Explore topic-wise InterviewSolutions in .

This section includes InterviewSolutions, each offering curated multiple-choice questions to sharpen your knowledge and support exam preparation. Choose a topic below to get started.

4601.

Solve : UST Scandal virus?

Answer»

my friend's loptop has a virus named "UST Scandal". she got this virus from her friend in yahoo messenger, and when this virus detected from AVG free edition antivirus. AVG can't heal/delete this. and not only that, ANOTHER problem is that this virus is really harmful because everytime she opens a program and making her thesis, this virus automatically closes the PROGRAMS that she is using..and because of that, she decided to reformat her loptop. usually when we reformat our HDD and OS,all files are deleted and even the viruses. but this virus still in her HDD and after she reformat her loptop and continue her work, again the virus still striking and my friend GETTING irritated with what is happening in her loptop.

what we will gonna do?

any advice please...Go to this THREAD and follow the directions to post the requested logs.THANKS for this advise...i will inform my friend about this.... thanks a lot
Discussion
4602.

Solve : deepfreeze and antivirus?

Answer»

guys...

i ALREADY INSTALLED my antivirus in my computer, then, i want to install another program which is deepfreeze...

is their any problem if i install them both in my desktop??Deepfreeze is AIMED at MULTI computer work environments.

Why pay for this when you are relatively safe using a HOME based AV?
Discussion
4603.

Solve : Alternating Blue and Red Shields?

Answer»

Hi. I recently had some problems with my computer (PC, Win XP Pro, Service Pack 2) when I inadvertantly downloaded a virus through what I thought was an active x CONTROL. I resolved most of the issue with virus scans and spyware scans using "Avast" and "Spybot: Search and Destroy". But I still have this icon in my system tray that alternates between a red shield with a white x and a blue shield with a white question mark. Whether I right-click or left-click the icon the same thing happens (though I don't recieve a name of what this icon is for, not even when I just let the cursor hover) multiple Internet Explorer WINDOWS pop-up. All are blank though so I can't even find out what this is through a website. When I "Alt + Tab" between windows, the icon is within the "Alt + Tab" menu but carries no name there nor do the websites that pop-up from clicking on it. I currently don't have a mouse (due to unrelated circumstances) and have been using hotkeys (mostly Tab). This program that carries the shield icon periodically interupts Tab hotkey usage and I have to reselect a window or program to use hotkeys for that window or program. This interuption tells me that the program carrying the shield icon has become the main window, on top of whatever window I was just on, yet nothing appears on the screen to show me what this icon is. Can someone please tell me what this program is or how to identify what it is and how to remove it? Thank you. Lets look at a HJT log and see if it reveals anything.

Download HijackThis.exe

* Double-click on the installer you just downloaded.
* Click on the Install button to install.
* It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
* Please do not change the default install location.
* Upon install, HijackThis should open for you.

* Next click on the Do a system scan and save a log file button.
* HijackThis will scan and then a log will open in notepad.
* Copy and then paste the log in your next reply.ok. Here's the log file.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:03:35 PM, on 1/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Alienware Dock.lnk = C:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/sis/popcaploader_v10.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O22 - SharedTaskScheduler: ablator - {fce1c203-ff2b-4ec1-9983-e2900d29bbd8} - C:\WINDOWS\system32\axdpfl.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 9355 bytes
Does the Trend Micro Internet Security include antivirus?


A few things to have HJT fix.

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries:

O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.ietoolgate.com/redirect.php (file missing)
O22 - SharedTaskScheduler: ablator - {fce1c203-ff2b-4ec1-9983-e2900d29bbd8} - C:\WINDOWS\system32\axdpfl.dll

Close all windows except for HijackThis and click Fix checked.

Exit Hijackthis.

---------------

Download SmitfraudFix (by S!Ri) to your Desktop.

  • Extract all the files to your Destop.
  • A folder named SmitfraudFix will be created on your Desktop.
  • Open the SmitfraudFix folder and double-click smitfraudfix.cmd
  • Select option #1 - Search by typing 1 and press Enter
    • This program will scan LARGE amounts of files on your computer for known patterns so please be patient while it works.
    • When it is done, the results of the scan will be displayed and it will create a log named rapport.txt
      • This is in the root of your drive, eg: Local Disk C: or partition where your operating system is installed.
    • Please attach that log in your next reply.
  • Note: process.exe ( which is used by SmitFraudFIx ) is detected by some antivirus programs (AntiVir, Dr.Web, KASPERSKY) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they MAY alert the user.
http://www.beyondlogic.org/consulting/processutil/processutil.htm
-
---------------

Next post please add:
Smitfraudfix log
Discussion
4604.

Solve : is the Dell (Ctrl + F11) recovery image safe from infection??

Answer»

i'm fixing my friend's Dell Inspiron E1405. it's running Windows XP Home EDITION Service Pack 2 (build 2600). i don't feel i need to add lots of info here because my question is pretty general.

i just want to know if it's a totally SAFE fresh install if i use Ctrl+F11 to restore the computer to factory condition (rather than using the system restoration disks). i had cleaned infections from it, but i figure it's best not to waste any more time tracking down infections, and just do a system recovery.

(if i have specific INFECTION-cleaning questions, i'll describe and ask later if it's not essential to this question.)

thanks. If you are able to unhide the hidden restore partition then just right clik it and scan it with whatever AV program you are running...
But judging by past experience unless the infection was particularily nasty you should be safe.Quote from: patio on January 19, 2008, 02:41:29 PM

If you are able to unhide the hidden restore partition then just right clik it and scan it with whatever AV program you are running...
But judging by past experience unless the infection was particularily nasty you should be safe.

thanks. do you know where this file is located? i have been looking all over the internet with no success.

not to get too deep into the infection discussion, but i'm not sure how to define "nasty". it took me hours to clean all the stuff on there (no trojans or rootkits that i could tell) and it still may have a last bit of spyware. it runs beautifully, though.

can an infection "spread" to the IMAGE? or can it just disable the image? [meanwhile, i will head over to the Dell forums to see if i find out more.]The Dell Forums will have instructions on accessing the hidden partition...i'd bet the image is safe.
To be ultra sure another option would be to burn the image to CD and then scan it before you do the restore...Quote from: patio on January 19, 2008, 05:10:41 PM
The Dell Forums will have instructions on accessing the hidden partition...i'd bet the image is safe.
To be ultra sure another option would be to burn the image to CD and then scan it before you do the restore...

i'm getting my questions answered there now. it seems the partition should indeed be safe, as it is a hidden partition. so glad i have the recovery option on this machine. thanks!No problem. Let us know how it goes and Welcome Aboard !the system recovery went GREAT, thanks. it is amazingly fast (15 minutes or so). it's the windows update and getting everything set up and secure that took many hours. she was happy with her laptop. i shall tackle my other problems/questions, like the ominous-sounding "nbsess" that i gave permission to Comodo for internet access, later (i'm never satisfied!). Now that you have a "clean" install you may want to consider investing in an imaging program.
The advantage to one of these is after you have all your programs installed and have everything tweaked to your liking you run an image and it creates an exact replica of how things are.

If you get into a pickle again you simply "restore" the image you created and you're back up and running in 15 minutes...

I Use Acronis True Image but there are others such as Ghost...

If you need more info post back.

patio.
Discussion
4605.

Solve : Avast is blocking my son from browsing the web?

Answer»

I'm asking this on behalf of my full-time working college STUDENT son who doesn't have a LOT of time to try and figure out his own problems.

Anyway, he recently downloaded and installed Avast anti-virus, and after doing so, has been unable to go to any websites at all. When he turns off Avast and relies on the Vista security features, he has no problem with surfing.

Any THOUGHTS?Some AVs simply don't agree with some PCs. Everyones set up is different so the RESULTS on how well they work can vary.

Try to uninstall Avast and INSTEAD install AVG-Free and see if it will allow normal functions.That's a good idea. I'll have him give that a try. Thanks.
Discussion
4606.

Solve : Annoying virus undetected by scan?

Answer»

Hi, I noticed that when I turned on my PC this morning my internet wasn't working right and could not browse the web or use programs that require net access. Which was strange because it said my internet was very good and running at 54mbps. I tried repairing then rebooting windows but still no internet. I then tried a norton full system scan but no luck. As I thought it could not get any worse after I rebooted a second time it changed my theme from WinXP to Windows classic I checked display properties and the theme had been deleted, luckily I have a backup drive from which I was able to retrieve the theme, My knowlage on this subject is very slim so I have no idea on how to fix my internet.Lets look at a HJT log and see if it reveals anything.

Download HijackThis.exe

* Double-CLICK on the installer you just downloaded.
* Click on the Install button to install.
* It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis
* Please do not change the default install location.
* Upon install, HijackThis should open for you.

* Next click on the Do a system scan and save a log file button.
* HijackThis will scan and then a log will open in notepad.
* Copy and then PASTE the log in your next reply.Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:08 p.m., on 20/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: {cdc787b4-c29a-4f4a-2bd4-41dd0067ccc6} - {6ccc7600-dd14-4db2-a4f4-a92c4b787cdc} - C:\WINDOWS\system32\cpunrqvg.dll (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Sshgqfqf\ihzcuyvr.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\system32\cbxvuvu.dll (file missing)
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Medichi] medichi.exe
O4 - HKLM\..\Run: [Medichi2] medichi2.exe
O4 - HKLM\..\Run: [Kernel32] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\Owner\LOCALS~1\Temp\winlogon.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193513486234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193513461562
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://atl.img.digitalriver.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: murka.dat
O20 - Winlogon Notify: cbxvuvu - cbxvuvu.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate NOTICE - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 7752 bytes
This computer has many infections that will require multiple steps in order to clean.

---------------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries:

O2 - BHO: {cdc787b4-c29a-4f4a-2bd4-41dd0067ccc6} - {6ccc7600-dd14-4db2-a4f4-a92c4b787cdc} - C:\WINDOWS\system32\cpunrqvg.dll (file missing)
O2 - BHO: (no name) - {76F262CF-0308-0FB4-F7A3-043266F3A47C} - C:\Program Files\Sshgqfqf\ihzcuyvr.dll (file missing)
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: (no name) - {FA16FE06-B462-470E-9653-79C54B1871FF} - C:\WINDOWS\system32\cbxvuvu.dll (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O20 - AppInit_DLLs: murka.dat
O20 - Winlogon Notify: cbxvuvu - cbxvuvu.dll (file missing)

Close all windows except for HijackThis and click Fix checked.

Exit Hijackthis.

---------------

Follow this link to install LSPFix to try to repair the internet connection. Also look towards the bottom of the page for the tutorial: Using LSP-Fix to remove Spyware & Hijackers

--------------

Download SDFix.exe and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following:

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard).
  • Finally add the contents of the Report.txt in your next post along with a new HijackThis log
Although this has helped speed up my computer a bit my internet is still well I don't know what it is I can't browse, I can't use internet based programs although in the lower right hand corner of my screen steam is telling me that I have friends logging in whichis giveing me the idea that a vital file required for connecting to servers has been deleted or corrupted. Do you think there is a way to replace this file with one from my backup harddrive?
Anyways here are the reports.


SDFix: Version 1.129

Run by Administrator on Mon 21/01/2008 at 10:13 p.m.

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\ADMINI~1.TIM\Desktop\SDFix

Safe Mode:
Checking Services:

Name:
FCI
SysLibrary
xpdx

Path:
C:\WINDOWS\system32\svchost.exe:ext.exe
\??\C:\WINDOWS\system32\DefLib.sys
\??\C:\WINDOWS\system32\xpdx.sys

FCI - Deleted
SysLibrary - Deleted
xpdx - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Program Files\Helper\superfindout.dll - Deleted



Folder C:\Program Files\Helper - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 22:25:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win3EA.exe"="C:\\DOCUME~1\\Owner\\LOCALS~1\\Temp\\win3EA.exe:*:Enabled:win3EA"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:svchost"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\wewpmofe.exe"="C:\\WINDOWS\\system32\\wew"
"C:\\Program Files\\Steam\\SteamApps\\andrew_timothy_hughes\\garrysmod\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\andrew_timothy_hughes\\garrysmod\\hl2.exe:*:Enabled:hl2.exe"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Disabled:DNA"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\ADMINI~1.TIM\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 28 Oct 2007 196 A.SHR --- "C:\BOOT.BAK"
Thu 6 Sep 2001 1,700,352 A..H. --- "C:\gdiplus.dll"
Tue 11 Dec 2007 197,120 A..H. --- "C:\RECYCLER\S-1-5-21-2418244512-849263507-4064612095-500\Dc36.tmp"
Sat 24 Nov 2007 197,120 A..H. --- "C:\RECYCLER\S-1-5-21-2418244512-849263507-4064612095-500\Dc37.tmp"
Mon 5 Nov 2007 197,120 A..H. --- "C:\RECYCLER\S-1-5-21-2418244512-849263507-4064612095-500\Dc38.tmp"
Sat 17 Nov 2007 197,120 A..H. --- "C:\RECYCLER\S-1-5-21-2418244512-849263507-4064612095-500\Dc39.tmp"
Wed 7 Nov 2007 376 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti7CB.tmp"
Thu 19 Oct 2006 5,294,080 A..H. --- "C:\hp\patches\42WW1REC\src\App00153.exe"
Thu 19 Oct 2006 452,096 A..H. --- "C:\hp\patches\42WW1REC\src\App00292.exe"
Thu 19 Oct 2006 444,416 A..H. --- "C:\hp\patches\42WW1REC\src\App00491.exe"
Thu 19 Oct 2006 1,838,592 A..H. --- "C:\hp\patches\42WW1REC\src\App02995.exe"
Thu 19 Oct 2006 492,544 A..H. --- "C:\hp\patches\42WW1REC\src\App04827.exe"
Thu 19 Oct 2006 1,401,856 A..H. --- "C:\hp\patches\42WW1REC\src\App05447.exe"
Thu 19 Oct 2006 440,320 A..H. --- "C:\hp\patches\42WW1REC\src\App05705.exe"
Thu 19 Oct 2006 462,848 A..H. --- "C:\hp\patches\42WW1REC\src\App09961.exe"
Thu 19 Oct 2006 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App14604.exe"
Thu 19 Oct 2006 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App16827.exe"
Thu 19 Oct 2006 3,668,992 A..H. --- "C:\hp\patches\42WW1REC\src\App17421.exe"
Thu 19 Oct 2006 696,832 A..H. --- "C:\hp\patches\42WW1REC\src\App18716.exe"
Thu 19 Oct 2006 423,936 A..H. --- "C:\hp\patches\42WW1REC\src\App19169.exe"
Thu 19 Oct 2006 1,157,632 A..H. --- "C:\hp\patches\42WW1REC\src\App19718.exe"
Thu 19 Oct 2006 995,328 A..H. --- "C:\hp\patches\42WW1REC\src\App19895.exe"
Thu 19 Oct 2006 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App23281.exe"
Thu 19 Oct 2006 453,632 A..H. --- "C:\hp\patches\42WW1REC\src\App24464.exe"
Thu 19 Oct 2006 2,251,776 A..H. --- "C:\hp\patches\42WW1REC\src\App26962.exe"
Thu 19 Oct 2006 481,792 A..H. --- "C:\hp\patches\42WW1REC\src\App29358.exe"
Thu 19 Oct 2006 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App32391.exe"
Thu 19 Oct 2006 12,426,752 A..H. --- "C:\hp\patches\42WW1REC\src\App99990.exe"
Thu 19 Oct 2006 15,596,032 A..H. --- "C:\hp\patches\42WW1REC\src\App99992.exe"
Thu 19 Oct 2006 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\App99993.exe"
Thu 19 Oct 2006 5,256,704 A..H. --- "C:\hp\patches\42WW1REC\src\xApp14604.exe"
Thu 9 Aug 2007 400 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COH32LU.reg"
Thu 9 Aug 2007 403 A..H. --- "C:\Program Files\Common Files\Symantec Shared\COH\COHDLU.reg"
Sun 28 Oct 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0089cd1ec7c03d0a52caa6b6ea801507\BITC9.tmp"
Fri 14 Dec 2007 857 ...HR --- "C:\Documents and Settings\Owner\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!


Hi jack this:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:46 p.m., on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193513486234
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193513461562
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://atl.img.digitalriver.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 6259 bytes

You have no antivirus running. Why?


Please download Combofix by sUBs from one of the below links.
(Try all three if necessary)IMPORTANT - Combofix.exe MUST be saved to your your Desktop.
  • Close any open Web browsers. (Firefox, Internet Explorer, etc)
  • Close/disable all anti virus and anti malware programs so they do not interfere with Combofix. <-- IMPORTANT
    • Click on this link to see a list of programs that should be disabled. If yours is not listed and you don't know how to disable it, please ask.
  • Double click combofix.exe & follow the prompts.

      • From the keyboard select 1 and press Enter[/COLOR]
      • When finished, it will produce a log for you.
      • Post that log in your next reply.
      Do not mouseclick combofix's window while it's running.
      The scan will temporarily disable your desktop.
      If interrupted it may leave your computer frozen.
      If this occurs, please reboot to restore the desktop.


      Next post please add
      Combofix log
    I have norton 2008 running.Quote from: crazzyperson on January 22, 2008, 01:38:05 AM
    I have norton 2008 running.

    • Click on this link to see a list of programs that should be disabled.

      NORTON ANTIVIRUS
      Please navigate to the system tray on the bottom right hand corner and look for a sign.

      * right-click it -> chose "Disable Auto-Protect."
      * select a duration of 5 hours (this assures no interference with the cleanup of your pc)
      * click "Ok."
      * a popup will warn that protection will now be disabled and the sign will now look like this:

      You succesfully disabled the Norton Antivirus Guard.
    Discussion
    4607.

    Solve : Viruses vs. Networks?

    Answer»

    I am trying to answer a DQ at my COLLEGE, but I am at a loss. I have been doing some searches, but cannot SEEM to get this question answered. So, here it GOES...
    What can a virus do to a network? Can it change things, and if so What? I am sorry if I sound a bit THICK, but I am new to the computer arena.
    Thanks, Dorian! http://its.psu.edu/virus.html#effect
    Discussion
    4608.

    Solve : How to minimize the time virus scanners adware scanners ect take to perform scan?

    Answer»

    I have been scanning my computer with avg antivirus, WINDOWS DEFENDER and a AVG Anti-Spyware, and Spyware Terminator and all of the scans ( full) have taken more than TWO hours to complete. I used those programs at different times. How can I speed up the time they take to scan. I know the more files I have on the computer the more time it takes to scan.Quote from: alyoob on January 20, 2008, 08:25:45 AM

    I know the more files I have on the computer the more time it takes to scan.

    Using CCleaner prior to the scan will help some.

    Run them in safe mode.

    That is about all. If I Run the scans in safe mode it will find less viruses, because in safe mode there is limited number of processes running.Quote from: alyoob on January 20, 2008, 10:54:44 AM
    If I Run the scans in safe mode it will find less viruses, because in safe mode there is limited number of processes running.

    No, it still scans every file. The fewer processes running allow it to go through them faster.Scanning in safe mode might actually reveal more viruses since some viruses tries hide from or disable AV software in normal mode. 1) Keep the machine in shape.
    2) Run Diskclean and defrag regularly, depending on usage.
    3 ) Update and run scans more often...at first you may want to scan at night when you are not using the machine.
    4 ) The more often the scans are run the quicker they will run.
    5 ) Stay organised. If you have a ton of music files, photos and /or videos burn them to CD/DVD once they've been scanned.
    Discussion
    4609.

    Solve : Anti virus source code !!?

    Answer»

    Can any body help me in WRITING an ANTI virus source code ??Well basically a traditional antivirus engine does nothing more than comparing file signatures against signatures of known viruses. (In real LIFE it's more complex than that, but this is the basic idea.)
    So in order to create an anti virus program you will need signatures of the viruses it should be able to detect.

    But maybe you should get the basics down first. Like what programing language are you going to use to write the program? What operating system should it run under? What viruses should it detect and so on... Also what programming experience do you have? Because a project like this is not for beginners.
    I am a final year Comp Science Student . I am fully determined to design an anti-virus engine . The OS is Windows . Language can be C++ or most probably Java .Maybe you should take a look at an open source antivirus program then.
    http://www.clamwin.com/

    It is written in C++ and Python.How can I get source code or even documentation . I went to the site but I am not able to get it ! Please help You will have to CHECK it out from their SVN repository (source control) here.
    http://sourceforge.net/svn/?group_id=105508how to retrieve the source code from the CVS or give some idea how to contribute to the source code ??
    thanks for your help How to retrieve it is described on the page I linked to. Note that is not a CVS repository but a SVN repository. You will need a SVN client in order to do the checkout.
    TortoiseSVN is a good standalone SVN client. if you're using MS Visual Studio you might WANT to take a look at AnkhSVN.

    If you want to contribute to the source code you will need to contact the developers of Clamwin. I highly doubt they let anonymous people commit to the repository since that could seriously mess up the code. In that link there are options for retrieving the exe file not the source code .. I can see the codes but I cant download them all at once .. please help me in getting the code .. Have you downloaded a SVN client yet? If yes which one?I have downloaded TortoiseSVN and ankhsvn .. these are msi files .. will try to work out I have installed TortoiseSVN .. its telling to right click and create repository .. How to get the codes from net .. What URL to give ?? Please help ..This is the url for the repository.
    https://clamwin.svn.sourceforge.net/svnroot/clamwin

    It is listed on the page I linked to earlier.
    http://sourceforge.net/svn/?group_id=105508I tried to work out in linux ..
    svnadmin create /usr/svn/newrepos
    svn checkout "https://clamwin.svn.sourceforge.net/svnroot/clamwin/"
    I tried the above but it gave error as below ..
    svn: PROPFIND request failed on '/svnroot/clamwin'
    svn: PROPFIND of '/svnroot/clamwin': Could not resolve hostname `clamwin.svn.sou rceforge.net': Temporary failure in name resolution (https://clamwin.svn.sourcef orge.net)

    How to resolve please help ..What?
    In your last post you have downloaded TortoiseSVN and needed help getting it to download the repository... now you're suddenly doing it in Linux? Sorry can't help you there. I'm only a Linux beginner myself.
    Discussion
    4610.

    Solve : Worm targets Grand Theft Auto IV (and everything else)?

    Answer» http://www.sophos.com/security/blog/2008/05/1415.html

    Sophos has posted a blog entry last week about the popular video game, Grand Theft Auto IV. They NOTED that they saw a story on The Daily Mail which is a British NEWSPAPER about the game and that a new Trojan has targeted it. The Daily Mail claimed it is rojan-Downloader.Win32.VB.dck.

    After investigating the case, they found that it is not a Trojan but it is a worm. The worm is CAPABLE of propagating itself over the Gunetalla network and it does this process by sharing itself. This particular worm ALSO targets other video games such as Fortress 2 and Two Worlds.Good thing I don't have any of those games But Will it Blend?Quote from: evilfantasy on May 25, 2008, 02:44:32 AM
    But Will it Blend?
    that's gotta be one of the funniest posts i've seen here for a long time. i wish there was a laughing emoticon.
    Discussion
    4611.

    Solve : Another Bug screensaver virus?

    Answer»

    Here are a few other sites to scan the file from. You will have to copy and paste the results from them though.

    http://www.viruschief.com/
    http://virusscan.jotti.org/stept 2

    http://www.virustotal.com/vt/en/recepcion?43de5fa761e92b7bc650f0d6b1a58803

    what i see


    0 bytes size received / Se ha recibido un archivo vacio

    ?


    hope this means somthing

    thanksThats good news.

    Download ATF Cleaner by Atribune.
    Note: Vista users must use Run As Administrator

    • Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected BUTTON.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    Is everything running OK now?YES!!!!!!!!!!!!!! THANKS!!!!!!!!!!!!!!!!!!!!!!!!


    i noticed that after coming back from dinner with the PC left on i did not have the bugs all over my screen.

    And it seem my web browsing is a little faster

    i would like to personally thank you for this site and the professional help all you geeks sorry mean experts give to help remove other aholes programing that could make millions writing software for the good insted of getting kicks writing spam!!!

    again i am pretty good with computers IE networking and software, but it would have taken me a long time to fix this mess

    your status should be up graded from expert to guru!! as i have noticed that you have helped a lot of other people

    if i can i will leave co dos with the site
    MikeGlad you have your PC back! Still a few more final steps to do.

    Let's clear out the programs we've been using to clean up your computer, they are not suitable for
    general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.
    .
    • Click START then RUN
    • Now type Combofix /u in the runbox
    • Make sure there's a space between Combofix and /u
    • Then hit Enter.
    .
    .
    The above procedure will:
    • Delete:
      • ComboFix and its associated files and folders.
      • VundoFix backups, if present
      • The C:\Deckard folder, if present
      • The C:_OtMoveIt folder, if present
      • Reset the clock settings.
      • Hide file extensions, if required.
      • Hide System/Hidden files, if required.
      • Set a new, clean Restore Point.
      .
      ----------

      Set a New Restore Point to prevent possible REINFECTION from an old one
      Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
      • Go to Start > Programs > Accessories > System Tools and click System Restore
      • Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
      • The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
      • Next go to Start > Run and type Cleanmgr
      • Click OK
      • Click the More Options Tab.
      • Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
      .
      Use the Secunia Software Inspector to check for out of date software.
      • Click Start Now
      • Check the box next to Enable THOROUGH system inspection.
      • Click Start
      • Allow the scan to finish and scroll down to see if any updates are needed.
      • Update anything listed.
      .
      Here are some great tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

      To prevent unknown applications from being installed on your computer install WinPatrol 2008

      Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business PRACTICES and spam.

      SpywareBlaster - Secure your Internet EXPLORER to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

      Using SpywareBlaster to protect your computer from Spyware and Malware

      Check out Keeping Yourself Safe On The Web for tips and free tools to keep you safe in the future.

      Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

      Let us know if anything else comes up.

      Safe surfing....
      Discussion
      4612.

      Solve : trojanloader.xs help??

      Answer»

      Sorry, back again...

      Just checked my system startup list, found something called "ctfmon.exe" still there.

      I remember one of the previous processes listed that as malware or something, and supposedly removed it.

      Ideas?

      ThanksSounds like you need to reset your wallpaper.

      Try uninstalling and then re-installing Avast. Avast! Home Edition

      For a firewall I would suggest Comodo in Advanced mode Comodo FirewallEvil;... Uninstalled/Reinstalled Avast, PERFORMED boot scan, came out clean.

      Loaded Comodo Firewall... scanned, 1 detection, deleted.

      Is it now safe to trust this machine?
      Should I hang onto all the programs-OTMoveIT, Highjackthis, Mbam

      Read Tony Kleins essay.

      What else should /can I do?

      Thanks for all your help.

      Definitely look through Tony Kleins article.

      All the programs are safe to keep (except OTMoveIT) and run OCCASIONALLY to make sure nothing has crept in.

      1. Double click OTMoveIt2.exe to launch it.
      If using VISTA Right-Click OTMoveIt and choose Run As Administrator
      2. Click on the CleanUp! button.
      3. OTMoveIt2 will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
      4. Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)

      • When finished EXIT out of OTMoveIt2
      .
      I'm 99.99% sure you are now clear of malware.

      Let me know if anything else comes up.

      Everything appears to be FUNCTIONING as it should... even better than before the bug.

      Thanks for all your excellent help. Greatly appreciated.
      Discussion
      4613.

      Solve : Relentless pop-ups?

      Answer»

      I've had these pop ups that just won't stop no matter how many scans/fixes I do, helllllp

      What it does is open an Internet Explorer window (I use FireFox) with some random pop up every so often when I'm moving between pages. Sometimes the pop ups even continue after closing FireFox. No pop up blockers, adware/virus scans or removers have done anything to solve this problem.

      Process Explorer is showing that IEXPLORE is opening under one of the svchosts when a pop up occurs, I don't KNOW if that means anything, but might be a note-worthy detail.

      My temporary solution was to use Process Explorer to Suspend Internet Explorer so it can't do anything, and this works to stop the pop-ups, but is obviously not something I should keep doing forever (having a frozen IE seems to cause all sorts of random problems doing other things).

      I included a HijackThis log, I hope someone can help.
      Thanks in advance.

      [recovering space - attachment deleted by admin]Welcome to CH

      Prior to posting for help we ask that you PLEASE read and follow all instructions in the pinned topic titled Please read this before requesting malware removal help. Following the steps in the Guide will ALLOW for us to quickly help you with specific fixes for what may remain on your system.

      When you have COMPLETED those steps post the logs in this thread. QUOTE from: evilfantasy on May 24, 2008, 11:35:22 AM

      Welcome to CH

      Prior to posting for help we ask that you please read and follow all instructions in the pinned topic titled Please read this before requesting malware removal help. Following the steps in the Guide will allow for us to quickly help you with specific fixes for what may remain on your system.

      When you have completed those steps post the logs in this thread.
      Yeah, sorry, I kinda rushed and posted without reading that thing, I noticed it a minute ago >.<.

      I'll do those things in a little while and get back to you (sort of busy right now x_x).

      Thanks again.
      Discussion
      4614.

      Solve : Restore computer speed?

      Answer»

      Hi

      Recently my computer has been really slow and I am trying to clean it up and restore it to the original speed or close to it. I ran Superanti-spyware and then malwarebytes/ Anti-malware. Here are my results of this and a log from hijack this. thanks for the help!!

      Hijack this:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:23:13 PM, on 5/23/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: INTERNET Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\dlcxcoms.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
      C:\Program Files\Network Associates\Common Framework\McTray.exe
      C:\Program Files\Dell Photo AIO PRINTER 926\dlcxmon.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\WINDOWS\system32\java.exe
      C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
      C:\Program Files\Apple Software Update\SoftwareUpdate.exe
      C:\WINDOWS\system32\DllHost.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\MsiExec.exe
      C:\WINDOWS\system32\MsiExec.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cmich.edu/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
      O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
      O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
      O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
      O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[emailprotected]
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Find rule] C:\DOCUME~1\ANDREA~1\APPLIC~1\REALME~1\firstbowslive.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra CONTEXT menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
      O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
      O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
      O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
      O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
      O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
      O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
      O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
      O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156702192859
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab50108.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
      O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
      O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
      O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
      O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
      O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
      O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

      --
      End of file - 12354 bytes






      Malwarebytes' Anti-Malware 1.12
      Database version: 782

      Scan type: Full Scan (C:\|D:\|)
      Objects scanned: 141897
      Time elapsed: 1 hour(s), 32 minute(s), 3 second(s)

      Memory Processes Infected: 1
      Memory Modules Infected: 0
      Registry Keys Infected: 186
      Registry Values Infected: 8
      Registry Data Items Infected: 0
      Folders Infected: 29
      Files Infected: 220

      Memory Processes Infected:
      C:\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{00b498e3-0543-4624-8fde-1caf89a80550} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{00b498e3-0543-4624-8fde-1caf89a80550} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\sbtoolbar.toolbarctl.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\asapcom.asapenvelope (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\asapcom.asapenvelope.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{286e500c-ef0a-4aa3-a94d-e495f653ef4b} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\asapcom.asapmessage (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\asapcom.asapmessage.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{319260ab-be0c-4025-8569-7a27ed2faab9} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\sbhostol.mailanim.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\sbcoresrv.lfgax.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\sbtoolbar.htmlmenuui.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\asapcom.asapclass (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\asapcom.asapclass.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{8ac5bc54-b13b-4642-99f9-0baa2d116184} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\sbinstie.sbinstobj.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\sbwallpaper.wallpapermanager.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\asapcom.asapmain (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\asapcom.asapmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{9809a6b4-70b1-4bb2-b3b5-b415763a534e} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\sbcoresrv.coreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\sbhostol.webmailsend.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\asapcom.asaprecipients (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\asapcom.asaprecipients.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{d5178f77-c5e6-4e8f-9787-48b5d7eccce8} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{e678cbdc-d022-41f5-ab21-c43dfd9dfc3e} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e678cbdc-d022-41f5-ab21-c43dfd9dfc3e} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{ea232a0a-46f8-4d44-a30b-50321518a828} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\sbsrv.coreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{21447c90-6ec1-4fc1-9379-bd515008aedb} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{32c97a37-e2b8-4097-9330-5f3e1125e181} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{b0c3de1b-e3ff-4dd0-9229-f452cf9c678e} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{d2d94732-a74d-433c-98f7-9ed740e82ae9} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{dfd5d79b-ef2f-4a51-9821-5b469f05262e} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{bce2e826-d0f5-41c8-97be-28a6f540ceeb} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{53ced2d0-5e9a-4761-9005-648404e6f7e5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.





      HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\SBTV (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\SbHostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\sbtv (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.Registry Values Infected:
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-86bd-fd60bb9aae3a} (Adware.OneToolBar) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SpamBlockerUtility 4.8.4 (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\MSNBackgrounds (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\SrchAstt\3.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\SrchAstt\4.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Guest\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\NewCfg (Adware.OneToolBar) -> Quarantined and deleted successfully.

      Files Infected:
      C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3SHLLVW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3BROVLY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Local Settings\Application Data\Mozilla\Firefox\Profiles\foj64iz3.default\Cache\EEA4540Ed01 (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\3.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\3.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3RESTUB.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3SCHMON.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP487\A0050286.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050617.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050618.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050619.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050620.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050621.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050622.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050623.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050624.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050625.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050626.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050627.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050628.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050629.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050630.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050631.dll (Adware.Hotbar) -> Quarantined and deleted successfully.0A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050632.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050633.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050634.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050635.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050636.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050637.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP490\A0050638.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP492\A0050662.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP492\A0050663.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP492\A0050664.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP492\A0050666.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP509\A0054296.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP509\A0054297.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP509\A0054299.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\gynnselj.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\3.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\4.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\avatar.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\bgfader.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\close.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common-x.css (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\common.css (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\htmlctrl.js (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\include.js (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\loading.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\login.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\max.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\min.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\noflash.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\spacer.swf (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\unmax.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\wardrobe.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Avatar\COMMON\window.ico (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\0270E60F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\04B1B498 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\07A08B32.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\07A08CB8.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\07A08DE1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\07A08EEB (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\07BF4009.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\07BF4393.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\07BF46DF.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\07BF476B.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\07BF4856 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\07BF5D55.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\07BF5F1A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\07BF6014.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\07BF611E.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\0BE051B7 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\642BEE7F (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\ScreenSaver\Images\07BF83C9.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn-new.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Guest\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\SpamBlockerUtility_Icons\Registryrepair.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\SpamBlockerUtility_Icons\Software_Online_8.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\SpamBlockerUtility_Icons\wallpapere1.ico (Adware.Hotbar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\1.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\10.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\2.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\20off.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\3.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\4.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\5.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\6.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\7.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\8.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\9.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\action.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\atlantis.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\bfgtoolbarDLL.zip (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\bfgtoolbartb0500.cfg (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\bfg_greetings.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\card.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\COMBOSEARCH.acs (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\logo.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\mahjong.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\mygames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\mygamestoolbar.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\new.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\newgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\puzzle.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\search.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\thereef.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\topten.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\webgames.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Andrea Wight\Application Data\bfgtoolbar\word.bmp (Adware.OneToolBar) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Guest\Desktop\Free PC Wallpapers.lnk (Rogue.Link) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Desktop\Free PC Wallpapers.lnk (Rogue.Link) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Desktop\Find And Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.
      C:\Documents and Settings\Family\Desktop\Repair Your Registry.lnk (Rogue.Link) -> Quarantined and deleted successfully.I don't see SAS log.
      Was HijackThis run as the last one?yes the hijack was run last and I am workin on getting my SAS log. thanks for helpin me again (this is a different computer this time).You're welcome SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 05/23/2008 at 04:58 PM

      Application Version : 4.1.1046

      Core Rules Database Version : 3459
      Trace Rules Database Version: 1450

      Scan type : Complete Scan
      Total Scan Time : 01:29:41

      Memory items scanned : 169
      Memory threats detected : 0
      Registry items scanned : 6027
      Registry threats detected : 63
      File items scanned : 76086
      File threats detected : 31

      Adware.MyWebSearch
      [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
      C:\PROGRA~1\MYWEBS~1\BAR\4.BIN\MWSOEMON.EXE
      HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
      HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
      HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
      HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
      HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
      HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
      C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\4.BIN\MWSSRCAS.DLL
      HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
      HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
      HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
      HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
      HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
      HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
      HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
      HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
      HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
      HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
      HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
      C:\PROGRAM FILES\MYWEBSEARCH\BAR\4.BIN\MWSBAR.DLL
      HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
      HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
      HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
      HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
      HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
      HKLM\Software\Microsoft\Internet Explorer\Toolbar#{07B18EA9-A523-4961-B6BB-170DE4475CCA}
      HKU\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
      HKU\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
      C:\PROGRAM FILES\MYWEBSEARCH\BAR\3.BIN\MWSOEMON.EXE
      C:\PROGRAM FILES\MYWEBSEARCH\BAR\4.BIN\MWSOEMON.EXE
      C:\WINDOWS\Prefetch\MWSOEMON.EXE-0807FEB3.pf
      C:\WINDOWS\Prefetch\MWSOEMON.EXE-1A0FAB54.pf

      Adware.HotBar/SpamBlockerUtility (Low Risk)
      HKCR\SpamBlockerConfig.Application.1
      HKCR\SpamBlockerConfig.Application.1\Clsid
      HKCR\SpamBlockerUtility.CommBand.1
      HKCR\SpamBlockerUtility.CommBand.1\CLSID
      HKCR\SpamBlockerUtility.SbMain.1
      HKCR\SpamBlockerUtility.SbMain.1\CLSID
      HKU\.DEFAULT\Software\SpamBlockerUtility
      HKU\S-1-5-18\Software\SpamBlockerUtility
      HKLM\Software\SpamBlockerUtility
      HKLM\Software\SpamBlockerUtility\HostOI
      HKLM\Software\SpamBlockerUtility\HostOI\Mail
      HKLM\Software\SpamBlockerUtility\HostOI\Mail#business_card_promo
      HKLM\Software\SpamBlockerUtility\HostOI\Mail#promo_file
      HKLM\Software\SpamBlockerUtility\HostOI\Updates
      HKLM\Software\SpamBlockerUtility\HostOI\Updates#InstallDate
      HKLM\Software\SpamBlockerUtility\Install
      HKLM\Software\SpamBlockerUtility\Install#IE
      HKLM\Software\SpamBlockerUtility\Install#OL
      HKLM\Software\SpamBlockerUtility\Install#WT
      HKLM\Software\SpamBlockerUtility\Install#WP
      HKLM\Software\SpamBlockerUtility\Install#Install_Dir
      HKLM\Software\SpamBlockerUtility\Install#Installed_From
      HKLM\Software\SpamBlockerUtility\Install\CmpMap
      HKLM\Software\SpamBlockerUtility\Install\CmpMap#IE
      HKLM\Software\SpamBlockerUtility\Install\CmpMap#OL
      HKLM\Software\SpamBlockerUtility\Install\CmpMap#WT
      HKLM\Software\SpamBlockerUtility\Install\CmpMap#WP
      HKLM\Software\Spam Blocker
      HKLM\Software\Spam Blocker#BuyNow
      HKLM\Software\Spam Blocker#State
      HKLM\Software\Spam Blocker#First start
      HKLM\Software\Spam Blocker\ASAP
      HKLM\Software\Spam Blocker\ASAP#ServerAddress
      HKLM\Software\Spam Blocker\ASAP#Hash
      HKLM\Software\Spam Blocker\ASAP#URI

      Adware.Tracking Cookie
      C:\Documents and Settings\Family\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Guest\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\LocalService\Cookies\[emailprotected][2].txt
      *** You need to update your Java:
      http://java.sun.com/javase/downloads/index.jsp
      Java Runtime Environment (JRE) 6 Update 6
      Uninstall all previous versions of Java through Add\Remove.

      *** Go Start>Control Panel>Add\Remove, and...
      - Uninstall any of the following programs associated with Viewpoint:
      * Viewpoint Manager
      * Viewpoint Media Player
      * Viewpoint Toolbar
      - Uninstall any listing of MyWebSearch

      1. Print this post out, since you won't have an access to it, at some point.

      2. Close all windows, except for HijackThis.

      3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):

      - O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      - O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
      - O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
      - *O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      - *O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
      - *O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      - *O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      - *O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      - *O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      - O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\4.bin\mwsoemon.exe
      - *O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      - O4 - HKCU\..\Run: [Find rule] C:\DOCUME~1\ANDREA~1\APPLIC~1\REALME~1\firstbowslive.exe
      - *O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      - O4 - Global Startup: Digital Line Detect.lnk = ?
      - *O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      - O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

      4. CLICK on Fix checked button.

      5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears)

      6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

      7. Delete following files/folders (if present):

      - Viewpoint, MyWebSearch folders from C:\Program Files
      - Viewpoint folder from C:\Program Files\Common Files
      - REALMEwhatever_letters_follow folder from C:\DOCUMENTS AND SETTINGS\ANDREAwhatever_your_username_is\APPLICATION DATA

      8. Restart in Normal Mode.

      9. Post new HijackThis log.Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 1:23:54 AM, on 5/24/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\system32\dlcxcoms.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
      C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
      C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
      C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
      C:\Program Files\Network Associates\Common Framework\McTray.exe
      C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cmich.edu/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
      O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
      O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
      O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
      O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,[emailprotected]
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
      O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
      O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
      O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
      O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
      O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
      O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
      O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
      O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
      O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab
      O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1156702192859
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (ZPA_TexasHoldem Object) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab50108.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab55579.cab
      O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
      O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
      O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
      O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
      O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
      O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

      --
      End of file - 10195 bytes
      Your computer is clean

      1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
      Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html.
      Run CCleaner.

      2. Turn off System Restore:

      - Windows XP:
      1. Click Start.
      2. Right-click the My Computer icon, and then click Properties.
      3. Click the System Restore tab.
      4. Check "Turn off System Restore".
      5. Click Apply.
      6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
      7. Click OK.
      - Windows Vista:
      1. Click Start.
      2. Right-click the Computer icon, and then click Properties.
      3. Click on System Protection under the Tasks column on the left side
      4. Click on Continue on the "User Account Control" window that pops up
      5. Under the System Protection tab, find Available Disks
      6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
      7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
      8. Click OK

      3. Restart computer.

      4. Turn System Restore on.

      5. Download, and install free version of ThreatFire: http://www.threatfire.com/. It'll give you an extra protection against malwares. It won't interfere with your antivirus program

      6. Read So how did I get infected in the first place?: http://www.castlecops.com/postlite7736-.html

      7. Let me know, how your computer is doing.
      Discussion
      4615.

      Solve : Keylogger(s) residing within my PC??

      Answer»

      Removed the folder, now what exactly am I supposed to do?Quote from: evilfantasy on May 23, 2008, 09:39:11 PM

      How does everything seem to be now?

      Sorry. Was I supposed to scan again?I just want to know if you are NOTICING any problems is all.

      I am 99.99% sure you are now clear of any virus/keyloggers etc.

      Check for any outdated programs, updates usually patch security holes as well as fix performance issues.

      Use the Secunia Software Inspector

      • Click Start Now
      • Check the box next to Enable thorough system inspection.
      • Click Start
      • Allow the scan to finish and scroll down to see if any updates are needed.
      • Update anything listed.
      .
      ----------

      To prevent unknown applications from being installed on your computer INSTALL WinPatrol 2008

      ----------

      Install BOClean, just install it and forget it. It's that easy to use.

      Protect yourself from online identity theft - Comodo BOClean - Also stops trojans and many more malicious attacks.

      Learn more about how to protect yourself while on the internet read this article by TONY Klien: So how did I get infected in the first place?

      How is everything now?I think I'm all good, thanks for putting up with my ignorance.
      If I have anymore problems I'll let ya know. Thanks again!Quote
      thanks for putting up with my ignorance.

      Not ignorance!

      Thanks for putting up with .......us

      We'll be here if anything else comes up.

      Safe surfing...
      Discussion
      4616.

      Solve : internet slowdown and explorer errors?

      Answer»

      Hello... its me again..

      my computer has for the last couple of weeks started slowing down on the internet. I also am getting a windows error quite frequently, saying windows explorer has encountered a error and needs to shut down. It was doing ok on the internet and it was running fine, until I installed the new avg ANTIVIRUS. Then it is like it started to slow down after that and seems to be getting slower and slower as time goes by. I didn't think avg would cause that problem. Then I started getting windows explorer errors after I would listen to music on windows media player, but now I am getting them and haven't even gone near wmp. So I figure I would have someone look at my LOGS in here and tell me if I need to fix anything or have a virus I do not know about. before I MOVE on to any other troubleshooting I would like to know there is no malware. please let me know what I need to do or if you need more information.

      I am running avg free version 8.0.100, windows defender, I have a-squared but haven't used it in quite awhile now. I have windows firewall up also. 40gig hardrive
      system information is below:

      OS NameMicrosoft Windows XP Professional
      Version5.1.2600 Service Pack 2 Build 2600
      OS ManufacturerMicrosoft Corporation

      System ManufacturerGateway
      System Model8DT-084_
      System TypeX86-based PC
      Processorx86 Family 6 MODEL 4 Stepping 2 AuthenticAMD ~798 Mhz
      BIOS Version/DateAmerican Megatrends Inc. 0AASNP05, 7/23/1999
      SMBIOS Version2.3
      Windows DirectoryC:\WINDOWS
      System DirectoryC:\WINDOWS\system32
      Boot Device\Device\HarddiskVolume1
      LocaleUnited States
      Hardware Abstraction LayerVersion = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"

      Time ZoneMountain Daylight Time
      Total Physical Memory640.00 MB
      Available Physical Memory319.68 MB
      Total Virtual Memory2.00 GB
      Available Virtual Memory1.96 GB
      Page File Space1.34 GB
      Page FileC:\pagefile.sys

      logs are attached below.
      Thank you for your valuable time!


      [recovering space - attachment deleted by admin]MBAM, and SAS removed couple of THINGS, no biggies, though.
      Your RAM, 640MB. Is it 512+128? If so, I'd get rid of 128, and get another 512 stick.
      Possibly, AVG 8.0 is causing slowness.
      I'd uninstall it, and go either with 7.5 version, or switch to Avast.
      The ram is two 256 and one 128
      so everything looks ok to you? I was wondering if it was avg? I haven't ever tried avast. Is it better than avg or about the same?

      well thanks Broni for taking a look for me!! I just wanted to be sure. I will uninstall the avg and go back to earlier version!

      Thanks again! I really appreciate your contributions to the forum!!

      p.s. do you think the avg is causing the windows explorer errors too?Quote

      do you think the avg is causing the windows explorer errors too?
      We won't find out until AVG is gone.
      There has been a lot of problems with 8.0 version.
      Discussion
      4617.

      Solve : AVG or AVAST??

      Answer»

      On a new LAPTOP, I will USE avg or avast. Which of the 2 do you suggest?

      I have read here in the forum that latest avg (8?) is not as performing as previous ONE.

      thank you.
      airAS far as I have SEEN, most of the usuals on the board favor Avast! over AVGThe newest AVG (8.0) is definitely having problems, so, at this point, get Avast.I'm definitely in favor of AVG. Just get 7.5 until they work all of the KINKS out of the new version.I like avast better, you can only use one other wise it causes problems.
      Discussion
      4618.

      Solve : Zone Alarm Suite?

      Answer»

      I find this program using a lot of computer rescources.Are the free PROGRAMS any good.I usually go to SAFE sites only?Yes there are alot of free programs and they are really good I have avg, threatfire and comodo firewall I also have windows DEFENDER which are all free. Thank you brett 74 SURE no problem Suites usually suck (resources ).In my experience, I have FOUND that the free programs are actually better than most of the ones that cost money.I think Kaspersky is pretty good
      Discussion
      4619.

      Solve : Many problems.....please help!?

      Answer»

      OK - obviously I've got something wrong - computer is running extremely slow, booting up takes 10-15 minutes - same as shutting down, web pages take several minutes to load (if at all), etc. I've read the rules on what to do before posting here and downloaded Super AntiSpyware, Malwarebytes' Anti-Malware and HiJack This. I ran MBAM but after completing the scan I didn't see anywhere where it offered to clean the items it found. Not only that but it doesn't show any logs either. I've ran it several times & it's the same thing.

      Any idea what is happening?

      Thanks! Just get what logs you can and post them.ok - I've attached some logs. Superantispyware was done first, then Combofix, then Hijack this log was created.

      Thanks!

      [recovering space - attachment deleted by admin]Although it was needed, I wasn't actually looking for a combofix log, please try not to run any tools UNLESS asked. Some are very powerful and can destroy a PC if used improperly.


      If there are any warez/cracked programs on the PC remove them now.

      Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

      If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

      Additionally, cracked programs are illegal.

      ----------

      Delete these files/folders, as follows:

      1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
      It must be Notepad, not Wordpad.

      • Click Start , then Run
      • Type notepad.exe in the Run Box.
      2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

      Code: [Select]KillAll::

      Folder::
      C:\WINDOWS\VmFsdWVkIEN1c3RvbWVy

      FILE::
      C:\WINDOWS\system32\lpjooesx.exe
      C:\WINDOWS\system32\qyskketg.exe
      C:\WINDOWS\system32\atmtd.dll.tmp
      C:\WINDOWS\system32\rvhqjxoh.exe
      C:\jfcjr.exe
      C:\flciijjq.exe
      C:\1154735127
      C:\60.tmp
      C:\WINDOWS\b156.exe_old
      C:\EZ-DJ_Plus_v1.2_-_By_Samurize.rar
      C:\WINDOWS\SCE2287D1.tmp

      Registry::
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "BM47e0ef24"=-

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
      "{FA8BE6D5-40E0-48B8-B317-18A4A590918A}"=-

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byXPJYrq]
      3. Go to the Notepad window and click Edit > Paste
      4. Then click File > Save
      5. Name the file CFScript.txt - Save the file to your Desktop
      6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



      ComboFix will begin to execute, just follow the prompts.
      After reboot (in case it asks to reboot), it will produce a log for you.
      Post that log (Combofix.txt) in your next reply.

      Note: Do not mouseclick combofix's window while it is running. That may cause your system to freeze

      ----------

      After combofix has completed run a new Hijackthis scan and post the new log from it along with the combofix log.

      New combofix and Hijack This logs attached.

      Is it ok to attach these logs or do you prefer them copied into the post?

      Thanks for all your help!

      [recovering space - attachment deleted by admin]
        Either way, attached or copied is fine.

        Open Hijackthis and select Do a system scan only then place a CHECK mark next to:

        O20 - Winlogon Notify: byXPJYrq - byXPJYrq.dll (file missing)

        Now click Fix checked.

        Exit Hijackthis.

        ----------

        You need to install a free antivirus and do a full scan with it.

        Pick one of these.

      http://www.filehippo.com/download_avast_antivirus/
      http://www.filehippo.com/download_avg_antivirus/

      ----------

      Before you start the scan uninstall combofix.

      Time to do some cleanup and secure the work you have done.
      • Click START then RUN
      • Now type Combofix /u in the runbox
      • Make sure there's a space between Combofix and /u
      • Then hit Enter.
      .
      ----------

      Now do the antivirus scan and have it remove or quarantine anything it finds.

      Let me know how things are now.


      ok - I did everything as you said - fixed that missing file with HiJack This, uninstalled Combofix, downloaded and ran the AVG antivirus & it came up clean. Computer is running much better. Do you think I am clean?From the logs and now the AVG scan I would think you are in the clear

      You need to do a few more final steps.

      Set a New Restore Point to prevent possible reinfection from an old one
      Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.
      • Go to Start > Programs > Accessories > System Tools and click System Restore
      • Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
      • The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
      • Next go to Start > Run and type Cleanmgr
      • Click OK
      • Click the More Options Tab.
      • Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.
      .
      ----------

      Here are some great tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

      To prevent unknown applications from being installed on your computer install WinPatrol 2007

      Another thing I would suggest installing SiteAdvisor. SiteAdvisor rates sites on business practices and spam.

      SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like FIREFOX.
      * Using SpywareBlaster to protect your computer from Spyware and Malware

      And finally.

      Learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

      Let us know if anything ELSE comes up.
      Awesome! Thanks so much for all your help. I think I have learned my lesson about using warez & crackz.

      Have a great night!
      Discussion
      4620.

      Solve : got another trojan...please help?

      Answer»

      Here we go again. Norton auto protect picks it up over and over but doesn't get rid of it. Here are the LOGS...SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 05/21/2008 at 05:59 PM

      Application VERSION : 4.0.1154

      Core Rules Database Version : 3465
      Trace Rules Database Version: 1456

      Scan type : Complete Scan
      Total Scan Time : 01:04:37

      Memory items scanned : 392
      Memory threats detected : 0
      Registry items scanned : 5404
      Registry threats detected : 0
      File items scanned : 97651
      File threats detected : 1

      Adware.VideoAccessCodec-Gen
      C:\WINDOWS\EMTD.EXE
      Malwarebytes' Anti-Malware 1.12
      Database version: 755

      Scan type: Full Scan (C:\|)
      Objects scanned: 131345
      Time elapsed: 43 minute(s), 1 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 6:54:30 PM, on 5/21/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\SYSTEM32\astsrv.exe
      C:\WINDOWS\system32\crypserv.exe
      C:\Program Files\Symantec AntiVirus\DefWatch.exe
      C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
      C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\PROGRA~1\SYMANT~1\VPTray.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\Program Files\Logitech\iTouch\iTouch.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
      O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
      O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
      O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
      O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
      O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

      --
      End of file - 7012 bytes
      Thanks in advance!To start with, you're running two firewalls: ZA, and Norton. One has to go.
      When done, post new HJT log.Hi Broni!

      LOL We discussed this one last week. I don't have Norton firewall on my computer, just Anti-virus. Last week you said the same thing to me in another post, so I searched high and low and couldn't find ANYTHING on my computer pertaining to Norton Firewall. So what's next? LOL...OK

      *** Go Start>Control Panel>Add\Remove, and uninstall PartyGaming (if present)

      1. Print this post out, since you won't have an access to it, at some point.

      2. Close all windows, except for HijackThis.

      3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):

      - *O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      - *O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      - O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
      - O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunApp.exe
      - O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab

      4. CLICK on Fix CHECKED button.

      5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears)

      6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

      7. Delete following files/folders (if present):

      - PartyGaming folder from C:\Program Files

      8. Restart in Normal Mode.

      9. Post new HijackThis log.Hi Broni. I just restarted back to normal. Did you want me to run HijackThis again, or did you want the log from right before the restart to safe mode? Just making sure.Well, I ran another scan with HJT. Here's the newest log file.



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:05:18 PM, on 5/21/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\SYSTEM32\astsrv.exe
      C:\WINDOWS\system32\crypserv.exe
      C:\Program Files\Symantec AntiVirus\DefWatch.exe
      C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
      C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\PROGRA~1\SYMANT~1\VPTray.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\Program Files\Logitech\iTouch\iTouch.exe
      C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
      O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
      O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
      O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\SYSTEM32\astsrv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
      O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

      --
      End of file - 6459 bytes
      Your computer is clean

      1. Download, and install CCleaner: http://www.ccleaner.com/download/builds. Get "Slim" version.
      Read CCleaner instruction here: http://www.jahewi.nl/ccleaner/ccleaner.html.
      Run CCleaner.

      2. Turn off System RESTORE:

      - Windows XP:
      1. Click Start.
      2. Right-click the My Computer icon, and then click Properties.
      3. Click the System Restore tab.
      4. Check "Turn off System Restore".
      5. Click Apply.
      6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
      7. Click OK.
      - Windows Vista:
      1. Click Start.
      2. Right-click the Computer icon, and then click Properties.
      3. Click on System Protection under the Tasks column on the left side
      4. Click on Continue on the "User Account Control" window that pops up
      5. Under the System Protection tab, find Available Disks
      6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
      7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
      8. Click OK

      3. Restart computer.

      4. Turn System Restore on.

      5. Read So how did I get infected in the first place?: http://www.castlecops.com/postlite7736-.html

      6. Let me know, how your computer is doing.

      Sweet! Thanks again Broni!
      Discussion
      4621.

      Solve : Windows Security Center Virus?

      Answer»

      I have a HP Pavilion Computer running Microsoft XP. When I turned on my compute this morning a Windows Security Center box popped up telling me I was not protected with anitvirus and spyware, even though I have norton antivirus, webroot spyware and adaware, which are all run regularly. When I clicked on the Windows Security box to install, my Norton blocked it and labeled it a virus. After running all my anitvirus and several spyware programs, I cannot get rid of this. It continues to pop up boxes telling me to click on the security button on my taskbar and download.Quote

      Windows Security Center box popped up
      Most likely, fake warning...

      Print these instructions out.

      1. Download SUPERAntiSpyware Free for Home Users:
      http://www.superantispyware.com/

      * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
      * An icon will be created on your desktop. Double-click that icon to launch the program.
      * If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
      * Close SUPERAntiSpyware.

      Restart computer in Safe Mode.
      To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

      * Open SUPERAntiSpyware.
      * Under "Configuration and Preferences", click the Preferences button.
      * Click the Scanning Control tab.
      * Under Scanner Options make sure the following are checked (leave all others unchecked):
      o Close BROWSERS before scanning.
      o Scan for tracking cookies.
      o Terminate memory threats before quarantining.
      * Click the "Close" button to leave the control center screen.
      * Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
      * On the left, make sure you check C:\Fixed Drive.
      * On the right, under "Complete Scan", choose Perform Complete Scan.
      * Click "Next" to start the scan. Please be patient while it scans your computer.
      * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
      * Make sure everything has a checkmark next to it and click "Next".
      * A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
      * If asked if you want to reboot, click "Yes".
      * To retrieve the removal information after reboot, launch SUPERAntispyware again.
      o Click Preferences, then click the Statistics/Logs tab.
      o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      o Please copy and paste the Scan Log results in your next reply.
      * Click Close to exit the program.
      Post SUPERAntiSpyware log.

      RESTART COMPUTER!

      2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

      * Double-click mbam-setup.exe and follow the prompts to install the program.
      * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
      * If an update is found, it will download and install the latest VERSION.
      * Once the program has loaded, select Perform full scan, then click Scan.
      * When the scan is complete, click OK, then Show Results to view the results.
      * Be sure that everything is checked, and click Remove Selected.
      * When completed, a log will open in Notepad.
      * Post the log back here.

      The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
      Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

      RESTART COMPUTER!

      3. Download HijackThis:
      http://www.snapfiles.com/get/hijackthis.html
      Post HijackThis log.So I have spent all night and morning trying to run the spyware... my computer keeps crashing in the MIDDLE of the scans. Here are the error messages I am getting:

      This pops up first, but doesn't shut the computer down. I just click o.k.:
      IE7 Explorer.exe Instruction at 0x0lcf34739 referenced memory at 0x02df2e50. memory could not be read.

      Then later, this one pops up and shuts the computer down:
      System Unstable. Problem detected with windows. Shutdown buggy application to PREVENT damage. Kernel 32x.sys- address 0xA73C20AE base error code C03200, Date Stamp 566836A3. Kernel Debugger port Com3.

      With the SuperAntiSpyware, I paused the scan after it detected a few things and cleaned them out, but never got through a full scan. Here is the log from 2 "short"scans:

      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 05/02/2008 at 07:17 AM

      Application Version : 4.0.1154

      Core Rules Database Version : 3451
      Trace Rules Database Version: 1443

      Scan type : Complete Scan
      Total Scan Time : 00:09:16

      Memory items scanned : 560
      Memory threats detected : 0
      Registry items scanned : 6297
      Registry threats detected : 0
      File items scanned : 4363
      File threats detected : 123

      Adware.Tracking Cookie
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][3].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected]
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][5].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][3].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][4].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected]advertising[1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][6].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][3].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt

      #2SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 05/02/2008 at 07:24 AM

      Application Version : 4.0.1154

      Core Rules Database Version : 3451
      Trace Rules Database Version: 1443

      Scan type : Complete Scan
      Total Scan Time : 00:05:08

      Memory items scanned : 563
      Memory threats detected : 0
      Registry items scanned : 6297
      Registry threats detected : 0
      File items scanned : 835
      File threats detected : 9

      Adware.Tracking Cookie
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
      C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt

      Same with the Malware- the computer reboots before the scan finishes, so I don't have any logs on that one.

      Will post Hijack Log next.

      Thanks



      Here is the HiJack Log:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:32:28 PM, on 5/2/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\System32\gearsec.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\WINDOWS\ALCXMNTR.EXE
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Nova Development\Greeting Card Factory Deluxe 6.0\ReminderApp.exe
      C:\Program Files\Yapta\YaptaClient.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\DropBox\DropBox\DropBox.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
      C:\Program Files\Upromise\Upromise.exe
      C:\Program Files\Upromise\UpromiseUa.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
      C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Southwest Airlines\Ding\Ding.exe
      C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
      C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Yapta BHO - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
      O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
      O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      O4 - HKLM\..\Run: [ReminderApp] "C:\Program Files\Nova Development\Greeting Card Factory Deluxe 6.0\ReminderApp.exe"
      O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [Yapta Tracker] "C:\Program Files\Yapta\YaptaClient.exe" /onstartup
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
      O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BackupNotify] "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe"
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
      O4 - HKCU\..\Run: [QuickenBillminder] "C:\Program Files\Quicken\Billmind.exe" -startup
      O4 - HKCU\..\Run: [Upromise] "C:\Program Files\Upromise\Upromise.exe"
      O4 - HKCU\..\Run: [Upromise Update] "C:\Program Files\Upromise\UpromiseUa.exe"
      O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
      O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
      O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: FLAC
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
      O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
      O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll
      O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll
      O9 - Extra button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
      O9 - Extra 'Tools' menuitem: Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
      O9 - Extra button: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
      O9 - Extra 'Tools' menuitem: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
      O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
      O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
      O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - http://www.kodakgallery.com/downloads/hmpr/HMPR_WIN_IE_1/wiaaut.cab
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
      O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O20 - Winlogon Notify: wmpefhkv - C:\WINDOWS\SYSTEM32\wmpefhkv.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      --
      End of file - 12845 bytes

      I have also run the SmitFraudFix program, do you want that log as well?

      Thanks so much!Before I proceed any further, couple of questions.
      1. I can see some Symantec services running, but I can't see any ACTIVE antivirus, or firewall. What's the situation here?
      2. At what point are you getting IE error, and then Windows error?
      3. Superantispyware is supposed to be run from Safe Mode. Did you run it from Safe Mode?1. When I open Norton Protection Center Window, all areas are showing a green secure label and stated active. Is there more to it???

      2. The error messages seem to be random, maybe more like a timing issue instead of the actions I am performing. My computer has been shutting down and rebooting itself all day, seemingly sometime between 1-2 hours.

      3. Yes, I ran the superantispyware from safe mode and the computer still closed down. Also, the Security center window pops up and the shield appears in the icon taskbar during safe mode.If you go to Security Center: http://www.microsoft.com/windowsxp/using/security/internet/sp2_wscintro.mspx
      are firewall, and antivirus listed as ON?The Firewall is Off. There is no mention of antivirus but, under "Security Essentials" is the following message:

      The Security Center is currently unavailable because the "Security Center" service has not started or has stopped. Please close this window, restart the computer (or start the "Security Center" service), and then open the Security Center again.

      I restarted the computer and opened windows security center again and got the same message.Go Start>Run, type in:
      services.msc
      Click OK.
      Is Security Center listed as Started, and set to Automatic startup?it is listed as disabledI restarted the security center and it is now set to automatic. Then went into the windows security center (through the control panel) and it is now listing Firewall, Automatic Updates, and Virus Protection as on.Very good. Give me new HJT log.This morning after turning the computer on, the security center was disabled again. I have restarted it again. Then ran HJT. Here is the log:


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 7:49:55 AM, on 5/3/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\windows\system\hpsysdrv.exe
      C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
      C:\WINDOWS\System32\hphmon05.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\WINDOWS\ALCXMNTR.EXE
      C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Nova Development\Greeting Card Factory Deluxe 6.0\ReminderApp.exe
      C:\Program Files\Yapta\YaptaClient.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\DropBox\DropBox\DropBox.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Upromise\Upromise.exe
      C:\Program Files\Upromise\UpromiseUa.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\System32\gearsec.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\PIXELA\ImageMixer3\HDDCameraMonitor.exe
      C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
      C:\Program Files\Southwest Airlines\Ding\Ding.exe
      C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Yapta BHO - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
      O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
      O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
      O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      O4 - HKLM\..\Run: [ReminderApp] "C:\Program Files\Nova Development\Greeting Card Factory Deluxe 6.0\ReminderApp.exe"
      O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [Yapta Tracker] "C:\Program Files\Yapta\YaptaClient.exe" /onstartup
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
      O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BackupNotify] "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe"
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
      O4 - HKCU\..\Run: [QuickenBillminder] "C:\Program Files\Quicken\Billmind.exe" -startup
      O4 - HKCU\..\Run: [Upromise] "C:\Program Files\Upromise\Upromise.exe"
      O4 - HKCU\..\Run: [Upromise Update] "C:\Program Files\Upromise\UpromiseUa.exe"
      O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
      O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
      O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: FLAC
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
      O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
      O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll
      O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll
      O9 - Extra button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
      O9 - Extra 'Tools' menuitem: Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
      O9 - Extra button: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
      O9 - Extra 'Tools' menuitem: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
      O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
      O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
      O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - http://www.kodakgallery.com/downloads/hmpr/HMPR_WIN_IE_1/wiaaut.cab
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
      O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O20 - Winlogon Notify: wmpefhkv - C:\WINDOWS\SYSTEM32\wmpefhkv.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      --
      End of file - 12808 bytes

      thanks for all your help!
      *** Until we fix your problem, make sure, that after each restart you go to services.msc and start Security Center service manually.

      *** You need to update your Java:
      http://java.sun.com/javase/downloads/index.jsp
      Java Runtime Environment (JRE) 6 Update 6
      Uninstall all previous versions of Java through Add\Remove.

      *** Go Start>Control Panel\Add\Remove, and uninstall BackWeb (if listed)

      1. Print this post out, since you won't have an access to it, at some point.

      2. Close all windows, except for HijackThis.

      3. Put a checkmark next to the following HijackThis entries (some entries will be checkmarked to disable unnecessary startups; in those cases (marked with *), no actual program will be removed):

      - *O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
      - *O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
      - *O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
      - *O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      - *O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      - *O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet /keeploaded /nodetect
      - O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
      - *O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
      - *O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
      - *O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      - *O4 - HKLM\..\Run: [DropBoxUtility] "C:\Program Files\DropBox\DropBox\DropBox.exe" /s
      - *O4 - HKCU\..\Run: [Upromise] "C:\Program Files\Upromise\Upromise.exe"
      - *O4 - HKCU\..\Run: [Upromise Update] "C:\Program Files\Upromise\UpromiseUa.exe"
      - *O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
      - *O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      - O4 - Global Startup: ImageMixer HDD Camera Monitor.lnk = ?
      - O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
      - *O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      - O20 - Winlogon Notify: wmpefhkv - C:\WINDOWS\SYSTEM32\wmpefhkv.dll

      4. Click on Fix checked button.

      5. Restart your computer in Safe Mode (keep tapping F8 key, when your computer starts, until menu appears)

      6. Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.

      7. Delete following files/folders (if present):

      - search your computer for ALCXMNTR.EXE, and delete it
      - BackWeb-137903.exe from C:\Program Files\Updates from HP\137903\Program
      - wmpefhkv.dll file from C:\WINDOWS\SYSTEM32

      8. Restart in Normal Mode.

      9. Post new HijackThis log.There was no BackWeb program listed to uninstall.

      There were 3 alcxmntr.exe files that were deleted, the backweb-137903.exe was deleted, but when I went to delete the wmpefhkv.dll a message popped up saying, "(It) cannot be deleted, access is denied. Make sure disk is not full or write-protected and that file is not in use."

      Here is the HijackThis log:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 1:53:56 PM, on 5/3/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\System32\gearsec.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\windows\system\hpsysdrv.exe
      C:\HP\KBD\KBD.EXE
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Nova Development\Greeting Card Factory Deluxe 6.0\ReminderApp.exe
      C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
      C:\Program Files\Yapta\YaptaClient.exe
      C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      C:\Program Files\Southwest Airlines\Ding\Ding.exe
      C:\Program Files\InterMute\IMStart.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktop
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Yapta BHO - {2020dfef-8c87-4229-aa41-549d82210355} - C:\Program Files\Yapta\YaptaOverlay.dll
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll
      O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
      O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
      O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
      O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [ReminderApp] "C:\Program Files\Nova Development\Greeting Card Factory Deluxe 6.0\ReminderApp.exe"
      O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [Yapta Tracker] "C:\Program Files\Yapta\YaptaClient.exe" /onstartup
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
      O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BackupNotify] "c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe"
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
      O4 - HKCU\..\Run: [QuickenBillminder] "C:\Program Files\Quicken\Billmind.exe" -startup
      O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
      O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: FLAC
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
      O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll
      O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll
      O9 - Extra button: Yapta Settings - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
      O9 - Extra 'Tools' menuitem: Yapta Settings... - {0362b485-11fe-469c-ae98-42f478e581a0} - C:\Program Files\Yapta\YaptaSettings.exe
      O9 - Extra button: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
      O9 - Extra 'Tools' menuitem: Upromise IE Toolbar - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Yapta - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
      O9 - Extra 'Tools' menuitem: Yapta... - {0094A600-9BDD-4019-BAFE-487284F7D476} - C:\Program Files\Yapta\YaptaSidebar.dll (HKCU)
      O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
      O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - http://www.kodakgallery.com/downloads/hmpr/HMPR_WIN_IE_1/wiaaut.cab
      O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
      O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O20 - Winlogon Notify: wmpefhkv - C:\WINDOWS\SYSTEM32\wmpefhkv.dll
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
      O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

      --
      End of file - 10716 bytes
      Discussion
      4622.

      Solve : Virus/Malware Suspected - Unable to go to any antivirus sites, PC crashes, etc?

      Answer»

      Hi, my PC is having some odd problems lately. First of all, whenever I try to BROWSE to any antivirus or antispyware sites (using both Firefox and IE), it says "Page cannot be displayed", although clearly the address is correct. Also, I try accessing the sites via a proxy, and I am able to go to the sites. Second, the PC crashes when I try to UPDATE super anti spyware. Third, the PC crashes every now and then for unknown reasons. Fourth, sometimes my audio driver fails to WORK so I can't OPEN my volume control. Fifth, I belong to a network and when other people from my network attempt to access my computer (something that used to work), it says that I'm on a firewall, which I am not (did not change my password or access settings).

      Here are my logs. Thanks so much!



      [attachment deleted by admin]
      Discussion
      4623.

      Solve : Crypt Xpack Trojan OH NO!?

      Answer»

      I've been so frustrated by this stupid virus for the LAST few days, and I have forms to fill out for school that I'm not comfortable doing with a potential keystroke tracker or ANYTHING else nasty. I appreciate the steps proposed in the forum to fix my machine, and on the surface, it looks to be removed. I'd just be thrilled to have one of you help me check the logs.

      Thanks in advance!

      SUPERAntiSpyware Scan Log
      http://www.superantispyware.com

      Generated 01/02/2009 at 06:37 PM

      Application Version : 4.24.1004

      Core Rules Database Version : 3688
      Trace Rules Database Version: 1664

      Scan type : Complete Scan
      Total Scan Time : 00:26:56

      Memory items scanned : 317
      Memory threats detected : 0
      Registry items scanned : 4371
      Registry threats detected : 0
      File items scanned : 31078
      File threats detected : 0


      Malwarebytes' Anti-Malware 1.31
      Database version: 1456
      Windows 5.1.2600 Service Pack 2

      1/2/2009 6:48:45 PM
      mbam-log-2009-01-02 (18-48-45).txt

      Scan type: Full Scan (C:\|D:\|)
      Objects scanned: 73644
      Time elapsed: 9 minute(s), 1 second(s)

      Memory Processes Infected: 0
      Memory Modules Infected: 0
      Registry Keys Infected: 0
      Registry Values Infected: 0
      Registry Data Items Infected: 0
      Folders Infected: 0
      Files Infected: 0

      Memory Processes Infected:
      (No malicious items detected)

      Memory Modules Infected:
      (No malicious items detected)

      Registry Keys Infected:
      (No malicious items detected)

      Registry Values Infected:
      (No malicious items detected)

      Registry Data Items Infected:
      (No malicious items detected)

      Folders Infected:
      (No malicious items detected)

      Files Infected:
      (No malicious items detected)



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 6:49:27 PM, on 1/2/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Acer\eRecovery\Monitor.exe
      C:\Acer\eManager\anbmServ.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\WISPTIS.EXE
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Windows NT\Accessories\wordpad.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
      F2 - REG:system.ini: Shell=explorer.exe
      O2 - BHO: (no name) - {0117E4BC-8A6F-4845-AFE3-CA4D23143F58} - C:\WINDOWS\system32\fccbAQhE.dll (file MISSING)
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
      O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
      O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
      O4 - HKUS\S-1-5-18\..\Run: [msiexec.exe] msiconf.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [msiexec.exe] msiconf.exe (User 'Default user')
      O4 - Startup: Nikon Monitor.lnk = ?
      O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
      O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
      O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
      O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O20 - AppInit_DLLs: dhzpav.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O20 - Winlogon Notify: opnoPFuT - opnoPFuT.dll (file missing)
      O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

      --
      End of file - 5831 bytesDownload ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

      http://download.bleepingcomputer.com/sUBs/ComboFix.exe
      http://subs.geekstogo.com/ComboFix.exe

      Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

      Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

      Double-click combofix.exe and follow the prompts.
      When finished, ComboFix will produce a log for you.
      Post the ComboFix log and a new HijackThis log in your next reply.

      NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

      Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.My browser apparently has been hijacked; I can't go to any legitimate site to download combofix. I looked through a bunch of sketchy links, but don't really want to introduce any new trojans. Where is the best PLACE to find the program, other than bleeping computer and such?

      You're so patient and helpful! Thanks!Try this...

      Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.

      • Scroll down to Non-plug and Play Drivers and click the plus icon to open those drivers.
      • Then search for TDSSserv.sys
      • Let me know if you find this or not.
      • If you do find it, right click on it, and select Disable. Do not try to uninstall it.
      • Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.
      .

      And then...

      Please print these instructions as they will be needed later when Internet access is not available.

      Download SDFix by AndyManchesta and save it to your desktop. http://rapidshare.com/files/179891642/SDFix.exe.html

      When using this tool, you must use the Administrator's account or an account with Administrative rights
      • Double click SDFix.exe and it will extract the files to %systemdrive%
      • (this is the drive that contains the Windows Directory, typically C:\SDFix).
      • DO NOT use it just yet.
      .Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

      Open the SDFix folder and double click RunThis.bat to start the SCRIPT.
      • Type Y to begin the cleanup process.
      • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
      • Press any Key and it will restart the PC.
      • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
      • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
      • Copy and paste the contents of the results file Report.txt in your next reply.
      Don't try ComboFix again until you've gotten back to me about these new instructions first.
      SDFix: Version 1.240
      Run by Chris on Fri 01/09/2009 at 04:53 PM

      Microsoft Windows XP [Version 5.1.2600]
      Running From: C:\SDFix

      Checking Services :


      Restoring Default Security Values
      Restoring Default Hosts File

      Rebooting


      Checking Files :

      Trojan Files Found:

      C:\WINDOWS\antiv.exe - Deleted





      Removing Temp Files

      ADS Check :



      Final Check :

      catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-01-09 16:57:10
      Windows 5.1.2600 Service Pack 2 FAT NTAPI

      detected NTDLL code modification:
      ZwClose

      scanning hidden processes ...

      scanning hidden services ...

      HKLM\SYSTEM\CurrentControlSet\Services\SENSka

      scanning hidden autostart entries ...

      scanning hidden files ...

      C:\WINDOWS\system32\drivers\senekampyblhhb.sys 49152 bytes
      C:\WINDOWS\system32\drivers\seneka.sys 49152 bytes
      C:\WINDOWS\system32\senekadf.dat 16384 bytes
      C:\WINDOWS\system32\seneka.dat 16384 bytes
      C:\WINDOWS\system32\senekaevdyirtq.dll 16384 bytes
      C:\WINDOWS\system32\senekalrotpkds.dll 32768 bytes
      C:\WINDOWS\system32\senekalog.dat 49152 bytes
      C:\WINDOWS\system32\senekamloaqgom.dll 16384 bytes

      scan completed successfully
      hidden processes: 0
      hidden services: 1
      hidden files: 8


      Remaining Services :




      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
      "C:\\Program Files\\Microsoft Office\\Office12\\groove.exe"="C:\\Program Files\\Microsoft Office\\Office12\\groove.exe:*:Enabled:Microsoft Office Groove"
      "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

      Remaining Files :


      File Backups: - C:\SDFix\backups\backups.zip

      Files with Hidden Attributes :

      Sun 9 Nov 2008 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
      Sun 9 Nov 2008 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
      Sun 9 Nov 2008 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
      Sun 9 Nov 2008 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
      Sun 9 Nov 2008 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
      Mon 14 Mar 2005 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe"
      Mon 28 Feb 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll"

      Finished!

      Quote from: CBMatt on January 05, 2009, 04:34:27 PM
      Try this...

      Click Start > Control Panel > System > Hardware > Device Manager > View > Show Hidden Devices.
      • Scroll down to Non-plug and Play Drivers and click the plus icon to open those drivers.
      • Then search for TDSSserv.sys
      • Let me know if you find this or not.
      • If you do find it, right click on it, and select Disable. Do not try to uninstall it.
      • Also if this is found and you disable it, then reboot and see if you can run the other scans that would not run.

      Are you able to download and run ComboFix now after doing this?
      Discussion
      4624.

      Solve : adware/trojans. Keeps coming back.?

      Answer»
      EDIT again: Added superantispyware log.
      EDIT: Added two of the malwarebyte logs. One being the orginal scan with a bunch of crap and the other being the most recent having only 2 items infected.
      I keep getting rid of it with Malwarebyte and Super Anti Spyware but it almost immediately comes back every time. Here's a hijackthis log. Also, most of the ads want me to download some sort of BS antivirus and STUFF like that.
      edit: BTW I use windows XP service pack 2 and I use IE and FF interchangeably, and I seem to be getting more of the popups with IE.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 8:20:36 PM, on 12/22/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.17184)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Intel\Modem EVENT Monitor\IntelMEM.exe
      C:\Program Files\Dell\Media Experience\PCMService.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
      C:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
      C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
      c:\progra~1\mcafee.com\vso\mcvsescn.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\WebcamMax\wcmmon.exe
      C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
      C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AIM2.exe
      C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Verizon Online\bin\mpbtn.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
      c:\program files\mcafee.com\agent\mcdetect.exe
      c:\progra~1\mcafee.com\vso\mcvsftsn.exe
      c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\wanmpsvc.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Travis\My Documents\My Videos\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\Juno\SearchEnh1.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: {607b78ac-3a85-a969-30c4-42002b14f628} - {826f41b2-0024-4c03-969a-58a3ca87b706} - C:\WINDOWS\system32\djycda.dll
      O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
      O2 - BHO: (no name) - {f26788c3-3211-4d47-82da-6a6590bcb6f3} - C:\WINDOWS\system32\valopawi.dll (file missing)
      O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
      O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
      O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
      O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
      O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
      O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [behotifasu] Rundll32.exe "C:\WINDOWS\system32\toyipivo.dll",s
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
      O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
      O4 - Global Startup: AIM2.exe
      O4 - Global Startup: AMERICA Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
      O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
      O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
      O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
      O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

      --
      End of file - 10459 bytes


      [attachment deleted by admin]Sorry for the long wait. We are VERY backed-up right now! If you still require assistance, please post new logs and we'll see what we can do.I figured it would be a while with it being holidays and all. The superantispyware log in the original post is new and a hijackthis log is coming up. Also I seem to be getting even more popups and my computer is running quite slow. I also notice in the task manager that I have 6 SVCHOST.EXE's, which I think is strange, but I'm no expert.


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 1:29:51 PM, on 1/5/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.17184)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
      C:\Program Files\Dell\Media Experience\PCMService.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
      c:\progra~1\mcafee.com\vso\mcvsescn.exe
      C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\WebcamMax\wcmmon.exe
      C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Juno\exec.exe
      C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
      C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Verizon Online\bin\mpbtn.exe
      c:\program files\mcafee.com\agent\mcdetect.exe
      c:\progra~1\mcafee.com\vso\mcvsftsn.exe
      c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\wanmpsvc.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
      C:\Program Files\Juno\exec.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\iTunes\iTunes.exe
      C:\Documents and Settings\Travis\My Documents\My Videos\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
      R3 - URLSearchHook: (no name) - ~37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file)
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: {607b78ac-3a85-a969-30c4-42002b14f628} - {826f41b2-0024-4c03-969a-58a3ca87b706} - C:\WINDOWS\system32\djycda.dll
      O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: (no name) - {f26788c3-3211-4d47-82da-6a6590bcb6f3} - C:\WINDOWS\system32\yeneriho.dll
      O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
      O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
      O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
      O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
      O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
      O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [behotifasu] Rundll32.exe "C:\WINDOWS\system32\buvujano.dll",s
      O4 - HKLM\..\Run: [CPM57cb2fd5] Rundll32.exe "C:\WINDOWS\system32\gipidiwu.dll",a
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
      O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
      O4 - Global Startup: AIM2.exe
      O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
      O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gipidiwu.dll
      O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\gipidiwu.dll
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
      O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
      O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
      O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

      --
      End of file - 11196 bytes
      I wouldn't worry about svchost; that's fairly normal. I'm using my wife's computer at the moment and it currently has 7 instances of it running. It's an integral part of Windows and it has a lot of different jobs. As for your pop-ups...you still have some traces of the Vundo infection, so go ahead and do the following...

      Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

      http://download.bleepingcomputer.com/sUBs/ComboFix.exe
      http://subs.geekstogo.com/ComboFix.exe

      Close any open web browsers (Firefox, Internet Explorer, ETC) before starting ComboFix.

      Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

      Double-click combofix.exe and follow the prompts.
      When finished, ComboFix will produce a log for you.
      Post the ComboFix log and a new HijackThis log in your next reply.

      NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

      Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.Here's the log.

      [attachment deleted by admin]You posted the ComboFix log twice...do you have a new HijackThis log you can post?

      In the meantime, please do the following...

      Note: the below instructions were CREATED specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

      Delete these files/folders, as follows:

      1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
      It must be Notepad, not Wordpad.
      2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

      Code: [Select]KillAll::

      File::
      C:\WINDOWS\system32\yeneriho.dll
      C:\WINDOWS\system32\buvujano.dll
      C:\WINDOWS\system32\ebkp.dll

      3. Go to the Notepad window and click Edit > Paste
      4. Then click File > Save
      5. Name the file CFScript.txt - Save the file to your Desktop
      6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



      ComboFix will begin to execute, just follow the prompts.
      After reboot (in case it asks to reboot), it will produce a log for you.
      Post that log (Combofix.txt) in your next reply, along with a new HijackThis log.

      Note: Do not click ComboFix's window while it is running. That may cause your system to freezeLogfile of Trend Micro HijackThis v2.0.2
      Scan saved at 1:29:34 PM, on 1/9/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.17184)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      c:\program files\mcafee.com\agent\mcdetect.exe
      c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
      C:\Program Files\Dell\Media Experience\PCMService.exe
      C:\WINDOWS\system32\dla\tfswctrl.exe
      C:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
      C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
      c:\progra~1\mcafee.com\vso\mcvsescn.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
      C:\Program Files\WebcamMax\wcmmon.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AIM2.exe
      C:\WINDOWS\wanmpsvc.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
      C:\Program Files\Verizon Online\bin\mpbtn.exe
      c:\progra~1\mcafee.com\vso\mcvsftsn.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Documents and Settings\Travis\My Documents\My Videos\HiJackThis.exe
      C:\Program Files\Mozilla Firefox\firefox.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Toolbar Helper - {D44BBB61-E17F-4AE6-A502-8D7E0B29E616} - C:\WINDOWS\system32\s1940.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: (no name) - {f26788c3-3211-4d47-82da-6a6590bcb6f3} - C:\WINDOWS\system32\hogumana.dll (file missing)
      O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\system32\s1940.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
      O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\Toolbar.dll
      O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
      O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
      O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
      O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
      O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
      O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
      O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe
      O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [MPSExe] C:\Program Files\McAfee.com\MPS\mscifapp.exe /embedding
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [WebcamMaxMoniter] "C:\Program Files\WebcamMax\wcmmon.exe" /a
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
      O4 - HKLM\..\Run: [behotifasu] Rundll32.exe "C:\WINDOWS\system32\varofeje.dll",s
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
      O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
      O4 - Global Startup: AIM2.exe
      O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
      O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\bin\matcli.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\system32\s1940.dll/blogimage
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O18 - Protocol: ebk - {1E411CE8-FE8B-4973-B8E0-6EA2CC3C6B06} - C:\WINDOWS\system32\ebkp.dll (file missing)
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
      O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
      O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
      O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
      O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
      O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

      --
      End of file - 10399 bytes


      [attachment deleted by admin]Well, your infection appears to have grown some, but don't worry, I think we can still get rid of it. I'm going to give you another set of similar instructions...

      Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

      Delete these files/folders, as follows:

      1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
      It must be Notepad, not Wordpad.
      2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

      Code: [Select]KillAll::

      Folder::
      c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}

      File::
      c:\windows\SYSTEM32\ugijarot.ini
      c:\windows\SYSTEM32\ebajedik.ini
      c:\windows\SYSTEM32\opitafah.ini
      c:\windows\SYSTEM32\upijeval.ini
      c:\windows\SYSTEM32\osetihun.tmp
      c:\windows\SYSTEM32\rn.tmp
      c:\program files\mozilla firefox\components\MSVCR71.DLL
      c:\windows\SYSTEM32\dizikoli.dll
      c:\windows\SYSTEM32\gagukiyi.dll
      c:\windows\SYSTEM32\KGyGaAvL.sys
      c:\windows\SYSTEM32\pekiboba.dll
      c:\windows\SYSTEM32\pewefowo.dll
      c:\windows\SYSTEM32\wovahuzo.dll
      c:\windows\system32\hogumana.dll
      c:\docume~1\Tommy\LOCALS~1\Temp\asbp2poa.sys
      c:\windows\Tasks\opproqdv.job

      Registry::
      [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f26788c3-3211-4d47-82da-6a6590bcb6f3}]

      3. Go to the Notepad window and click Edit > Paste
      4. Then click File > Save
      5. Name the file CFScript.txt - Save the file to your Desktop
      6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



      ComboFix will begin to execute, just follow the prompts.
      After reboot (in case it asks to reboot), it will produce a log for you.
      Post that log (Combofix.txt) in your next reply, along with a new HijackThis log.

      Note: Do not click ComboFix's window while it is running. That may cause your system to freeze
      Discussion
      4625.

      Solve : Does Windows Defender Really Do Anything??

      Answer»

      I've no desire to get embroiled in the software wars, but it should be pointed out that after many years of neglect MS has finally started moving on the virus/spyware threat. Insiders say they have declared WAR on the malware WRITERS, and MS is doling out a lot of bucks to back up the effort.

      So, for a while at least, I'll withhold judgement until I see how well they do. They certainly have the resources, so hopefully some good will come of this.

      On my original WD question. I joined that MS REPORTING NETWORK, and the very same evening it reported a trojan to be zapped. I have nothing to be unhappy over so far.
      Discussion
      4626.

      Solve : Please search this for nasties...?

      Answer»

      Quote from: casse2go on November 01, 2007, 12:55:39 AM

      Well, Since I know jack about the computer; how about someone siting at one surrounded by question marks. Or something that conveys the same message.

      That word "siting" is misspelled. It should be "sitting". I like my CT and text. Can that be made into one?


      Okay now on to the business at hand. I went into "Start Up" to comply with your directive to uncheck. Here's what did.

      I clicked out of AOL, then went to desk top, I then did what you asked and when I had finished, this came up.
      An Access Denied error was returned while attempting to change a service. You may need to log on using an administrator account to make the specified changes. I then clicked OK and the prompt to RESTART came up so I clicked it.

      Wait, somewhere in there came the msg to choose to start the computer using the Normal Start Up. You prolly already know the window but here it is anyway.
      SYSTEM CONFIGURATION UTILITIES
      Start Up Selection

      empty circle: Normal Start Up
      empty circle: Diagnostic Start Up
      green dot in circle: Selective Start Up

      green check: Process System.INI File
      green check: Process Win.INI File
      green Check: Load System Services
      green square in square: Load Start Up Item
      green dot in circle: Use Original Boot.InI
      gray obscured: Use Modified Boot.INI


      [Load Syetem Restore] [Expand File]

      Close Cancel Apply Help

      I "Xed Out"...


      The msg about Access Denied came up again.

      Also, I went into the ADD/REMOVE programs to undo the McAfee items but they weren't in there so how do I get to them? Is it through the Notepad?
      This is what was in the ADD/REMOVE, is there anything you think I can ditch?

      adobe flash player 9 activeX
      adobe shockwave player
      AOL registration
      AOL uninstaller (choose PRODUCT to remove)
      AVG 7.5
      google toolbar for Internet Explorer
      HijackThis 1.99.1
      java (tm) 6 update 2
      jave (tm) 6 update 3
      *learn2player {uninstall only)
      microsoft easy assist
      *microsoft internationlized domain names mitigation APIs
      *microsoft national language support download APIs
      quick time
      real player basic
      viewpoint media player
      windows installer 3.1 (kb893802)


      Those with the "*", I have no idea what they're for. Unless they go with the Easy Assist.

      Thanks Broni...

      Quote
      I clicked out of AOL, then went to desk top, I then did what you asked and when I had finished, this came up.
      An Access Denied error was returned while attempting to change a service. You may need to log on using an administrator account to make the specified changes.
      Go Start>Run, type in:
      services.msc
      Find those two O23 entries:
      - McAfee Real-time Scanner (McShield)
      - McAfee SystemGuards (McSysmon)
      For each of them, follow this:
      If under STATUS column, you see Started, right click on entry, and click Stop.
      Right click again, click Properties, under Startup type select Disable from drop-down menu.
      Restart your computer.
      You may post new HJT log for me to see, if all changes has taken effect.

      Quote
      green dot in circle: Selective Start Up
      This is correct. Click OK, and Windows will ask you, if you want to restart your computer now, or later.
      UPON restart, you'll see a pop-up message, stating, that your computer started in Selective Mode. Put a checkmark in "Don't show this message again", and click OK.

      Quote
      I like my CT and text. Can that be made into one?
      You mean to have a text inside your picture?
      Quote
      I went into the ADD/REMOVE programs to undo the McAfee items but they weren't in there so how do I get to them?
      Most likely McAfee is long gone, but you have some registry leftovers, which still call for McAfee ("normal" with crappy programs).
      We'll worry about it later. For now, follow instructions from my previous post.

      Quote
      learn2player
      It looks like some AOL leftover. You can safely uninstall it.

      As for two M$ entries, you better leave them alone.Quote
      I like my CT and text. Can that be made into one?
      You mean to have a text inside your picture?

      Hi, no...not inside, but underneath as it appears in the CT.

      By the way, does the color tag work in here? Also, do you know how many pieces of mail the mailboxes in here hold?

      Yes, and I was correct to go offline with AOL before I went to msconfig wasn't I?The word "Started" wasn't by either Broni. I just "Xed Out".What do you mean by "xed out". You can't do this with services.
      What did you have under Status column?There wasn't anything by eitherof them, so just clicked on the red "X" in the northeast corner of the page, next to enlarge and minimize the page. I call it Xing Out.
      Discussion
      4627.

      Solve : search engines hijacked?

      Answer»

      Please download ATF Cleaner by Atribune. ATF Cleaner.exe This program does not require an installation. The executable actually runs the program.

      NOTE: ATF Cleaner will remove all files from the items that are checked so if you have some cookies you'd like to save. Please move them to a different directory first.
      * Double-click ATF-Cleaner.exe to run the program.
      * Under Main choose: Select All
      * Click the Empty Selected button.

      If you use Firefox BROWSER
      * Click Firefox at the top and choose: Select All
      * Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

      If you use Opera browser
      * Click Opera at the top and choose: Select All
      * Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

      Click Exit on the Main ATF Cleaner menu to close the program.

      ==========

      Next:

      1. Please download Combofix by sUBs. Place it on your Desktop. combofix.exe
      2. Double click combofix.exe & follow the prompts.
      3. When finished, it shall produce a log for you. Post that log in your next reply.
      Combofix will create a backup to anything removed in C:\qoovox

      Note:
      Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

      ==========

      Next post please add:
      Combofix logI found similar files in those two locations, but the names don't match exactly. Here's what I found:

      ConfigOCXDos32.exe-up.txt

      _wrar370.exe

      Thanks for the info on SYSTEM Restore. I'm guessing I need to go back and do that with another clean?

      I tried attaching the host files you asked for, but it says I'm not allowed to attach that type of file. Any ideas?


      I ran the two programs requested. Here's the combofix log:

      ComboFix 07-11-02.3 - Sadler 2007-11-02 11:35:38.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.201 [GMT -6:00]
      Running from: C:\Documents and Settings\Power User\Desktop\ComboFix.exe
      * Created a new restore point
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\kdick.exe

      .
      ((((((((((((((((((((((((( Files Created from 2007-10-02 to 2007-11-02 )))))))))))))))))))))))))))))))
      .

      2007-11-02 11:3351,200--a------C:\WINDOWS\NirCmd.exe
      2007-11-01 13:35d--------C:\Program Files\SUPERAntiSpyware
      2007-11-01 13:35d--------C:\Documents and Settings\Power User\Application Data\SUPERAntiSpyware.com
      2007-11-01 13:35d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
      2007-11-01 13:33d--------C:\Program Files\Common Files\Wise Installation Wizard
      2007-10-31 10:35512,096--a------C:\WINDOWS\system32\drivers\amon.sys
      2007-10-31 10:35298,104--a------C:\WINDOWS\system32\imon.dll
      2007-10-31 10:3515,424--a------C:\WINDOWS\system32\drivers\nod32drv.sys
      2007-10-26 16:17584,192-----c---C:\WINDOWS\system32\dllcache\rpcrt4.dll
      2007-10-17 16:37d--------C:\Downloads
      2007-10-17 10:37d--------C:\Program Files\Windows Media Connect 2
      2007-10-17 10:32d--------C:\WINDOWS\system32\LogFiles
      2007-10-17 10:32d--------C:\WINDOWS\system32\drivers\UMDF

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2007-10-26 21:01---------d-----wC:\Documents and Settings\Power User\Application Data\U3
      2007-10-25 15:32---------d-----wC:\Documents and Settings\Power User\Application Data\AdobeUM
      2007-10-17 22:47359,808----a-wC:\WINDOWS\system32\drivers\tcpip.sys
      2007-10-16 19:47---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP
      2007-09-17 23:20---------d-----wC:\Documents and Settings\Power User\Application Data\.ABC
      2007-09-17 22:29---------d-----wC:\Program Files\LogMeIn
      2007-09-17 21:05---------d-----wC:\Program Files\K-Lite Codec Pack
      2007-09-13 22:01---------d-----wC:\Program Files\ABC
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-19 08:59]
      "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-10-19 08:59]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
      "LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03]
      "HP COMPONENT Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
      "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
      "PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25]
      "IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45]
      "ControlCenter2.0"="C:\Program Files\SP\ControlCenter2\brctrcen.exe" [2006-09-07 17:45]
      "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-31 10:30]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
      LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

      R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys
      R1 Uim_IM;UIM DRIVE Backup Image Plugin;C:\WINDOWS\system32\Drivers\Uim_IM.sys
      R1 UimBus;Universal Image Mounter Controller;C:\WINDOWS\system32\DRIVERS\UimBus.sys
      R2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
      R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
      R2 Nhksrv;Netropa NHK Server;C:\WINDOWS\Nhksrv.exe
      R3 BrScnUsb;SP USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
      R3 BrSerIf;SP MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
      R3 BrUsbSer;SP MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
      R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
      R3 Msikbd2k;DellTouch;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys
      S3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
      S3 BioNT_BS;BioNT_BS;\??\C:\Program Files\Paragon Software\Drive Backup\BlueScrn\BioNT_bs.sys
      S3 brfilt;Brother MFC Filter Driver;C:\WINDOWS\system32\Drivers\Brfilt.sys
      S3 brparimg;Brother Multi Function Parallel Image driver;C:\WINDOWS\system32\DRIVERS\BrParImg.sys
      S3 BrParWdm;Brother WDM Parallel Driver;C:\WINDOWS\system32\Drivers\BrParwdm.sys
      S3 BrSerWdm;SP WDM Serial driver;C:\WINDOWS\system32\Drivers\BrSerWdm.sys
      S3 NAL;Nal Service ;\??\C:\WINDOWS\system32\Drivers\iqvw32.sys
      S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\RTL8150.SYS

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
      \Shell\AutoRun\command - F:\LaunchU3.exe -a

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bb588fe-c0fc-11db-a8eb-000874382a49}]
      \Shell\AutoRun\command - E:\LaunchU3.exe -a

      .
      **************************************************************************

      catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2007-11-02 11:41:34
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      Completion time: 2007-11-02 11:43:53 - machine was rebooted
      .
      --- E O F ---
      I finally got around to installing the Comodo firewall that you recommended. Once that was running it found some problems with "svchost.exe" and I denied the access for that program. That seems to have fixed the problem, and I can now search freely.

      Thanks again for all of your help figuring this out. Is there any more info you'd like me to post?Combofix did find "something" that I am not sure of and can find no information on.

      To be on the safe side lets try this:

      Run the BitDefender Online Scanner.

      Agree to the license and then select Scan. DO NOT CHANGE THE OPTIONS TO SHOW ALL FILES SCANNED. That will make your logs huge and we don't need to see clean files.

      Once Bitdefender completes the scan:
      Click-on the Detected Problems tab.
      Then select Click here to export the scan report.

      When the window comes up to save the report, change the Save as type: box to:
      Text (Tab Delimited) (*.txt) and then in the File name box enter change to bdscan then click Save.

      This will save a file named bdscan.txt. I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later).
      This bdcan.txt file will actually contain HTML code that we can easily view later while reviewing your log. All we have to do is rename the file to bdscan.html.

      If you do not follow these step, you will have an incorrect log or worse a log summary which is useless to us.

      Post the bdscan.txt file as an Attachment.
      Thanks To Chaslang For The Bitdefender Guide!Quote

      ConfigOCXDos32.exe-up.txt
      _wrar370.exe
      It may be helpful to know where exactly they are located.

      Quote
      I tried attaching the host files you asked for, but it says I'm not allowed to attach that type of file. Any ideas?
      You can try two things.
      If you opened "hosts" file in Notepad, make sure, you save it as "hosts.txt" format in order to upload it here.
      However, if it doesn't work, file itself may be too big.
      In that case, simply email that file to me.

      Quote
      Once that was running it found some problems with "svchost.exe" and I denied the access for that program.
      svchost.exe can be either legit Windows file, or a malware. It all depends in what location it resides. Legit Windows file will be found in Windows\System32 folder.
      Simply search your computer for svchost.exe, and post back all of its locations.
      Quote
      That seems to have fixed the problem, and I can now search freely.
      This may indicate, that Comodo blocked rather malware file, then legit one. But, as I said, post those file locations.

      I'm really glad, your searches are doing OK.

      P. S.
      If confirmed, it may be just a classic example why built-in Windows firewall is no good. When you have a trojan, it leaves an open door on your computer, through which all your sensitive data is transmitted to the outside world. I did some test with Windows firewall myself, and in 90% cases it won't prevent the above transmission.Locations for svchost.exe:

      C:\WINDOWS\system32
      C:\WINDOWS\ServicePackFiles\i386

      The two files you asked for earlier were located in the same place you told me to look (from the SuperAntispyware log). I went looking for the files again, but only found "C:\WINDOWS\ConfigOCXDos32.exe-up.txt" (the log listed "C:\WINDOWS\ConfigOCXDos32.exe").

      I also found a shortcut to this file at:
      C:\Documents and Settings\Power User\Recent

      As well as another text file (same name) with IE logo for icon in: My Computer

      The other file "C:\DOCUMENTS AND SETTINGS\POWER USER\LOCAL SETTINGS\TEMP\RARSFX0\_WINRAR.EXE" no longer exists (I'm guessing BitDefender deleted it?)

      The host files and BitDefender Scans are attached.

      Many thanks again for walking me through all this.

      [getting disk space - attachment deleted by admin]The only things that showed up were already quarantined or in the System Restore points.

      C:\Program Files\ESET\infected\WHSLXDCA.NQF=>(Quarantine-PE) Deleted
      C:\System Volume Information\_restore{1F9B0520-97DA-4948-9816-CA2C407F8E16}\RP142\A0015525.exe Deleted

      Empty the ESET quarantine. (if anything is still there)

      Toggle System Restore to remove infected restore points.

      System Restore
      1: Right click on the My Computer icon on your desktop and select properties.
      2: Click on the system restore tab.
      3: Check the box that says "Turn off system restore on all drives". Click OK.
      4: Click Yes when you are prompted to restart the computer
      5: To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.

      Are there any problems you are still having?I switched System Restore off, restarted, and then switched it back on. Is that all I need to do?

      I looked for the file in the ESET quarantine. I didn't find the one you listed, but was able to find these:

      C:\Program Files\ESET\infected\WHSLXDCA.NQI
      C:\Program Files\ESET\infected\MUAUFGAA.NQI
      C:\Program Files\ESET\infected\MUAUFGAA.NQF

      Should I delete all of these files?

      My searches are all working again. My system seems to be pretty slow now though. Could that be due to the new firewall that's running constantly?

      I've also been having issues with my BitTorrent client (ABC) freezing once or twice a day. It looks like it's downloading, but the amount of the file never increases. I was going to check with the client's manufacturer and see what they thought.

      Thanks again for all your time and help with this. Let me know if there's anything else I should do.

      Quote
      I looked for the file in the ESET quarantine. I didn't find the one you listed, but was able to find these:

      C:\Program Files\ESET\infected\WHSLXDCA.NQI
      C:\Program Files\ESET\infected\MUAUFGAA.NQI
      C:\Program Files\ESET\infected\MUAUFGAA.NQF

      Should I delete all of these files?

      They certainly aren't doing any good to keep. I would empty the quarantine.

      Quote
      My searches are all working again. My system seems to be pretty slow now though. Could that be due to the new firewall that's running constantly?

      What firewall do you use? Firewalls are not my strong point......

      Quote
      I've also been having issues with my BitTorrent client (ABC) freezing once or twice a day. It looks like it's downloading, but the amount of the file never increases. I was going to check with the client's manufacturer and see what they thought.

      Don't use EM. This is most likely the source of the malware problems to begin with. Just because the torrent client is clean, does not mean what you download with it is!

      Quote
      Thanks again for all your time and help with this. Let me know if there's anything else I should do.

      No problem on the help. You may want to do some system maintenance. Disk cleanup and defrag would likely speed things up.I'm using the Comodo firewall that was suggested earlier. It seems to be doing a great job of keeping me protected.

      I know exactly what I downloaded with BitTorrent that was the cause of my problems. I should have known better to begin with.

      I'll run the disk cleanup and defrag my C: drive now.

      Thanks again for all your help. I could not have done this without you, and really feel like my system is much better protected now.Quote
      I'm just running the windows XP firewall. I'm guessing that's not enough.

      I'm using the Comodo firewall that was suggested earlier.

      Be sure to run only one firewall. Two can cause conflicts.

      Delete:
      Combofix from your desktop
      Go to C:\qoovox <---delete the whole file

      You may want to toggle System Restore once more to ensure infected restore points are gone.

      System Restore
      1: Right click on the My Computer icon on your desktop and select properties.
      2: Click on the system restore tab.
      3: Check the box that says "Turn off system restore on all drives". Click OK.
      4: Click Yes when you are prompted to restart the computer
      5: To re-enable System Restore, follow steps 1-3, but in step 3, click to clear the Disable System Restore check box.

      Glad things are working better.

      Safe Surfing!
      Discussion
      4628.

      Solve : help with trojans!?

      Answer»

      don't have one. funny ha. but i'm pretty sure it isn't the mouse because as soon as I got the first trojans, the double clicking started. The mouse is pretty old, but everything works fine on it. toggle wheel and right clicking is fine. It's a SONY vaio laser mouse that came with the computer when I bought it a couple of years ago.Do you know someone who has a mouse you could try?not at this time, but I will tomorrow. I'm going to do a virus test and see if anything shows up on avg.Be sure to let us know how those go. I'm curious...does your mouse still act up in Safe Mode? If so, it's most likely the mouse itself and not an infection.I tried the mouse in safe mode and it still double clicks. So it's most likely the mouse.
      Well thanks for all the help I really appreciate it. I'll let you guys know what happens with a new mouse.Keep in mind that this method of testing isn't exactly foolproof, but Safe Mode only allows the basic components of the system to run, which means infections are typically dormant. So, when a problem like this still occurs, it leads us to believe the problem is with the hardware. You should clean out the mouse thoroughly, and if that doesn't work, you can purchase a new one for $5 to $25, depending on the kind you WANT.

      Also, you should get a firewall for that computer. You're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo. They're all good free firewalls. Just be sure you only have one installed at a time! Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.CBMATT, I just finished scanning with spybot and it seems that I might have some viruses still.

      This is what it found:

      AdRevolver
      Advertising.com
      BurstMedia
      CasaleMedia
      Clickbank
      Doubleclick
      ErrorSafe
      Fastclick
      Hitbox
      Malwarealarm
      Mediaplex
      Reliablestats
      Statcounter
      Webtrends live
      Zedo

      I've tried REMOVING this many times before, but they just keep coming back every time I scan.Those SOUND more like tracking cookies (is that how Spybot classified them?). If that's the case, you don't have much to worry about. Cookies can be put on your computer in many different ways, so it's common for them to keep reappearing. They're mostly harmless, though. However, you may want to download SpywareBlaster, which will block many popular cookies from getting on your computer. Install that and those files will most likely stop showing up in your scans.ok I'll try that, and thanks again for all the help.well, I tried a different mouse and it didn't double click. So I took mine apart and cleaned it really good. Now it doesn't do it any more. Sometimes it's the simple THINGS. And that's what I prefer because it makes my job a lot easier. Ha. I'm glad to hear you got this problem all sorted out, eman. If you have anymore questions, feel free to ask.

      Remember...when you get a chance, you should get one of those firewalls I suggested.As this issue appears to be resolved, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
      Discussion
      4629.

      Solve : svchost problem?

      Answer»

      hello friends,

      i am joshua suresh from Coimbatore , India.
      i am facing some serious problem with this svchost.exe .
      i got it into my laptop through a pen drive ....
      i am not sure whether its a worm, torjan or virus or anything.
      it has locked my task manager,wen i access task manager it says "your administrater has locked the task manager"
      it eats too much of my cpu... i am able to see it with my yahoo widget.

      plz help me out....
      its very urgent I'm not exactly sure what your problem is. svchost is a vital system file that WINDOWS needs to be able operate properly. What makes you so sure this file is causing you problems? Is it located in the C:\WINDOWS\system32 file?

      Also...which VERSION of Windows are you using?
      And what protection do you have?I don't assist via PM, so I am posting your message here for reference...

      Quote

      dear sir/madam..
      this is joshua from india, a very new user of this website and foram..
      actually i thought the prob is svchost.
      but the source is ssvichost.exe which came into my laptop through a pen drive
      plz help me...
      my task manager is locked, and constantly 90 % of my cpu utilization is used up.
      i can see that using a yahoo widget.
      plz help me.

      First, go ahead and download Flash Disinfector and run it in Safe MODE. Make sure you plug in the infected flash drive before doing so.

      You should then restart, SCAN with here and post the log here.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
      Discussion
      4630.

      Solve : computer has gone crazy, PLEASE HELP??????

      Answer»

      Hi There,

      I have no idea what is going on with my PC. I run Windows 98 in case it's important. I went on my computer last night and clicked on the internet icon... all that popped up was the properties menu. I then tryed opening other icons including my computer icon and documents folder.... and their properties menu popped up? If I right click then go to open it sometimes allows me to open... but if I go try to type an email all the keys will make a "dinging" noise and things start happening?? HEEEEELLPPPP!

      I restarted many times but it doesn't help. I run the free version of AVG everyday.

      Any help would be GREATLY appreciated. Is this possibly a virus?

      Thanks so much!

      TracyAVG free does not SCAN for spyware. To scan for spyware, you can download and install AVG ANTISPYWARE Free, SUPERAntiSpyware, Ad-Aware 2007 Free, and SpyBot S&D.It is very possibly a virus. But it could also be something else. For starters, download HijackThis, scan with it, and post a log here. Don't make any changes until instructed to do so.Hi There,

      Yes, I ran Adware and it didn't seem to help. I am using my son's email because I am not ABLE to type on my computer ... the keys keep going "PING, PING" and things happen LIKE if i type "H" then the help box pops up. Sometimes this happens for a while and then it stops. SO STRANGE!! I have downloaded Hijack This and put it on a CD ... I will go and try this... although i'm not sure if I will be able to. Will report back.

      Thanks so much for your suggestions.

      TracyHere is the log from Hijack This...


      Logfile of HijackThis v1.98.2
      Scan saved at 1:03:07 PM, on 10/2/07
      Platform: Windows 98 SE (Win9x 4.10.2222A)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

      Running processes:
      C:\WINDOWS\SYSTEM\KERNEL32.DLL
      C:\WINDOWS\SYSTEM\MSGSRV32.EXE
      C:\WINDOWS\SYSTEM\SPOOL32.EXE
      C:\WINDOWS\SYSTEM\MPREXE.EXE
      C:\WINDOWS\SYSTEM\MSTASK.EXE
      C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
      C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
      C:\WINDOWS\SYSTEM\mmtask.tsk
      C:\WINDOWS\EXPLORER.EXE
      C:\WINDOWS\TASKMON.EXE
      C:\WINDOWS\SYSTEM\SYSTRAY.EXE
      C:\WINDOWS\SYSTEM\ATICWD32.EXE
      C:\WINDOWS\SYSTEM\ATITASK.EXE
      C:\WINDOWS\SYSTEM\STIMON.EXE
      C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
      C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
      C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
      C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE
      C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
      C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
      C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
      C:\WINDOWS\SYSTEM\WMIEXE.EXE
      C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
      C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      F1 - win.ini: run=hpfsched
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
      O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
      O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
      O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
      O4 - HKLM\..\Run: [AtiKey] Atitask.exe
      O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
      O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
      O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVG7\AVGCC.EXE /STARTUP
      O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVG7\AVGEMC.EXE
      O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVG7\AVGAMSVR.EXE
      O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
      O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
      O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
      O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
      O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
      O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
      O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
      O4 - Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\pmremind.exe
      O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
      O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
      O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
      O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
      O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
      O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_11\BIN\SSV.DLL
      O12 - Plugin for .png: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
      O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
      O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
      O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://liveca12.custhelp.com/7530-b327h/rnl/java/RntX.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
      O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/16d655a93cc29eff1e23/netzip/RdxIE601.cab

      Your log looks clean to me. Did you try any of the programs from Comp Guy's post? If not, you should try SUPERAntiSpyware and Spybot. Update them and run them in Safe Mode (press F8 as the computer starts loading). Let us know if they find anything.

      While in Safe Mode, do you still have the same problem? And out of curiosity, have you tried using a different keyboard?Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
      Discussion
      4631.

      Solve : help! trojan backdoor.prorat?

      Answer»

      I suspect the trojan worm get into my pc when i run a utility.
      But I delete the utility(standalone utility,no setup needed).
      Every time i start pc,the dialogue pop-up.See attachement.
      then my symantec antivirus auto protect,delect and clean it.
      the file acffected is reginv.dll and winkey.dll under system32.
      I run adware,after scan ,i deleted away the viruses.
      but things happend again after i restart pc.
      then i go into safemode,found the files,but i can't delete it(in use).
      I search all program files and my softweare folder,can't find this utility.
      please help!

      [Saving disk space - attachment deleted by admin]Download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls.

      Post your ComboFix log along with a new HijackThis log.I used to Have The same problem on my computer Ill need You to follow what CBmatt said ok?
      Its still on your computer.... Try finding It through My computer Or look For anything suspiciousQuote from: wefr0 on September 27, 2007, 03:00:21 PM

      I used to Have The same problem on my computer Ill need You to follow what CBmatt said ok?
      Its still on your computer.... Try finding It through My computer Or look For anything suspicious
      You crazy.... Once we start, you won't have access to this post anymore, so I recommend that you print out this post or save it to a Notepad file. Open HijackThis and scan again. Check the following entries, but don't do anything to them yet...

      O2 - BHO: H - {327C3AF0-4EF6-4f8a-9A8D-685A4815D9F8} - C:\WINDOWS\system32\coman.dll (file missing)

      O4 - HKLM\..\Run: [firefox] firefoxupdateg.exe
      O4 - HKLM\..\RunServices: [firefox] firefoxupdateg.exe

      O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
      O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)

      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ges-msl.com
      O17 - HKLM\Software\..\Telephony: DomainName = ges-msl.com
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ges-msl.com
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ges-msl.com
      O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ges-msl.com

      Now, close all windows (including this one) besides HijackThis, then click Fix Checked. Close HijackThis and reboot into Safe Mode and enable hidden files and folders.

      Navigate to and delete the following file(s) if present...

      C:\WINDOWS\system\sservice.exe.bat
      C:\WINDOWS\system32\coman.dll
      C:\WINDOWS\system32\firefoxupdateg.exe
      C:\WINDOWS\system32\fservice.exe.bat

      Once you've done all of this, reboot into Normal Mode and post a new HijackThis log so we can see if there's any other junk we need to clean up. In addition to my above steps, you should check out the following removal advice from Symantec...

      http://www.symantec.com/security_response/writeup.jsp?docid=2003-061315-4216-99&tabid=3

      Also, I'd like for you to head over to VirusTotal and scan this file: C:\WINDOWS\system32\A414ED3F19.dll Once you have done that, copy and paste the results for me to see.i can't attach any file???R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
      O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
      O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [System Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
      O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [MSCalsClocks] C:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe
      O4 - HKCU\..\Run: [RK Launcher] C:\Program Files\RK Launcher\RKLauncher.exe
      O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe
      O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [foxy] "C:\Program Files\Honey\kupeer\9kupe.exe" -tray
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Startup: startup.bat
      O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
      O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
      O8 - Extra context menu item: ?? - res://C:\Program Files\Honey\kupeer\9kupe.exe/download.htmO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: 下載編碼內容(S&martGet) - D:\?\SmartGet1.1\dl_text.html
      O8 - Extra context menu item: 使用 S&martGet 下載 - D:\?\SmartGet1.1\dl_link.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://webmail.ges.com.sg/iNotes6W.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167363716225
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ges-msl.com
      O17 - HKLM\Software\..\Telephony: DomainName = ges-msl.com
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ges-msl.com
      O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = ges-msl.com
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Ixia Endpoint (IxiaEndpoint) - Ixia - C:\PROGRA~1\Ixia\Endpoint\endpoint.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
      O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exevirustotal result

      File A414ED3F19.dll__ received on 10.01.2007 03:00:03 (CET)
      Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


      Result: 0/32 (0%)it didn't do it. retry make sure the file is stile in the same locationno, i can't locate that file again when "browse"Go ahead and download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls.Quote from: CBMatt on October 02, 2007, 08:27:26 AM
      Go ahead and download ComboFix and save it to your desktop. Run the program and read its disclaimer (it's fairly short) and make sure you really pay attention to what it says. Follow the prompts and when finished, it will produce a log at C:\ComboFix.txt. Go ahead and post that here. Note: Don't click on the window while it's running; this may cause stalls.
      LOL, CBMAtt, you did mention it before.
      all done.
      ok, since the pop up windows didn;t pop again, and scan with symantec antivirus, no virus is found, so i assume my pc is clean now.
      ComboFix would help determine if there is anything else that should be removed. HOWEVER, if you feel that what has been done so FAR is enough, then that's fine. Either way, let us know.As this issue appears to be resolved, I am closing this TOPIC. If you are the original POSTER and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
      Discussion
      4632.

      Solve : Messenger Virus! (solved)?

      Answer»

      That shouldn't be a PROBLEM. It's just a good idea to close EVERYTHING to help the installation go smoothly. But if it worked without any problems, then I see no issue with that. Heh.As this issue appears to be RESOLVED, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you REQUIRE help, please start a New Topic with information about your computer and your problem.
      Discussion
      4633.

      Solve : Screenshots in Temp folder?

      Answer»

      Hi

      I am running windows xp and while browing the Temproary folder C:\Documents and Settings\admin\Local Settings\Temp folder I found 3 screenshots. Does that mean I have a spyware and someone is spying on me or it is normal to have screenshot in Temp folder.

      MY PC Config:

      Windows XP Professional
      AVG antivirus (free) + Spyware Doctor (free).

      What else do I need to do be sure that no one is spying on me.

      Please advice.

      ThanksWhat kind of screenshots are they? Screenshots of your computer?
      Speaking of screenshots...can you take a screenshot of the folder for US so we have a better idea of what you're talking about?Ah well I really deleted the files from the temp folder though it is a nice thought to have had a screenshot of it. The screeshots were of my Gmail account and my dekstop.

      I am not quite sure if there is some spware lurking. If you want a hijackthis log then I would do that also.

      Please advise. Arpit ........ Are you the only person using this machine ?


      dl65 Well no i am not the only one using the machine but rest are laymen. I am posting my HJT log. I have AVG and Spyware Doctor but they do not detect anything serious other than tracking cookies.

      Logfile of HijackThis v1.99.1
      Scan saved at 8:32:29 AM, on 10/5/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\WINDOWS\System32\alg.exe
      C:\Program Files\Spyware Doctor\SDTrayApp.exe
      C:\WINDOWS\System32\igfxtray.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\WINDOWS\system32\taskswitch.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Spyware Doctor\swdoctor.exe
      C:\Program Files\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1195061135592
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe


      Your HJT log looks perfectly clean.Agreed, it looks clean to me as well. Whatever those files were, I don't think they were a result of an infection. Just to be on the safe side, update your AVG and then download SUPERAntiSpyware and update that as well. Reboot into Safe MODE and scan with each program, one at a time.

      Also...you're vulnerable without a firewall, so you should look into getting either ZoneAlarm, Kerio Personal Firewall, or Comodo. They're all good free firewalls. Just be sure you only have one installed at a time! Download the firewall of your choice, disconnect from the internet, disable Windows Firewall, and install your new firewall.

      You should also go ahead and update your Java since Sun has just come out with a new update. Please follow these steps to remove older version Java components and update.

      Download the latest version of Java Runtime Environment (JRE) 6 to your desktop from here...
      http://javadl.sun.com/webapps/download/AutoDL?BundleId=12798

      • Close any programs you may have running - especially your web browser.
      • Go to Start > Control Panel double-click on Add/Remove Programs and remove all older versions of Java.
      • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
      • Click the Remove or Change/Remove button.
      • Repeat as many times as necessary to remove each Java versions.
      • Reboot your computer once all Java components are removed.
      • Then install the newest version by double-clicking the update file you just downloaded to your desktop.
      (Courtesy of oddjob.)Another thing:
      Quote
      Ah well I really deleted the files from the temp folder
      If they were some nasties, they wouldn't be most likely so easy to remove.Thanks guys for your advice. I also think that there isn't any thing much in it however I did get a lot scared when I saw those screenshots in my temp folder fearing that some program is emailing those screenshots.

      If you guys have any other suggestion then it welcome otherwise the topic deemed to be closed.

      Thanks again.

      ArpitJust keep an eye on that folder and make sure no more screenshots appear. If none, then you should be fine. I wouldn't worry too much about it.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
      Discussion
      4634.

      Solve : Virus issues, Downloader, Trojan.Vundo, Trojan Horse?

      Answer»

      okay heres the log from that FindAWF program. ill post the hijackthis in a sec.


      Find AWF report by noahdfear ©2006
      Version 1.40

      The current date is: Sat 09/29/2007
      The current time is: 11:06:15.51


      bak folders found
      ~~~~~~~~~~~


      Directory of C:\PROGRA~1\NAVNT\BAK

      09/24/2001 07:59 AM 73,728 vptray.exe
      1 File(s) 73,728 bytes

      Directory of C:\PROGRA~1\POPUPK~1\BAK

      09/28/2007 11:00 PM 0 banned.ini
      09/28/2007 11:00 PM 0 expopups.ini
      08/27/2001 03:54 PM 95,232 PopUpKiller.EXE
      09/28/2007 07:33 AM 0 popups.ini
      4 File(s) 95,232 bytes

      Directory of C:\PROGRA~1\ZUNE\BAK

      03/14/2007 05:03 PM 24,104 ZuneLauncher.exe
      1 File(s) 24,104 bytes

      Directory of C:\WINDOWS\SYSTEM32\BAK

      08/20/2002 10:29 AM 40,960 ezSP_Px.exe
      1 File(s) 40,960 bytes

      Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

      06/05/2003 12:35 PM 335,872 atiptaxx.exe
      1 File(s) 335,872 bytes

      Directory of C:\PROGRA~1\MARKANY\CONTEN~1\BAK

      01/30/2007 08:36 PM 57,344 MAAgent.exe
      1 File(s) 57,344 bytes

      Directory of C:\PROGRA~1\SAMSUNG\SAMSUN~1\BAK

      02/23/2007 04:32 PM 126,976 SMSTray.exe
      1 File(s) 126,976 bytes

      Directory of C:\PROGRA~1\SONY\SONICS~1\BAK

      05/08/2006 05:17 AM 81,920 SsAAD.exe
      1 File(s) 81,920 bytes

      Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

      03/09/2007 04:14 PM 185,896 realsched.exe
      1 File(s) 185,896 bytes

      Directory of E:\PROGRA~2\QUICKT~1\BAK

      04/27/2007 09:41 AM 282,624 qttask.exe
      1 File(s) 282,624 bytes

      Directory of E:\PROGRA~2\YAHOO!\MESSEN~1\BAK

      06/07/2007 02:08 PM 4,670,968 YahooMessenger.exe
      1 File(s) 4,670,968 bytes


      Duplicate files of bak directory contents
      ~~~~~~~~~~~~~~~~~~~~~~~

      24080 Aug 31 2007 "C:\Program Files\NavNT\vptray.exe"
      73728 SEP 24 2001 "C:\Program Files\NavNT\bak\vptray.exe"
      73728 Sep 24 2001 "E:\Program Files\NavNT\vptray.exe"
      441 Aug 31 2007 "C:\Program Files\PopUp Killer\banned.ini"
      0 Sep 28 2007 "C:\Program Files\PopUp Killer\bak\banned.ini"
      441 Mar 3 2007 "E:\Program Files\PopUp Killer\banned.ini"
      0 Aug 31 2007 "C:\Program Files\PopUp Killer\expopups.ini"
      0 Sep 28 2007 "C:\Program Files\PopUp Killer\bak\expopups.ini"
      0 Mar 3 2007 "E:\Program Files\PopUp Killer\expopups.ini"
      24080 Aug 31 2007 "C:\Program Files\PopUp Killer\PopUpKiller.EXE"
      95232 Aug 27 2001 "C:\Program Files\PopUp Killer\bak\PopUpKiller.EXE"
      95232 Aug 27 2001 "E:\Program Files\PopUp Killer\PopUpKiller.exe"
      0 Aug 31 2007 "C:\Program Files\PopUp Killer\popups.ini"
      0 Sep 28 2007 "C:\Program Files\PopUp Killer\bak\popups.ini"
      0 Mar 3 2007 "E:\Program Files\PopUp Killer\popups.ini"
      24080 Aug 31 2007 "C:\Program Files\Zune\ZuneLauncher.exe"
      24104 Mar 14 2007 "C:\Program Files\Zune\bak\ZuneLauncher.exe"
      40960 Aug 20 2002 "C:\WINDOWS\system32\ezSP_Px.exe"
      40960 Aug 20 2002 "C:\WINDOWS\system32\bak\ezSP_Px.exe"
      40960 Aug 20 2002 "E:\WINDOWS\system32\ezSP_Px.exe"
      24080 Aug 31 2007 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      335872 Jun 5 2003 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
      335872 Jun 5 2003 "E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      24080 Aug 31 2007 "C:\Program Files\MarkAny\ContentSafer\MAAgent.exe"
      57344 Jan 30 2007 "C:\Program Files\MarkAny\ContentSafer\bak\MAAgent.exe"
      24080 Aug 31 2007 "C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe"
      126976 Feb 23 2007 "C:\Program Files\Samsung\Samsung Media Studio 5\bak\SMSTray.exe"
      24080 Aug 31 2007 "C:\Program Files\Sony\SonicStage\SsAAD.exe"
      81920 May 8 2006 "C:\Program Files\Sony\SonicStage\bak\SsAAD.exe"
      24080 Aug 31 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
      185896 Mar 9 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
      180269 Jun 5 2006 "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"
      24080 Aug 31 2007 "E:\Program Files\QuickTime\qttask.exe"
      282624 Apr 27 2007 "E:\Program Files\QuickTime\bak\qttask.exe"
      4670704 Aug 27 2007 "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
      4670968 Jun 7 2007 "E:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"


      end of report
      okay and heres the HJT thing.


      µTorrent
      Ad-aware 6 Personal
      Adobe Flash Player ActiveX
      Adobe Reader 6.0
      AIM 6
      Apple Software Update
      ATI Control Panel
      ATI Display Driver
      BUFFALO Client Manager 3
      CCleaner (remove only)
      CDBurnerXP Pro
      CEP - Color Enable Package
      Cucusoft DVD to iPod/PSP + iPod/PSP Video Converter Suite 2.8.3
      Cucusoft DVD to Zune + Zune Video Converter Suite 5.16.5.3
      Data Lifeguard Tools
      DataCastComponent
      DivX Content Uploader
      DivX Web Player
      EVEREST Home Edition v2.20
      Google Toolbar for Internet Explorer
      Google Video Player
      HijackThis 1.99.1
      Hotfix for Windows Media Format 11 SDK (KB929399)
      Hotfix for Windows Media Player 11 (KB939683)
      Hotfix for Windows XP (KB926239)
      Java 2 Runtime Environment, SE v1.4.1_03
      Java Web Start
      Java(TM) 6 Update 2
      Kazaa Media Desktop 2.5.1
      Lame ACM MP3 Codec
      LiveUpdate 1.6 (Symantec Corporation)
      Logitech MouseWare 9.79
      Macromedia Shockwave Player
      Microsoft .NET Framework 1.1
      Microsoft .NET Framework 1.1
      Microsoft .NET Framework 1.1 Hotfix (KB928366)
      Microsoft Compression Client Pack 1.0 for Windows XP
      Microsoft User-Mode Driver Framework Feature Pack 1.0
      Mozilla Firefox (2.0.0.7)
      MSXML 4.0 SP2 (KB936181)
      MSXML 6.0 Parser (KB933579)
      Norton AntiVirus Corporate Edition
      NVIDIA Drivers
      OpenMG AAC Add-on Module 1.0.00
      OpenMG Limited PATCH 4.5-06-05-12-01
      OpenMG Secure Module 4.5.01
      PDF Manual NW-E000 Series
      QuickTime
      Q-Xpress Installer 1.1.9
      RealPlayer
      Samsung Media Studio
      Security Update for Windows Media Player (KB911564)
      Security Update for Windows Media Player 10 (KB936782)
      Security Update for Windows Media Player 11 (KB936782)
      Security Update for Windows Media Player 6.4 (KB925398)
      Security Update for Windows Media Player 9 (KB917734)
      Security Update for Windows XP (KB890046)
      Security Update for Windows XP (KB893756)
      Security Update for Windows XP (KB896358)
      Security Update for Windows XP (KB896422)
      Security Update for Windows XP (KB896423)
      Security Update for Windows XP (KB896424)
      Security Update for Windows XP (KB896428)
      Security Update for Windows XP (KB899587)
      Security Update for Windows XP (KB899589)
      Security Update for Windows XP (KB899591)
      Security Update for Windows XP (KB900725)
      Security Update for Windows XP (KB901017)
      Security Update for Windows XP (KB901190)
      Security Update for Windows XP (KB901214)
      Security Update for Windows XP (KB902400)
      Security Update for Windows XP (KB905414)
      Security Update for Windows XP (KB905749)
      Security Update for Windows XP (KB908519)
      Security Update for Windows XP (KB911562)
      Security Update for Windows XP (KB911567)
      Security Update for Windows XP (KB911927)
      Security Update for Windows XP (KB912919)
      Security Update for Windows XP (KB913580)
      Security Update for Windows XP (KB914388)
      Security Update for Windows XP (KB914389)
      Security Update for Windows XP (KB916281)
      Security Update for Windows XP (KB917344)
      Security Update for Windows XP (KB917422)
      Security Update for Windows XP (KB917953)
      Security Update for Windows XP (KB918118)
      Security Update for Windows XP (KB919007)
      Security Update for Windows XP (KB920213)
      Security Update for Windows XP (KB920670)
      Security Update for Windows XP (KB920683)
      Security Update for Windows XP (KB920685)
      Security Update for Windows XP (KB921398)
      Security Update for Windows XP (KB921503)
      Security Update for Windows XP (KB922616)
      Security Update for Windows XP (KB922819)
      Security Update for Windows XP (KB923191)
      Security Update for Windows XP (KB923414)
      Security Update for Windows XP (KB923689)
      Security Update for Windows XP (KB923694)
      Security Update for Windows XP (KB923980)
      Security Update for Windows XP (KB924191)
      Security Update for Windows XP (KB924270)
      Security Update for Windows XP (KB924496)
      Security Update for Windows XP (KB924667)
      Security Update for Windows XP (KB925902)
      Security Update for Windows XP (KB926255)
      Security Update for Windows XP (KB926436)
      Security Update for Windows XP (KB927779)
      Security Update for Windows XP (KB927802)
      Security Update for Windows XP (KB928090)
      Security Update for Windows XP (KB928255)
      Security Update for Windows XP (KB928843)
      Security Update for Windows XP (KB929123)
      Security Update for Windows XP (KB929969)
      Security Update for Windows XP (KB930178)
      Security Update for Windows XP (KB931261)
      Security Update for Windows XP (KB931784)
      Security Update for Windows XP (KB932168)
      Security Update for Windows XP (KB935839)
      Security Update for Windows XP (KB935840)
      Security Update for Windows XP (KB936021)
      Security Update for Windows XP (KB937143)
      Security Update for Windows XP (KB938127)
      Security Update for Windows XP (KB938829)
      Shockwave
      Sims2Pack Clean Installer
      Sony PSP Media Manager 1.0a
      Spybot - Search & Destroy 1.4
      The Sims 2
      The Sims 2 Glamour Life Stuff
      The Sims 2 Nightlife
      The Sims 2 Open For Business
      The Sims 2 Pets
      The Sims 2 University
      The Sims™ 2 Bon Voyage
      The Sims™ 2 Celebration! Stuff
      The Sims™ 2 Seasons
      Update for Windows XP (KB894391)
      Update for Windows XP (KB898461)
      Update for Windows XP (KB900485)
      Update for Windows XP (KB908531)
      Update for Windows XP (KB910437)
      Update for Windows XP (KB911280)
      Update for Windows XP (KB916595)
      Update for Windows XP (KB920872)
      Update for Windows XP (KB922582)
      Update for Windows XP (KB927891)
      Update for Windows XP (KB930916)
      Update for Windows XP (KB931836)
      Update for Windows XP (KB933360)
      Update for Windows XP (KB938828)
      Veoh Player
      Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
      Windows Installer 3.1 (KB893803)
      Windows Live Messenger
      Windows Media Format 11 runtime
      Windows Media Format 11 runtime
      Windows Media Player 11
      Windows Media Player 11
      Windows XP Hotfix - KB873339
      Windows XP Hotfix - KB885835
      Windows XP Hotfix - KB885836
      Windows XP Hotfix - KB886185
      Windows XP Hotfix - KB887472
      Windows XP Hotfix - KB887742
      Windows XP Hotfix - KB888113
      Windows XP Hotfix - KB888302
      Windows XP Hotfix - KB890859
      Windows XP Hotfix - KB891781
      Windows XP Service Pack 2
      WinRAR archiver
      XviD MPEG-4 Video Codec
      Yahoo! Browser Services
      Yahoo! Messenger
      Yahoo! Search Protection
      Zune



      (and on a slightly off topic note, when those viruses were giving me problems my Sims 2 ran horribly! now it runs as smooth as it did before. so thanks so much for helping me cuz...man...id go crazy without my sims.)I'm glad things are running a bit better for you now. But there's still just a bit more cleanup we need to do. First, you should remove the following...

      Java 2 Runtime Environment, SE v1.4.1_03

      You have a newer version of Java, so this one isn't necessary. All it's doing is taking up space. Now, go ahead and open up FindAWF.
      When presented with the different options, choose #2.
      A text file will open up. Copy/paste the following bold text into that file...

      C:\Program Files\NavNT\bak\vptray.exe
      C:\Program Files\PopUp Killer\bak\banned.ini
      C:\Program Files\PopUp Killer\bak\expopups.ini
      C:\Program Files\PopUp Killer\bak\PopUpKiller.EXE
      C:\Program Files\PopUp Killer\bak\popups.ini
      C:\Program Files\Zune\bak\ZuneLauncher.exe
      C:\WINDOWS\system32\bak\ezSP_Px.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
      C:\Program Files\MarkAny\ContentSafer\bak\MAAgent.exe
      C:\Program Files\Samsung\Samsung Media Studio 5\bak\SMSTray.exe
      C:\Program Files\Sony\SonicStage\bak\SsAAD.exe
      C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe
      E:\Program Files\QuickTime\bak\qttask.exe
      E:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe

      Close the .txt file and click Yes to save the changes.
      When the tool has completed, a report will open up in Notepad. Please post the results of the awf.txt here along with a new HijackThis log.okay stupid question but how do i delete that version of java?Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java that you find. Version 6, update 2, is the only one you should keep at the moment.


      OJthanks oddjob


      Find AWF report by noahdfear ©2006
      Version 1.40
      Option 2 run successfully

      The current date is: Wed 10/03/2007
      The current time is: 1:54:08.62


      bak folders found
      ~~~~~~~~~~~


      Directory of C:\PROGRA~1\NAVNT\BAK

      09/24/2001 07:59 AM 73,728 vptray.exe
      1 File(s) 73,728 bytes

      Directory of C:\PROGRA~1\POPUPK~1\BAK

      10/02/2007 04:21 PM 0 banned.ini
      10/02/2007 04:21 PM 0 expopups.ini
      10/02/2007 03:07 PM 28,176 PopUpKiller.EXE
      09/28/2007 07:33 AM 0 popups.ini
      4 File(s) 28,176 bytes

      Directory of C:\PROGRA~1\ZUNE\BAK

      03/14/2007 05:03 PM 24,104 ZuneLauncher.exe
      1 File(s) 24,104 bytes

      Directory of C:\WINDOWS\SYSTEM32\BAK

      08/20/2002 10:29 AM 40,960 ezSP_Px.exe
      1 File(s) 40,960 bytes

      Directory of C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

      06/05/2003 12:35 PM 335,872 atiptaxx.exe
      1 File(s) 335,872 bytes

      Directory of C:\PROGRA~1\GOOGLE\GOOGLE~2\BAK

      09/04/2007 10:58 PM 68,856 GoogleToolbarNotifier.exe
      1 File(s) 68,856 bytes

      Directory of C:\PROGRA~1\MARKANY\CONTEN~1\BAK

      01/30/2007 08:36 PM 57,344 MAAgent.exe
      1 File(s) 57,344 bytes

      Directory of C:\PROGRA~1\POPUPK~1\BAK\BAK

      08/27/2001 03:54 PM 95,232 PopUpKiller.EXE
      1 File(s) 95,232 bytes

      Directory of C:\PROGRA~1\SAMSUNG\SAMSUN~1\BAK

      02/23/2007 04:32 PM 126,976 SMSTray.exe
      1 File(s) 126,976 bytes

      Directory of C:\PROGRA~1\SONY\SONICS~1\BAK

      05/08/2006 05:17 AM 81,920 SsAAD.exe
      1 File(s) 81,920 bytes

      Directory of C:\PROGRA~1\YAHOO!\SEARCH~1\BAK

      06/08/2007 09:59 AM 224,248 SearchProtection.exe
      1 File(s) 224,248 bytes

      Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK

      03/09/2007 04:14 PM 185,896 realsched.exe
      1 File(s) 185,896 bytes

      Directory of C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

      07/12/2007 04:00 AM 132,496 jusched.exe
      1 File(s) 132,496 bytes

      Directory of E:\PROGRA~2\QUICKT~1\BAK

      10/02/2007 03:07 PM 28,176 qttask.exe
      1 File(s) 28,176 bytes

      Directory of E:\PROGRA~2\QUICKT~1\BAK\BAK

      04/27/2007 09:41 AM 282,624 qttask.exe
      1 File(s) 282,624 bytes

      Directory of E:\PROGRA~2\YAHOO!\MESSEN~1\BAK

      06/07/2007 02:08 PM 4,670,968 YahooMessenger.exe
      1 File(s) 4,670,968 bytes


      Duplicate files of bak directory contents
      ~~~~~~~~~~~~~~~~~~~~~~~

      28176 Oct 2 2007 "C:\Program Files\NavNT\vptray.exe"
      73728 Sep 24 2001 "C:\Program Files\NavNT\bak\vptray.exe"
      73728 Sep 24 2001 "E:\Program Files\NavNT\vptray.exe"
      441 Aug 31 2007 "C:\Program Files\PopUp Killer\banned.ini"
      0 Oct 2 2007 "C:\Program Files\PopUp Killer\bak\banned.ini"
      441 Mar 3 2007 "E:\Program Files\PopUp Killer\banned.ini"
      0 Aug 31 2007 "C:\Program Files\PopUp Killer\expopups.ini"
      0 Oct 2 2007 "C:\Program Files\PopUp Killer\bak\expopups.ini"
      0 Mar 3 2007 "E:\Program Files\PopUp Killer\expopups.ini"
      24080 Aug 31 2007 "C:\Program Files\PopUp Killer\PopUpKiller.EXE"
      28176 Oct 2 2007 "C:\Program Files\PopUp Killer\bak\PopUpKiller.EXE"
      95232 Aug 27 2001 "C:\Program Files\PopUp Killer\bak\bak\PopUpKiller.EXE"
      95232 Aug 27 2001 "E:\Program Files\PopUp Killer\PopUpKiller.exe"
      0 Aug 31 2007 "C:\Program Files\PopUp Killer\popups.ini"
      0 Sep 28 2007 "C:\Program Files\PopUp Killer\bak\popups.ini"
      0 Mar 3 2007 "E:\Program Files\PopUp Killer\popups.ini"
      24080 Aug 31 2007 "C:\Program Files\PopUp Killer\PopUpKiller.EXE"
      28176 Oct 2 2007 "C:\Program Files\PopUp Killer\bak\PopUpKiller.EXE"
      95232 Aug 27 2001 "C:\Program Files\PopUp Killer\bak\bak\PopUpKiller.EXE"
      95232 Aug 27 2001 "E:\Program Files\PopUp Killer\PopUpKiller.exe"
      28176 Oct 2 2007 "C:\Program Files\Zune\ZuneLauncher.exe"
      24104 Mar 14 2007 "C:\Program Files\Zune\bak\ZuneLauncher.exe"
      40960 Aug 20 2002 "C:\WINDOWS\system32\ezSP_Px.exe"
      40960 Aug 20 2002 "C:\WINDOWS\system32\bak\ezSP_Px.exe"
      40960 Aug 20 2002 "E:\WINDOWS\system32\ezSP_Px.exe"
      28176 Oct 2 2007 "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      335872 Jun 5 2003 "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
      335872 Jun 5 2003 "E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      52272 Apr 7 2007 "C:\Program Files\Google\googletoolbar1user.exe"
      4562944 Apr 28 2006 "C:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe"
      28176 Oct 2 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      1145896 Mar 9 2007 "C:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
      138168 Apr 7 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
      68856 Sep 4 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
      4856576 Jun 21 2006 "E:\Documents and Settings\starrs crap\My Documents\GoogleVideoPlayerSetup_2006_04_28-14-09_pcg.exe"
      4562944 Apr 28 2006 "E:\Program Files\Google\Google Video Player\GoogleVideoPlayer.exe"
      559784 Jun 5 2006 "E:\Program Files\Common Files\Real\GToolbar\GoogleToolbarInstaller.exe"
      28176 Oct 2 2007 "C:\Program Files\MarkAny\ContentSafer\MAAgent.exe"
      57344 Jan 30 2007 "C:\Program Files\MarkAny\ContentSafer\bak\MAAgent.exe"
      24080 Aug 31 2007 "C:\Program Files\PopUp Killer\PopUpKiller.EXE"
      28176 Oct 2 2007 "C:\Program Files\PopUp Killer\bak\PopUpKiller.EXE"
      95232 Aug 27 2001 "C:\Program Files\PopUp Killer\bak\bak\PopUpKiller.EXE"
      95232 Aug 27 2001 "E:\Program Files\PopUp Killer\PopUpKiller.exe"
      28176 Oct 2 2007 "C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe"
      126976 Feb 23 2007 "C:\Program Files\Samsung\Samsung Media Studio 5\bak\SMSTray.exe"
      28176 Oct 2 2007 "C:\Program Files\Sony\SonicStage\SsAAD.exe"
      81920 May 8 2006 "C:\Program Files\Sony\SonicStage\bak\SsAAD.exe"
      28176 Oct 2 2007 "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
      224248 Jun 8 2007 "C:\Program Files\Yahoo!\Search Protection\bak\SearchProtection.exe"
      28176 Oct 2 2007 "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
      185896 Mar 9 2007 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
      180269 Jun 5 2006 "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"
      132496 Sep 25 2007 "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      132496 Jul 12 2007 "C:\Program Files\Java\jre1.6.0_02\bin\bak\jusched.exe"
      24080 Aug 31 2007 "E:\Program Files\QuickTime\qttask.exe"
      28176 Oct 2 2007 "E:\Program Files\QuickTime\bak\qttask.exe"
      282624 Apr 27 2007 "E:\Program Files\QuickTime\bak\bak\qttask.exe"
      24080 Aug 31 2007 "E:\Program Files\QuickTime\qttask.exe"
      28176 Oct 2 2007 "E:\Program Files\QuickTime\bak\qttask.exe"
      282624 Apr 27 2007 "E:\Program Files\QuickTime\bak\bak\qttask.exe"
      24080 Aug 31 2007 "E:\Program Files\QuickTime\qttask.exe"
      28176 Oct 2 2007 "E:\Program Files\QuickTime\bak\qttask.exe"
      282624 Apr 27 2007 "E:\Program Files\QuickTime\bak\bak\qttask.exe"
      28176 Oct 2 2007 "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
      4670968 Jun 7 2007 "E:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe"


      end of report

      and the new HJT log

      Logfile of HijackThis v1.99.1
      Scan saved at 2:01:24 AM, on 10/3/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
      C:\Program Files\NavNT\defwatch.exe
      C:\Program Files\NavNT\rtvscan.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\MsgSys.EXE
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\WgaTray.exe
      C:\Program Files\Logitech\MouseWare\system\em_exec.exe
      C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\analyse\analyse.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://firstdatajobs.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: TB Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\WinBudget\bin\matrix.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
      O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\bak\PopUpKiller.EXE
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\bak\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
      O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
      O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
      O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - Global Startup: ClientManager3.lnk = C:\Program Files\BUFFALO\Client Manager3\cm3_tray.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O15 - Trusted Zone: *.whataboutadog.com
      O15 - Trusted Zone: *.whataboutarabit.com
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
      O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.hotmail.msn.com/resources/MsnPUpld.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190263651562
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190263605609
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
      O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
      O16 - DPF: {CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_03) -
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Bwsvc - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager3\bwsvc\bwsvc.exe
      O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

      Hi, queen, sorry for the delay. As I'm sure you've noticed, things can get a little busy over here. Please download SUPERAntiSpyware (you'll need this later). The fix appears to have not worked, so I would like you to reboot into Safe Mode and try my FindAWF instructions again (copying the filepaths into the Notepad file). Once again, a logfile will open.

      Because we get busy at times, I'm GOING to try giving you a Plan B in case the above doesn't work. When you are given the logfile, check the Duplicate files of bak directory contents section at the bottom. If it still lists all of those files, then try the following...

      Open up Notepad (do this part before going into Safe Mode) and copy/paste everything in the below quote box...
      Quote

      @echo off
      for %%g in (
      "C:\Program Files\NavNT\vptray.exe"
      "C:\Program Files\PopUp Killer\banned.ini"
      "C:\Program Files\PopUp Killer\expopups.ini"
      "C:\Program Files\PopUp Killer\PopUpKiller.exe"
      "C:\Program Files\PopUp Killer\popups.ini"
      "C:\Program Files\Zune\ZuneLauncher.exe"
      "C:\WINDOWS\system32\ezSP_Px.exe"
      "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      "C:\Program Files\MarkAny\ContentSafer\MAAgent.exe"
      "C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe"
      "C:\Program Files\Sony\SonicStage\SsAAD.exe"
      "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
      "E:\Program Files\QuickTime\qttask.exe"
      "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
      ) do (
      if exist %%g attrib -s -h -r %%g
      del /s/f/q %%g
      )>nul 2>&1

      copy /y "C:\Program Files\NavNT\bak\vptray.exe" "C:\Program Files\NavNT\vptray.exe"
      copy /y "C:\Program Files\PopUp Killer\bak\banned.ini" "C:\Program Files\PopUp Killer\banned.ini"
      copy /y "C:\Program Files\PopUp Killer\bak\expopups.ini" "C:\Program Files\PopUp Killer\expopups.ini"
      copy /y "C:\Program Files\PopUp Killer\bak\PopUpKiller.exe" "C:\Program Files\PopUp Killer\PopUpKiller.exe"
      copy /y "C:\Program Files\PopUp Killer\bak\popups.ini" "C:\Program Files\PopUp Killer\popups.ini"
      copy /y "C:\Program Files\Zune\bak\ZuneLauncher.exe" "C:\Program Files\Zune\ZuneLauncher.exe"
      copy /y "C:\WINDOWS\system32\bak\ezSP_Px.exe" "C:\WINDOWS\system32\ezSP_Px.exe"
      copy /y "C:\Program Files\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe" "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      copy /y "C:\Program Files\MarkAny\ContentSafer\bak\MAAgent.exe" "C:\Program Files\MarkAny\ContentSafer\MAAgent.exe"
      copy /y "C:\Program Files\Samsung\Samsung Media Studio 5\bak\SMSTray.exe" "C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe"
      copy /y "C:\Program Files\Sony\SonicStage\bak\SsAAD.exe" "C:\Program Files\Sony\SonicStage\SsAAD.exe"
      copy /y "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe" "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
      copy /y "E:\Program Files\QuickTime\bak\qttask.exe" "E:\Program Files\QuickTime\qttask.exe"
      copy /y "E:\Program Files\Yahoo!\Messenger\bak\YahooMessenger.exe" "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"

      exit

      Go to File > Save As and next to Save as type, choose All Files and save the file as restoreawf.bat. Run the file in Safe Mode and then scan with SUPERAntiSpyware and let it clean whatever it wants. Run FindAWF one more time and save the log, then restart your computer and post the results here along with a new HijackThis log.thats okay, youre still helping me so thats all i need!

      okay now..before i do this let me make sure i get it first, i dont wanna mess anything up. okay. so i download SUPERAntiSpyware. then i just follow your first FindAWF instructions and if it doesnt work then i go to plan B. SO i run AWF again and check Duplicate files of back directory contents and check if those files are still there..then open notepad in regular mode and save that list you quoted in a notepad file and "save as" restoreawf.bat. Then run WFA in safe mode and then scan with SUPERAntiSpyware. Run AWF again and post the log after i restart?Yup, sounds like you've got the right idea to me!Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
      Discussion
      4635.

      Solve : Can someone please look at my Hijack this log???

      Answer»

      Due to lack of feedback, I am closing this TOPIC. If you are the original POSTER and you would LIKE this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you require help, PLEASE start a NEW Topic with information about your computer and your problem.
      Discussion
      4636.

      Solve : Help! Computer gone out of control!?

      Answer»

      I am not seeing any malware in the logs.

      Go to add/remove programs and uninstall jre1.6.0_02 then go to www.java.com and DOWNLOAD the latest version.
      Outdated java is an entry point for malware.

      =====

      Go to Start &GT; Run and copy and paste next command in the field:

      ComboFix /u

      Make sure there's a space between Combofix and /
      Then hit Enter.

      This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

      =====

      Have a read of Tony KLEINS So how did I GET infected in the first place? for some great tips on tightening security.

      Also see Slow Computer/browser? Check Here First; It MAY Not Be Malware

      Let me know how things are now.

      Thank you for your help.

      My computer is much faster now. I will download Java as soon as possible.

      Again, thank you.
      Discussion
      4637.

      Solve : Help Removing a virus?

      Answer»

      Hello,
      I have a virus on my computer. I am running Windows Xp, and my antivirus has picked up 8 Win32:Vundo-gen46 viruses, and 1 Win32:Trojan-gen. I have put them in the"chest" because I was not sure whether not not to delete them because they were in my C:\Windows\system32 file. My computer has been acting slowly, and when I open Internet explorer a pop up opens up in a new window.

      Should I delete these files? Also what Anti-virus would you suggest to prevent this in the future?Thanks for any helpI hope some staff member will move this TOPIC to "Computer Viruses and Spyware"

      Anyway, what antivirus are you running now? Since it picked up those trojans, it seems to be working OK.

      Now, DOWNLOAD Vundo Removal Tool.
      Download HijackThis. Install it in its own directory, like C:\HijackThis.

      If you are on a network or have a full-time connection to the Internet, such as a DSL or cable modem, disconnect the computer from the network and Internet.

      Run downloaded Vundo Removal Tool.

      Run HijackThis, and post its log back here.Due to lack of FEEDBACK, I am closing this topic. If you are the ORIGINAL poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
      Discussion
      4638.

      Solve : NORTON 360?

      Answer»

      I have INSTALLED norton 360 on my computer. From the start I noticed the machine running slower. It is getting continuously slower. AND I'm getting more and more un responsive programs, INCLUDING several times norton. In the past 2 days I have been online with their teck support appeox 35 hours. NOT AN EXAGGERATION! I have been in actual contact with a tech about 20 min of that time. All they want to do is screw with the startup on my laptop. NEVER have they even opened the antivirus to see what the problem. The only people I have been able to reach are these suto experts. The store {BEST BUY} where I bought my laptop and software will not refund my money on the software. Only replace it with the same crap. Any ideas on what to do would be appreciated.Uninstall Norton 360.

      Download and Install AVG Free Edition.
      It uses much less resources then Norton 360.With that Norton crap, you just have to forget your lost time, and your money.
      Definitely go with dairyman advice, but make sure, that you get Norton uninstaller:
      http://www.softpedia.com/get/Tweak/Uninstallers/Norton-Removal-Tool.shtml
      because Norton is not only crappy program to use, but it's also hard to remove it from your computer.
      Beside getting AVG as your antivirus program, get some free firewall, Comodo, if you're with XP, or PC Tools firewall, if you're with Vista.They only act like they can't take it back. (and they do have a policy against it) but it can be done by a manager.

      Call their bluff and return the laptop, I bet they figure out a way to work with you then.Quote from: evilfantasy on November 08, 2007, 11:33:05 AM

      They only act like they can't take it back. (and they do have a policy against it) but it can be done by a manager.

      Call their bluff and return the laptop, I bet they figure out a way to work with you then.

      Took the words right outta my mouth...good call EF.
      Discussion
      4639.

      Solve : Receive e-mail with wrong address?

      Answer»

      For the LAST 2 weeks i received a lot of spam mail. The address in most cases is not my e-mail address, the @service provider is the same as mine but the first part is from names i never NEW off. Where can n look for the PROBLEM? I am on a dailup connection ,win2000, Mcafee and comodo as a firewall. THANK you.Quote

      The address in most cases is not my e-mail address
      It happens with spam. Try to employ your mail client filters.
      Make sure, your AV is up to date, and you're SPYWARE free.You can also assemble a list and submit it to your ISP...the good ones will block it for you.
      Discussion
      4640.

      Solve : Microsoft Internet Exporer Warning popups?

      Answer»

      I am being bombarded by constant pop UPS ENTITLED MICROSOFT Internet Explorer warning me that [emailprotected] is infecting my computer and instructs me to download officially approved software and when I click that link
      I get another popup called BestSeller Anti virus Installer which I refuse to click.

      I also get a pop up from my bottom menu bar called Security ALERT: Spyware found.

      I have AVG and that says I have no viruses. I have System Mechanic 6 which says I have no spywarre and Hijack this finds no BHOs.

      How can I get ride of these constant pop ups selling me costly protection?

      SandyI suggest you post a hijackthis log so the residents experts can have a look at it.If HijackThis isn't displaying any BHO's, then you may have a Vundo infection. Like Deerpark suggested, go ahead and post a log for one of us to take a look at.DLoad and run Shoot The Messenger as WELL...Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
      Discussion
      4641.

      Solve : Spyware.Cyberalert?

      Answer»

      I have Windows XP SP 2 and use Symantec antivirus and during my scan today a spyware/virus was picked up but the antivirus cannot quarantine it or delete it even if I tell it to do so. It shows me the location of the file but I can't seem to be able to find it. Is there any way i can get rid of it/find it? Does anyone know anything about this malicious file?

      Any help is appreciated.I ran HijackTHis and here is the log:

      LOGFILE of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 2:31:24 AM, on 10/24/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\ibmpmsvc.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\system32\acs.exe
      C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Symantec AntiVirus\DefWatch.exe
      C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
      C:\Program Files\Symantec AntiVirus\SavRoam.exe
      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      C:\WINDOWS\system32\svchost.exe
      c:\program files\lenovo\system update\suservice.exe
      C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
      C:\WINDOWS\System32\TPHDEXLG.exe
      C:\WINDOWS\system32\TpKmpSVC.exe
      C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
      C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
      C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
      C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
      C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
      C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\WINDOWS\system32\TpShocks.exe
      C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
      C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
      C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
      C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
      C:\PROGRA~1\SYMANT~1\VPTray.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\CameraAssistant.exe
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
      C:\Program Files\DataStudio\PASPortal.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\AIM6\aim6.exe
      C:\Program Files\AIM6\aolsoftware.exe
      C:\PROGRA~1\Mozilla Firefox\firefox.exe
      C:\Program Files\Symantec AntiVirus\VPC32.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Documents and Settings\achavez\Desktop\HiJackThis_v2.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O2 - BHO: CPwmIEBrowserHelper Object - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
      O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
      O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
      O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
      O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
      O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
      O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
      O4 - HKLM\..\Run: [cssauth] "C:\Program Files\Lenovo\Client Security Solution\cssauth.exe" silent
      O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
      O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
      O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
      O4 - Global Startup: Bluetooth.lnk = ?
      O4 - Global Startup: PASPortal.lnk = ?
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
      O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
      O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: ACU Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
      O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
      O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
      O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Logitech PROCESS Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
      O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
      O23 - Service: ThinkVantage Registry Monitor Service - Unknown owner - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
      O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
      O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
      O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
      O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
      O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
      O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
      O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

      --
      End of file - 15521 bytes
      First of all, you should put HijackThis in its own folder where its backups can be stored safely. This will also help keep your desktop from getting too cluttered. You should also update your Java. To do so, go here and click on Free Java Download. You will be given instructions on what to do next. Once you have completed this, uninstall any older versions of Java.

      Nothing in your log is striking me as malicious. Update your virus protection and scan again. But this time, scan in Safe Mode. Post back and LET us know how it goes.Why not post the Symantec message with the name of the file ? ? ?

      Sylvia is on Holiday.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you require help, please start a New Topic with INFORMATION about your computer and your problem.
      Discussion
      4642.

      Solve : what is this? a virus or what. a way out??

      Answer»

      well, we have a NETWORK here and there is this virus (or watever it is)dats bothering us. its called 'new folder' and any FLASH disk that is inserted on any system gets infected.pls,is there a way to quarantine this virus or anyone as such? We're going to need a lot more info here.
      What OS is being used?
      How LONG has this been happening?
      What symptoms are you experiencing?
      What protection do you have?

      Plug in your flash drive(s) and try Flash Disinfector, then post back with your results, the answer to those questions, and a HijackThis.Due to lack of feedback, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you require help, please start a New Topic with INFORMATION about your computer and your problem.
      Discussion
      4643.

      Solve : which kind of Virus is this??

      Answer»

      Hello dear friends!

      I think my computer is infected by a VIRUS.I dont know which kind of virus is this?

      When I double click on a FOLDER or on a drive the Search window opens.

      When I right click on a folder or on one of my drives, the commands are as bellow:

      1st. Search

      2nd. Open

      3rd. Explore

      How can I solve this PROBLEM?

      Please help me!
      Farahmand

      Go to Start/Run and type in the following and hit Enter...

      regsvr32 /i shell32.dll

      Re-boot and see if this FIXES it.Quote

      Go to Start/Run and type in the following and hit Enter...

      regsvr32 /i shell32.dll

      Re-boot and see if this fixes it.

      Thanks friend!

      It worked and my problem is solved.

      Thanks again!

      FarahmandYou're Welcome...stop by anytime !I think the virus you have is the SEAHORSEHe stated his issue is resolved...any questions Please see my sig.oooooooooooQuote
      ooooooooooo
      LOOOOOOOOOOOOOOOLDue to lack of FEEDBACK, I am closing this topic. If you are the original poster and you would like this topic to be re-opened for any reason, PM me or another moderator and it can be arranged.

      If you are not the original poster and you require help, please start a New Topic with information about your computer and your problem.
      Discussion
      4644.

      Solve : Re:Removing MyWebsearch?

      Answer» HELLO, all;Please help with this. A friend of mine needs help in removing MyWebSearch from her Computer. I had her download and install Emco Malware Destroyer(which got rid of alot of spyware that was on her PC), Asquared Free, and Spyware Search and Destroy;all 3 programs we're able to fix most, except for the above listed. Please help. Thank you. First, uninstall the My Web Search option from Add/Remove Programs

      1) Click on Start, Settings, Control Panel
      2) Double click on Add/Remove Programs
      3) Find "My Web Search" in the list of installed programs and click on Change/Remove to uninstall it. You may also want to uninstall any of the following items associated with FunWebProducts.

      * My Web Search (Smiley Central or FWP product as applicable)
      * My Way Speedbar (Smiley Central or other FWP as applicable)
      * My Way Speedbar (AOL and Yahoo Messengers) (beta users only)
      * My Way Speedbar (Outlook, Outlook EXPRESS, and IncrediMail)
      * Search Assistant - My Way

      4) Reboot your Computer and run HijackThis

      5) With HijackThis, scan for and fix any of the entries shown that may be remaining.

      R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
      O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
      O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
      O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
      O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
      O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
      O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
      O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
      O8 - EXTRA context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZWYYYYYYYYUS
      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyWebSearchInitialSetup1.0.0.8-2.cab

      6) Next, open My Computer, Drive C, and double-click on the Program Files folder

      7) Right-click and delete the folders for:

      *FunWebProducts
      *MyWebSearch

      8 ) MyWebSearch should now be completely uninstalled from your computer.

      9) There will be some minor registry entries left behind by the uninstall, however these can be cleaned up by running SPYBOT Search and Destroy.

      Thanks to PC *censored* for the guide.I would expect the above advice to work, but just to be on the safe side, I would suggest posting your HijackThis log here. When you have an infection, there's a pretty good chance that others are lurking around.
      Discussion
      4645.

      Solve : Running a check-up.?

      Answer»

      Well i've posted here before, and now I got a new computer from my brother Everythings running fine, but I really would like to remove ALL this extra bloatware thats been installed after the Adobe products.

      So far i've checked through the msconfig & searched just about everything, and if it wasn't needed, I turned it off.

      ATM, i'm running Windows XP (Media center edition), Dell XPS 400, SP2, & 3 gigs of RAM. I can't tell if the COMPUTERS ever bogged down because of all the RAM, so I need to do a little checkup ^^.

      I've recently installed Limewire, so i'm curious to see if I have any active adware now.

      Heres my Hijack log:

      Logfile of HijackThis v1.99.1
      Scan saved at 1:15:53 PM, on 11/3/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16544)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRAM Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\Comodo\Firewall\CPF.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Microsoft IntelliPoint\ipoint.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\PROGRA~1\MI3AA1~1\rapimgr.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Comodo\Firewall\cmdagent.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
      C:\WINDOWS\ehome\RMSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Documents and Settings\Peppe\Desktop\hijackthis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
      O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
      O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
      O11 - Options group: [INTERNATIONAL] International*
      O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.0.8.cab
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
      O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
      O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
      O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeLet me see...1. Print this post out, since you won't have an access to it, at some point.

      2. Download, and install Spybot (if you don't have it) from here: http://www.safer-networking.org/en/download/index.html

      3. Close all windows, except for HJT.

      4. Put a checkmark next to following HJT entries:

      - R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

      - O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

      - O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
      (do you use any Lexar_Media Inc. removable flash memory cards, USB flash drives, card readers etc...?; if not, fix this one, as well)

      5. Click on "Fix It" button.

      6. Restart your computer in Safe Mode (F8)

      7. Run Spybot (click on updates, first), and fix whatever it asks you to fix.

      8. Open Windows Explorer. Go Tools>Folder Options, put a checkmark next to "Show hidden files, and folders".

      9. Delete following files (if they still exist):

      nothing to delete

      10. Turn off System Restore.

      11. Restart in Normal Mode.

      12. Turn System Restore on.

      13. Run HJT again, and post back its log back here.k broni.

      imo, Spybot is really outdated now- I use a proggy called NoAdware. its alot quicker, and way more powerful. but its a paid program, so if you dunno how to get it for free, then it's sorta useless.

      *censored*, I guess i'll have to figure out WAYS to make these extra services stop starting up.

      THANKS bro.Quote

      if you dunno how to get it for free
      Let me think, hmmmmmmmmmmmm.....LOL

      Quote
      I guess i'll have to figure out ways to make these extra services stop starting up
      Pretty good idea.
      I'd start with those "(file missing)" entries. If you don't use them, disable them, then.
      You can do it through "services.msc", but I find couple of other programs more convenient:
      - Autoruns - http://www.microsoft.com/technet/sysinternals/Utilities/AutoRuns.mspx
      - ServiWin - http://www.nirsoft.net/utils/serviwin.html

      To check, which services you need, probably nothing better, then BlackViper:
      http://www.blackviper.com/WinXP/servicecfg.htmQuote from: TheAdvocate on November 03, 2007, 11:52:16 AM
      imo, Spybot is really outdated now- I use a proggy called NoAdware. its alot quicker, and way more powerful. but its a paid program, so if you dunno how to get it for free, then it's sorta useless.

      First of all Site Advisor Report is Red for NoAdware. Any user who decides to use this product is risking their computers stability IMHO.

      Second, Spybot is not "outdated". It is trusted by malware fighters net wide.Quote from: evilfantasy on November 03, 2007, 06:50:12 PM
      Quote from: TheAdvocate on November 03, 2007, 11:52:16 AM
      imo, Spybot is really outdated now- I use a proggy called NoAdware. its alot quicker, and way more powerful. but its a paid program, so if you dunno how to get it for free, then it's sorta useless.

      First of all Site Advisor Report is Red for NoAdware. Any user who decides to use this product is risking their computers stability IMHO.

      Second, Spybot is not "outdated". It is trusted by malware fighters net wide.


      I lol'd.

      But did you see any spyware/adware in my hijack log? Didn't think so.

      EDIT: Oh YEAH, I trust it- but it's just not gonna do the job for all of todays new dangers. Quote
      But did you see any spyware/adware in my hijack log? Didn't think so.

      HJT is not antispyware or antivirus so you can't tell just by a HJT log.

      Malware no, but I do see a big security hole.

      You lol'd so do I.Quote from: evilfantasy on November 03, 2007, 08:14:31 PM
      Quote
      But did you see any spyware/adware in my hijack log? Didn't think so.

      HJT is not antispyware or antivirus so you can't tell just by a HJT log.

      Malware no, but I do see a big security hole.

      You lol'd so do I.
      Ditto.

      Spybot is one of the most reliable programs available. And it has never been considered a rogue program; NoAdware has. It may have been removed from the list, but its detection rate is subpar. And of course, there's always risk involved with cracked software. None of this is a concern with Spybot.
      Discussion
      4646.

      Solve : unwanted protection programs downloading from internet?

      Answer»

      I have unwanted VIRUS and spyware programs adding icons on my screen and taskbar. They keep putting POPUP windows on my computer and running my spyware program comes up empty. My virus program finds some but won't take any action. Help!Try this FREE program.

      RogueRemover Free is a utility that can remove various rogue antispyware, antivirus and HARD drive cleaning utilities. Rogue applications are applications that rather than remove spyware, provide false positives, distribute malware or spyware, advertise, or provide useless uninstallers.

      * Download Rouge REMOVER
      * Check for updates
      * Select "Scan" And after that, I would suggest posting a HijackThis log.
      Discussion
      4647.

      Solve : worm/small.2.f?

      Answer»

      How to remove a virus worm/small.2.f from pendrive? virus file may be used as an archive file in pendrive? it is coming again and again even after formating the pendrive.
      http://answers.yahoo.com/question/index?qid=20060829044511AA9Fur6How did you format the pendrive ? ?
      The worm should not have re-appeared after that...
      Check to see if there is an autorun.inf file on the pendrive...if there is then your main machine you are plugging the drive into is infected and should be scanned immediately in safemode with system RESTORE turned off.I scan with AVG and the result GIVES that the Object - MicrosoftPowerPoint.exe is infected & embedded object & archive infected.Again how did you format the pendrive ? ?
      If you have a Powerpoint presentation then it's infected. I'd delete it immediately.i right click on the pendrive and choose the option to format.Does the pendrive still have a file named autorun.inf ? ?ya when the pendrive is infected it will SHOW the autorun option and when formated then it will not show. i scanned my computer in safe mode and there is no worm. i think there is worm in another computer where i use my pendrive. thanks all of u for guidance.You might WANT to use Flash Disinfector on any COMPUTERS that have been used with your flashdrive. Do you still encounter the infection? Also, what protection do you have that is detecting the infection?
      Discussion
      4648.

      Solve : Virus infection warning when importing photos?

      Answer»

      Hello, I hope someone can help me

      I just got a new computer and I'm trying to import photos from my SD card to my computer but CA keeps telling me VIRUS infection alerts called win32/MS04-028!exploit

      I don't know how to get the photos on my computer, they are very important photos from a recent holiday so I don't want to just disgard them!!!!What Windows version?
      Your CA says, that virus is located where? On your SD card?Sorry...

      It's vista.

      I don't THINK the infection is on the SD card coz I've used it before... I tried looking up win32/MS04-028!exploit and I think it's to do with the jpeg files.

      It says the infection is in the local/temp section

      Sorry, I'm really clueless on this stuff Restart in Safe Mode (keep tapping F8 KEY, while your computer restarts).
      Open Windows Explorer, navigate to ....local/temp folder, and delete all files from "temp" folder.
      Restart normally, and scan your computer with CA.The files aren't actually on my computer to be deleted because every time the warnings came up I stopped importing the photos and it gave me the option to delete what had been imported.

      So there currently no infection on my computer but I still can't import the photos without getting the infection alertsDid you try to scan your SD card with CA?
      It MAY be also false positive.
      Where are those photos from?The photos are from Canada... a once in a lifetime trip for me from Australia so do NOT want to lose them

      Well, I just did a scan on the SD card and it came up clearTurn off your CA off for a few minutes, transfer your photos to your computer, turn CA on, and run your computer scan with CA.Use an Online Photo Host to transfer the pictures to before the AV scan.

      As long as you have all of the Critical Updates from MS you should be OK. They have released multiple patches for this exploit.Just out of curiosity...exactly how are you trying to transfer these photos? Are you transferring them directly from the camera or from a flashdrive or SD hub?Quote from: evilfantasy on November 02, 2007, 11:23:18 PM

      Use an Online Photo Host to transfer the pictures to before the AV scan.

      As long as you have all of the Critical Updates from MS you should be OK. They have released multiple patches for this exploit.

      This is an excellent idea...you can also scan them after DLoading them to be sure they are clean before opening them...
      2 free image HOSTING sites to try would be imageshack and/or photobucket.
      Discussion
      4649.

      Solve : Control Panel Access Denied?

      Answer»

      friend's computer
      no control panel icon in start menu
      when i type in control in the RUN command i get a pop up basically saying access denied
      if i try and go through DOS i get the same pop up
      def. a virus or something
      don't know what to do!!!
      PLEASE help me out so i can help him
      any help will be appreciated
      thank youHeres your answer me friend..
      HTTP://support.microsoft.com/kb/q221153/Quote from: tommy gusack on November 02, 2007, 10:00:41 AM

      Heres your answer me friend..
      http://support.microsoft.com/kb/q221153/

      On the page that you provided a link for, the word "denied" does not appear. The original poster said that was his problem.

      He also said that Control Panel icon does not appear.
      The page you directed him to, under 'Symptoms", the first seven words are,
      "When you try to open Control Panel,.." , which clearly implies that Control Panel is already there - unlike what the original poster described.

      But, nevertheless, you clearly said:
      Quote
      Heres your answer me friend..
      so that means that you know the answer is there. I guess I overlooked it.
      Please direct us all to the answer on the page you provided a link for.
      Is your friends computer running Windows XP ?Quote
      Control panel tool Command
      -----------------------------------------------------------------
      Accessibility Options control access.cpl
      Add New Hardware control sysdm.cpl add new hardware
      Add/Remove Programs control appwiz.cpl
      Date/Time Properties control timedate.cpl
      Display Properties control desk.cpl
      FindFast control findfast.cpl
      Fonts Folder control fonts
      Internet Properties control inetcpl.cpl
      JOYSTICK Properties control joy.cpl
      Keyboard Properties control main.cpl keyboard
      Microsoft Exchange control mlcfg32.cpl
      (or Windows Messaging)
      Microsoft MAIL Post Office control wgpocpl.cpl
      Modem Properties control modem.cpl
      Mouse Properties control main.cpl
      Multimedia Properties control mmsys.cpl
      Network Properties control netcpl.cpl
      NOTE: In Windows NT 4.0, Network
      properties is Ncpa.cpl, not Netcpl.cpl
      Password Properties control password.cpl
      PC Card control main.cpl pc card (PCMCIA)
      Power Management (Windows 95) control main.cpl power
      Power Management (Windows 98) control powercfg.cpl
      PRINTERS Folder control printers
      Regional Settings control intl.cpl
      Scanners and Cameras control sticpl.cpl
      Sound Properties control mmsys.cpl sounds
      System Properties control sysdm.cpl

      Courtesy of the Mothership.Kudos for that list, patio!No problem Chris !
      Discussion
      4650.

      Solve : "Warning! Potential Spyware Operation!..."?

      Answer»

      Bravo!

      Next step.

      1. Print out these instructions as we will NEED to close every window that is open later in the fix.

      2. Download SmitfraudFix.exe from here and save it to your desktop:

      http://www.bleepingcomputer.com/files/smitfraudfix.php

      3. Next, please reboot your computer into Safe Mode by doing the following:

      a. Restart your computer

      b. Start tapping F8 key

      c. A menu will appear

      d. Select the first option, to run Windows in Safe Mode.

      4. Close all open Windows.

      5. Now, double-click on the SmitFraudfix icon.

      6. When the tool first starts you will see a CREDITS screen. Simply press any key on your keyboard to get to the next screen.

      7. You will now see a menu. Press the number 2 on your keyboard and the press the Enter key to choose the option Clean.

      8. The program will start cleaning your computer and go through a series of cleanup processes. When it is done, it will automatically start the Disk Cleanup program.
      This program will remove all Temp, Temporary Internet Files, and other files that may be leftover files from this INFECTION. This process can take up a long time depending on your computer, so please be patient. When it is complete, it will close automatically and you should continue with next step.

      9. When Disk Cleanup is finished, you will be presented with an option asking Do you want to clean the registry ? (y/n). At this screen you should press the Y button on your keyboard and then press the Enter key.

      10. When this last routine is finished, you will be presented with a red screen stating Computer will reboot now. Close all applications. You should now press the spacebar on your computer. A counter will appear stating that the computer will reboot in 15 seconds. Do not cancel this countdown and allow your computer to reboot.

      11. Once the computer has rebooted, you will be presented with a Notepad screen containing a log of all the files removed from your computer.
      Save that log to your desktop, and attach it to your next reply.
      SmitFraudFix v2.250

      Scan done at 23:05:27.43, Thu 11/08/2007
      Run from C:\Documents and Settings\Computer\Desktop\SmitfraudFix
      OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
      The filesystem type is NTFS
      Fix run in safe mode

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
      !!!Attention, following keys are not inevitably infected!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Killing process


      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      192.168.200.3ad.doubleclick.net
      192.168.200.3ad.fastclick.net
      192.168.200.3ads.fastclick.net
      192.168.200.3ar.atwola.com
      192.168.200.3atdmt.com
      192.168.200.3avp.ch
      192.168.200.3avp.com
      192.168.200.3*Blocked Russian URL*
      192.168.200.3awaps.net
      192.168.200.3banner.fastclick.net
      192.168.200.3banners.fastclick.net
      192.168.200.3ca.com
      192.168.200.3click.atdmt.com
      192.168.200.3clicks.atdmt.com
      192.168.200.3customer.symantec.com
      192.168.200.3dispatch.mcafee.com
      192.168.200.3download.mcafee.com
      192.168.200.3downloads-us1.kaspersky-labs.com
      192.168.200.3downloads-us2.kaspersky-labs.com
      192.168.200.3downloads-us3.kaspersky-labs.com
      192.168.200.3downloads1.kaspersky-labs.com
      192.168.200.3downloads2.kaspersky-labs.com
      192.168.200.3downloads3.kaspersky-labs.com
      192.168.200.3downloads4.kaspersky-labs.com
      192.168.200.3engine.awaps.net
      192.168.200.3f-secure.com
      192.168.200.3fastclick.net
      192.168.200.3ftp.avp.ch
      192.168.200.3ftp.downloads1.kaspersky-labs.com
      192.168.200.3ftp.downloads2.kaspersky-labs.com
      192.168.200.3ftp.downloads3.kaspersky-labs.com
      192.168.200.3ftp.f-secure.com
      192.168.200.3*Blocked Russian URL*
      192.168.200.3ftp.sophos.com
      192.168.200.3ids.kaspersky-labs.com
      192.168.200.3kaspersky-labs.com
      192.168.200.3kaspersky.com
      192.168.200.3liveupdate.symantec.com
      192.168.200.3liveupdate.symantecliveupdate.com
      192.168.200.3mast.mcafee.com
      192.168.200.3mcafee.com
      192.168.200.3media.fastclick.net
      192.168.200.3my-etrust.com
      192.168.200.3nai.com
      192.168.200.3networkassociates.com
      192.168.200.3norton.com
      192.168.200.3phx.corporate-ir.net
      192.168.200.3rads.mcafee.com
      192.168.200.3secure.nai.com
      192.168.200.3securityresponse.symantec.com
      192.168.200.3service1.symantec.com
      192.168.200.3sophos.com
      192.168.200.3spd.atdmt.com
      192.168.200.3symantec.com
      192.168.200.3trendmicro.com
      192.168.200.3update.symantec.com
      192.168.200.3updates.symantec.com
      192.168.200.3updates1.kaspersky-labs.com
      192.168.200.3updates2.kaspersky-labs.com
      192.168.200.3updates3.kaspersky-labs.com
      192.168.200.3updates4.kaspersky-labs.com
      192.168.200.3updates5.kaspersky-labs.com
      192.168.200.3us.mcafee.com
      192.168.200.3vil.nai.com
      192.168.200.3viruslist.com
      192.168.200.3*Blocked Russian URL*
      192.168.200.3virusscan.jotti.org
      192.168.200.3virustotal.com
      192.168.200.3www.avp.ch
      192.168.200.3www.avp.com
      192.168.200.3*Blocked Russian URL*
      192.168.200.3www.awaps.net
      192.168.200.3www.ca.com
      192.168.200.3www.f-secure.com
      192.168.200.3www.fastclick.net
      192.168.200.3www.grisoft.com
      192.168.200.3www.kaspersky-labs.com
      192.168.200.3www.kaspersky.com
      192.168.200.3*Blocked Russian URL*
      192.168.200.3www.mcafee.com
      192.168.200.3www.my-etrust.com
      192.168.200.3www.nai.com
      192.168.200.3www.networkassociates.com
      192.168.200.3www.sophos.com
      192.168.200.3www.symantec.com
      192.168.200.3www.symantec.com
      192.168.200.3www.trendmicro.com
      192.168.200.3www.viruslist.com
      192.168.200.3*Blocked Russian URL*
      192.168.200.3www.virustotal.com
      192.168.200.3www3.ca.com

      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

      C:\WINDOWS\system32\bronto.dll Deleted
      C:\WINDOWS\system32\printer.exe Deleted
      C:\WINDOWS\system32\WinAvXX.exe Deleted

      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{96C10D87-0213-462A-B4EE-2DE10818F12C}: DhcpNameServer=192.168.0.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{96C10D87-0213-462A-B4EE-2DE10818F12C}: DhcpNameServer=192.168.0.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{96C10D87-0213-462A-B4EE-2DE10818F12C}: DhcpNameServer=192.168.0.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


      »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, following keys are not inevitably infected!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

      Registry Cleaning done.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
      !!!Attention, following keys are not inevitably infected!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Reboot



      »»»»»»»»»»»»»»»»»»»»»»»» End
      Very nice!

      Now, post your fresh HJT log.Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 11:23:52 PM, on 11/8/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Comodo\Firewall\CPF.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      C:\Program Files\Comodo\Firewall\cmdagent.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Computer\My Documents\HiJackThis_v2.exe

      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O15 - Trusted Zone: www.youtube.com
      O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
      O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
      O22 - SharedTaskScheduler: Component Categories CACHE daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
      O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)

      --
      End of file - 3285 bytesLet me see what crap you have left there....Beautiful!!! Your computer is totally clean.
      One more thing, though. I can see, you're running Comodo firewall already (I didn't ask you to install it, yet), and your Windows firewall is on, as well.
      You can't run two firewalls at the same time.
      Turn your Windows firewall off (it's next to worthless, anyway), by following:
      # Click on the Start Menu
      # Click on Control Panel
      # Click on Security Center
      # Click on Windows Firewall toward the bottom the Security Center Window.
      # Choosing between the “On” or “Off” will turn enable or disable Windows Firewall.

      Post back.yayy. windows firewall is off now. does that mean i'm all done? It looks like...Just let me know, how your computer is doing...hurrah, i will. thankyou SOO much! it seems to be great so far. Just don't screw it again.....LOL
      Discussion