BtK thanx for reply, i saw someone else recomended Adii also..... <font size="2"color="gray

0

i did a trojan scan and it said i had adware....high,med,low risk......but i didn't have the registration number for that program to take care of it......i don't know if it was for real or not, or they were trying to get me to purchase the program <font size="2"color="gray"

0

The "NielsenOnline" stuff looks very dubious if you Google around. some other bloke...

0

Hello Lookingup and btk1w1, Hope you would be doing well, sorry for late reply actually here was internet problem due to the weather! Hope you would not mind! Lookingup you are right only Experts are allowed here to check HJT logs. So lets begin our removal process. Please take note of the following: 1. Please do not make any system changes yet. as any changes you make may well alter your log. 2. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean. 3. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes. 4. Please reply to this thread. Do not start a new topic. Please disable temporary AVG Antivirus. You can enable it when we finish. You don't need to buy serial for Trojan Remover software. These are not free while we are here to help and clean user's pc almost free of charge and using free tools and applications. So Uninstall it and i will recomend you some security applications to install on your computer for your pc security. Please run HijackThis again! and click "Scan." Place checks next to the following entries: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing) Close all browsers and other windows except for HijackThis!, and click "Fix checked". Navigate windows explorer to Remove following folder: C:\Program Files\ShoppingReport I also saw C:\Program Files\NetRatingsNetSight, did you install it by yourself? Are you using this programe? Acutally it is not malicious but unnecessory. Now, Please download Malwarebytes' Anti-Malware to your desktop. This is an Free Antimalware Application tool. Download link: http://www.malwarebytes.org/mbam/pr... >DoubleClick mbam-setup.exe and follow the prompts to install MBA-M. >Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. >If an update is found, it will download and install the latest database updates. >Once the program has loaded, select Perform full scan, then click Scan. >When the scan is complete, click OK, then Show Results to view the results. >Be sure that everything is checked, and click Remove Selected. >When MBAM finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt Post its Log in your next reply along with fresh Hijackthis Log. *Do Safe Computing*

