Guess I have restored this to many times and repaired to many other computers from this one. I have download diffrent programs to try them. Latley I have download a few diffrent ant-virus as trials and registry cleaners to try and clean up my mess. Now I cannot install an ant-virus that I have bought. It is saying that I have one, that I thought I had uninstalled and its saying that I have a firewall I thought I had uninstalled. Good bye Revo as its just making a mess. Please help I dont want to make a bigger mess. I have just in my last 3 restarts had to select "Last Known Good Configureation" I dont want that again...Please. This is my main computer... Keep working with it..it can be fixed...

Please download Malwarebytes' Anti-Malware from one of these sites: MalwareBytes1 MalwareBytes2 1. Double Click mbam-setup.exe to install the application. 2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. 3. If an update is found, it will download and install the latest version. 4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. 5. When the scan is complete, click OK, then Show Results to view the results. 6. Make sure that everything found is checked, and click Remove Selected. 7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. 8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. 9. Copy&Paste the entire report in your next reply. Please download and install the latest version of HijackThis v2.0.2: Download the "HijackThis" