O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
          O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

          --
          End of file - 10374 bytes
          leave superantispyware in and run it every week

          why not update to windows sp3thanks harry48, i will.
          About service pack 3 in Vista...i dindnt cos i only could find service pack 1 in microsoft website which is the one that i already have, so i thought that doesnt exist anymore highter

          Yesterday and today with checked again if Malwarebytes' Anti-Malware, and.....again i got the troyan! ...., i leave you the log



          Malwarebytes' Anti-Malware 1.36
          Versión de la Base de Datos: 2145
          Windows 6.0.6001 Service Pack 1

          18/05/2009 10:00:56
          mbam-log-2009-05-18 (10-00-56).txt

          Tipo de examen : Examen Rápido
          Objetos examinados: 74163
          Tiempo transcurrido: 9 minute(s), 54 second(s)

          Procesos en Memoria Infectados: 0
          Módulos en Memoria Infectados: 0
          Claves del Registro Infectadas: 2
          Valores del Registro Infectados: 0
          Elementos de Datos del Registro Infectados: 0
          Carpetas Infectadas: 0
          Ficheros Infectados: 0

          Procesos en Memoria Infectados:
          (No se han detectado elementos maliciosos)

          Módulos en Memoria Infectados:
          (No se han detectado elementos maliciosos)

          Claves del Registro Infectadas:
          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Delete on reboot.
          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Delete on reboot.

          Valores del Registro Infectados:
          (No se han detectado elementos maliciosos)

          Elementos de Datos del Registro Infectados:
          (No se han detectado elementos maliciosos)

          Carpetas Infectadas:
          (No se han detectado elementos maliciosos)

          Ficheros Infectados:
          (No se han detectado elementos maliciosos)





          ------------------------








          Malwarebytes' Anti-Malware 1.36
          Versión de la Base de Datos: 2145
          Windows 6.0.6001 Service Pack 1

          19/05/2009 10:06:48
          mbam-log-2009-05-19 (10-06-48).txt

          Tipo de examen : Examen Rápido
          Objetos examinados: 73949
          Tiempo transcurrido: 10 minute(s), 19 second(s)

          Procesos en Memoria Infectados: 0
          Módulos en Memoria Infectados: 0
          Claves del Registro Infectadas: 2
          Valores del Registro Infectados: 0
          Elementos de Datos del Registro Infectados: 0
          Carpetas Infectadas: 0
          Ficheros Infectados: 0

          Procesos en Memoria Infectados:
          (No se han detectado elementos maliciosos)

          Módulos en Memoria Infectados:
          (No se han detectado elementos maliciosos)

          Claves del Registro Infectadas:
          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Delete on reboot.
          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Delete on reboot.

          Valores del Registro Infectados:
          (No se han detectado elementos maliciosos)

          Elementos de Datos del Registro Infectados:
          (No se han detectado elementos maliciosos)

          Carpetas Infectadas:
          (No se han detectado elementos maliciosos)

          Ficheros Infectados:
          (No se han detectado elementos maliciosos)
          http://www.microsoft.com/downloads/details.aspx?familyid=E8562A64-9CE3-4975-BBFC-C3BD71844DA6&displaylang=en

          go to above for vista 2 thanks for your help, but i was trying and this is the version Windows Product Management group at Microsoft, so i CANT download. I was reading and the SP2 will be for users the end of june, so i have to wait until then.
          thanks anyway!
          Discussion
          4049.

          Solve : HALF DECENT SOFTWARE?

          Answer»

          Can anyone recommend a half decent anti virus/malware software. I tried Norton, what MISTAKE that was. AVG don't like it. Can anyone make any recommendations. I like Malwarebytes, Ad-Aware, Spybot SEARCH and destroy, Spywareblaster. Check my other post concerning online scanners for a whole other list of anti-malware. There are also online scanners from Trendmicro, Bitdefender and Eset.Superantispyware, malwarebytes, and either AVAST antivirus or AVIRA antivirus. That is the Computer HOPE Forum's malware specialist recommended free ANTIMALWARE and antispyware. If you have windows vista or windows 7, I would have windows firewall on as well as the windows defender. I would grab commodo firewall if you want a third party firewall instead of using windows firewall, that's a good one.

          Don't get Norton. AVG is not entirely BAD for what it does but AVAST and AVIRA are better free options.
          Discussion
          4050.

          Solve : something weird with my computer?

          Answer»

          well i dont know whats going on with my computer its been acting somewhat funky recently SOOO here are my logs

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 5:45:35 PM, on 5/20/2009
          Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
          MSIE: Internet Explorer v7.00 (7.00.5730.0013)
          Boot mode: Normal

          Running processes:
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
          C:\WINDOWS\System32\alg.exe
          C:\WINDOWS\Explorer.exe
          C:\WINDOWS\system32\ctfmon.exe
          C:\Program Files\Internet Explorer\Iexplore.exe
          C:\WINDOWS\system32\wbem\wmiprvse.exe
          C:\WINDOWS\system32\taskmgr.exe
          C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

          F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\sdra64.exe,
          O2 - BHO: (no name) - {32C19E74-7ECD-49D4-B6CF-592E6AB43041} - c:\windows\system32\gbggxks.dll
          O2 - BHO: WOT HELPER - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
          O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
          O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
          O20 - Winlogon Notify: vcqjmrlv - C:\WINDOWS\SYSTEM32\gbggxks.dll
          O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
          O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

          --
          End of file - 1675 bytes


          please help i really appriciate it Ps: i tried to FOLLOW the malware removal steps but it wont let me run super antispyware and also malwarebytes but neither work :/also i tried to see if something downloaded a program but it seems that everytime i try to get into add/remove programs and error sign comes up saying that windows COULDNT find C: windows/system32/rundll32.exeQuote from: mels on May 20, 2009, 06:57:14 PM

          also i tried to see if something downloaded a program but it seems that everytime i try to get into add/remove programs and error sign comes up saying that windows couldnt find C: windows/system32/rundll32.exe
          Then something is DEFINATELY wrong there. If rundll32.exe can't be found, this is a serious issue. IM GOING CRAZY! i tried installing avast and it did and then it told me to reboot which i did and then when i try to LOG in it keeps loging me out! ...no hope for me
          Discussion