0

Malwarebytes' Anti-Malware 1.11 Database version: 660 Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|H:\|) Objects scanned: 126128 Time elapsed: 1 hour(s), 27 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 32 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 7 Files Infected: 8 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1} (Adware.Delphinmediaviewer) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6c092742-10fe-4db2-988d-fc71948de70c} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7fa8976f-d00c-4e98-8729-a66569233fb5} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a16650a9-b065-40ec-bbd1-f8d370d17fb1} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bdddf1a5-51a9-4f51-b38d-4cd0ad831b31} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e43dfaa6-8c16-4519-b022-8792408505a4} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully. C:\Documents and Settings\monica griffin\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\monica griffin\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\monica griffin\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\monica griffin\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\monica griffin\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\monica griffin\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully. Files Infected: C:\RECYCLER\S-1-5-21-3899795144-1753533175-3397824304-1005\Dc5\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Documents and Settings\monica griffin\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\monica griffin\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\monica griffin\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\monica griffin\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\monica griffin\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\monica griffin\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully. C:\Documents and Settings\monica griffin\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully. 0 Response Number 12 Name: Lookingup Date: April 20, 2008 at 04:00:38 Pacific Reply: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:58:39 AM, on 4/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.exe C:\Documents and Settings\monica griffin\Desktop\HJTInstall.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.exe (User 'Default user') O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O15 - Trusted Zone: http://www.get2advantage.com O15 - Trusted Zone: http://*.turbotax.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin... O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine... O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M... O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sh... O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe -- End of file - 7863 bytes <font size="2"color="gra 0 Response Number 13 Name: Adii Date: April 20, 2008 at 04:25:20 Pacific Reply: Good work, Logs looking much better now! Please download ATF Cleaner [/url]by Atribune. (This program is for XP and Windows 2000 only) http://www.atribune.org/ccount/clic... Double-click ATF-Cleaner.exe to run the program. Under Main "Select Files to Delete" choose: Select All. Click the Empty Selected button. If you use Firefox browser: Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser: Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Please do an online scan again with Kaspersky WebScanner: http://www.kaspersky.com/virusscanner 1.Click on "Kaspersky Online Scanner". 2.You will be prompted to install an ActiveX component from Kaspersky, Click Yes. 3.The program will launch and then begin downloading the latest definition files. 4.Once the files have been downloaded click on "NEXT". 5.Now click on "Scan Settings". 6.In the scan settings make that the following are selected: 7.Scan using the following Anti-Virus database: Extended (if available otherwise Standard) 8.Scan Options: Scan Archives Scan Mail Bases 9.Click OK. 10.Under select a target to scan, select "My Computer". This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Upon completion, click on the "Save as Text" button. Save the file to your desktop. Copy and paste that information in your next reply. And tell me how things are running now? *Do Safe Computing* 0 Response Number 14 Name: Lookingup Date: April 20, 2008 at 04:54:13 Pacific Reply: tried the Kaspersky Online Scanner when i press accept at their guidlines for download its dead in the water, nothing opens up the past links you gave me have not worked either.....i just googled free versions and the titles of program to find a place to get the downloads just to let you know...... <font size="2"color="gr 0 Response Number 15 Name: Adii Date: April 20, 2008 at 05:08:31 Pacific Reply: Disable AVG and Restart your computer and start again kaspersky. *Do Safe Computing* 0 Response Number 16 Name: Lookingup Date: April 20, 2008 at 05:47:18 Pacific Reply: i turned off avg shield last time and this time i turned it off and restarted comp....went to kasper site and the accept button is dead is it alright to remove highjackthis, anti malvware,atf cleaner also? 0 Response Number 17 Name: Lookingup Date: April 20, 2008 at 05:54:52 Pacific Reply: ignore this one, wanna see if email appears in post 0 Response Number 18 Name: Adii Date: April 20, 2008 at 21:10:45 Pacific Reply: Let me check.. ignore it and come to this step, we will see it later. Disable AVG again. Download Combofix by sUBs and save to your desktop. (If you have previously downloaded ComboFix,please delete that version now.) download link HERE: http://download.bleepingcomputer.co... http://www.forospyware.com/sUBs/Com... Note It is important that it is saved directly to your desktop Close any open browsers. Double click on combofix.exe and follow the prompts. When it's finished it will produce a log. Post the entire contents of C:\ComboFix.txt into your next reply. Note Do not mouseclick combofix's window while it's running. That may cause the program to freeze/hang. Note In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again. Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them. Also post a new Hijackthis log. *Do Safe Computing* 0 Response Number 19 Name: Lookingup Date: April 23, 2008 at 19:03:10 Pacific Reply: when i disable avg.....i go to control center and disconnect resident shield, and also the email scanner? i ran combofix, and when i went to copy the log......all my icons were gone,start menu was gone, only descktop picture was in view, so i couldn't paste it anywhere....... can i find it somewhere, is it saved on the comp? 0 Response Number 20 Name: Lookingup Date: April 23, 2008 at 19:05:21 Pacific Reply: ComboFix 08-04-22.5 - monica griffin 2008-04-23 18:35:53.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.151 [GMT -7:00] Running from: C:\Documents and Settings\monica griffin\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\stlbdist.XML . ((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 ))))))))))))))))))))))))))))))) . 2008-04-20 02:14 . 2008-04-20 02:14 <DIR> d-------- C:\Documents and Settings\monica griffin\Application Data\Malwarebytes 2008-04-20 02:13 . 2008-04-20 02:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-18 07:15 . 2008-04-18 07:15 <DIR> d-------- C:\Program Files\Trend Micro 2008-04-17 17:28 . 2008-04-17 17:28 <DIR> d-------- C:\Documents and Settings\monica griffin\Application Data\TrojanHunter 2008-04-17 13:38 . 2008-04-17 17:29 <DIR> d-------- C:\Program Files\TrojanHunter 5.0 2008-04-17 07:42 . 2008-04-23 18:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WholeSecurity 2008-04-17 07:37 . 2008-04-17 07:37 <DIR> d-------- C:\Program Files\PayPal 2008-04-05 15:52 . 2008-04-05 15:52 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-04-05 15:52 . 2008-04-05 15:52 1,409 --a------ C:\WINDOWS\QTFont.for . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-23 21:05 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-04-23 18:43 --------- d-----w C:\Documents and Settings\monica griffin\Application Data\AVG7 2008-04-17 20:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-04-17 14:37 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-30 08:00 --------- d-----w C:\Program Files\Real 2008-03-23 22:32 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-02-24 20:58 --------- d-----w C:\Program Files\HP Photosmart 11 2008-02-24 17:28 --------- d-----w C:\Program Files\Kodak 2008-02-24 17:28 --------- d-----w C:\Program Files\Common Files\KODAK 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2008-02-16 08:59 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2007-07-29 19:36 2,492 ----a-w C:\Documents and Settings\monica griffin\Application Data\ViewerApp.dat 2006-12-11 19:05 1,410,680 ----a-w C:\Program Files\install_flash_player.exe 2006-10-28 20:59 5,900,416 ----a-w C:\Program Files\Firefox Setup 2.0.exe 2006-10-28 20:58 6,335,024 ----a-w C:\Program Files\Thunderbird Setup 1.5.0.7.exe 2006-10-27 06:12 23,608,632 ----a-w C:\Program Files\wmp11-windowsxp-x86-enu.exe 2006-10-24 04:13 45,828 ----a-w C:\Program Files\cache_500_1__mb4_d5b42beb350e7765c359d9ee4aba285f_addpic3.img 2006-10-21 05:35 443,432 ----a-w C:\Program Files\msgr8us(2).exe 2006-10-06 06:35 443,432 ----a-w C:\Program Files\msgr8us.exe 2006-10-03 23:12 0 ----a-w C:\Program Files\file.bin 2005-12-04 18:01 15,561,744 ----a-w C:\Program Files\avg71free_361a651.exe 2005-12-04 01:40 20,480 -c--a-w C:\Program Files\cdrun.exe 2003-02-02 20:49 4,650,695 ----a-w C:\Documents and Settings\My Shared Folder\kmd202_en.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 13:00 28739] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 00:56 380416 C:\WINDOWS\system32\irprops.cpl] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-09-09 01:05 114688] "StorageGuard"="C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 01:01 155648] "CamMonitor"="C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 00:23 90112] "Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42 69632] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-11-08 10:37 98304] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-14 08:18 579584] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496] "PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-06-07 12:32 36864] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-22 18:31 185896] "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 12:07 188416] "NielsenOnline"="C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2007-11-16 19:55 45056] "HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2006-01-06 12:07 348160] "HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [ ] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Symantec Network Driver Update Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.exe" [ ] "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ] "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-28 15:04 219136] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf] avgwlntf.dll 2007-02-23 14:11 9216 C:\WINDOWS\system32\avgwlntf.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk backup=C:\WINDOWS\pss\Picture Package Menu.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk backup=C:\WINDOWS\pss\Picture Package VCD Maker.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Viewbar] --a------ 2007-11-01 13:05 132608 C:\Program Files\AGLOCO Viewbar\Viewbar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-03-27 15:22 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LexBceS"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\WINDOWS\\system32\\fxsclnt.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= R1 nnrnstdi;nnrnstdi;C:\WINDOWS\system32\drivers\nnrnstdi.sys [2007-06-08 10:47] R3 epstw2k;SCM Parallel Port SCSI Driver;C:\WINDOWS\system32\DRIVERS\epstw2k.sys [2001-08-17 13:50] R3 km_filter;km_filter;C:\WINDOWS\system32\drivers\km_filter.sys [2007-06-08 10:47] R3 scsiscan;SCSI Scanner Driver;C:\WINDOWS\system32\DRIVERS\scsiscan.sys [2001-08-17 13:53] *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-04-14 07:00:00 C:\WINDOWS\Tasks\Automatic Full Backup.job" - C:\Program Files\Stomp\Backup MyPC\System\bestart.exe "2008-04-24 01:18:20 C:\WINDOWS\Tasks\HP Usg Daily.job" - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe "2008-04-24 01:18:22 C:\WINDOWS\Tasks\HP Usg Login.job" - C:\Program Files\hp photosmart 11\printer\Hphusg04.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-23 18:41:56 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-23 18:51:06 ComboFix-quarantined-files.txt 2008-04-24 01:50:26 Pre-Run: 11,770,540,032 bytes free Post-Run: 11,788,853,248 bytes free 131 --- E O F --- 2008-04-11 00:19:11 0 Response Number 21 Name: Lookingup Date: April 23, 2008 at 19:31:01 Pacific Reply: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:28:05 PM, on 4/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\WINDOWS\system32\hphmon04.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\HPHipm11.exe C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe C:\DOCUME~1\MONICA~1\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Symantec Network Driver Update Warning] C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.exe (User 'Default user') O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O15 - Trusted Zone: http://www.get2advantage.com O15 - Trusted Zone: http://*.turbotax.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin... O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine... O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M... O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Sh... O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe -- End of file - 7992 bytes 0 Response Number 22 Name: Lookingup Date: April 23, 2008 at 19:41:53 Pacific Reply: Adii, when i open up firefox alot of the times it comes up small unworkable in uper left corner of screen.....i'll close it, and sometimes it comes up again the same way......sometimes it will open up normal after closing the weird versions.....first or second try.......it does eventually open up correctly but wasn't sure if that showed i had a virus.....just a side note.......i appreciate you trying to help me thanx... 0 Response Number 23 Name: Lookingup Date: May 7, 2008 at 13:23:24 Pacific Reply: Addi did you see the recent printouts above? 0 Sponsored Link Ads by Google e machines i hate work computers Post Locked This post is quite old and has been locked from receiving new replies. Please create a new posting instead. Go to Security and Virus Forum Home Sponsored links Ads by Google Results for: Anybody able to check Highjackthis reboot to check email, adware! Summary: Hi Kim, You may have something new and nasty, something beyond our help. I can help with that entry. Instructions for lsp fix: In order to be able to select winlspak.dll, you need to click the "I know... www.computing.net/answers/security/reboot-to-check-email-adware/14562.html not able to do the windows updates Summary: hi, i had to do a clean install , win xp pro, had some virus or worms, for example when i finished install i had the internet connection turn on and the firewall not running,and i can see, whit ctl+al... www.computing.net/answers/security/not-able-to-do-the-windows-updates/15578.html How to check for keylogger virus? Summary: Hi, I'm just wondering if it is possible for us to check if we are infected with keylogger virus, etc... ... www.computing.net/answers/security/how-to-check-for-keylogger-virus/20053.html From the Geek Dictionary Geek Dictionary - A scary place where geeks intermingle with regular people. They argue about... See More Ask a Question! Subject Message --Speciality Categories--Security and VirusGeneral HardwareCPUs/OverclockingNetworkingiPhoneDigital Photo/VideoOffice SoftwarePC GamingConsole GamingProgrammingDatabaseWeb DevelopmentDigital HomeDriversThe Lounge--General Categories--Windows XPWindows VistaWindows 7Windows 95/98Windows MeWindows NTWindows 2000Windows Server 2008Windows Server 2003Windows 3.1LinuxPDAsBeOSNovell NetwareOpenVMSSolarisDisk Operating SystemUnixMacOS/2 Weekly Poll What do you think of the new preview of Chrome OS? Like it Hate it It's OK I don't care View Results Poll Finishes In 2 Days. Discuss in The Lounge Poll History Recent Posts Conditional Copy Acer Aspire 5101 Battery issue shut down printer not working computer gaming All Awaiting Reply Tom's News New Final Fantasy XIII Trailer is 5 Minutes Long Used ATM Machines for Sale on Craigslist Rival Publishers Collaborate on iTunes-type Store Guy Quits Job With Error Message News Corp Rivals Threaten to De-list from Google More Tom's Guide News Data Recovery Manufacturer List | About Us | Advertising Info | Contact Us The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy. PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE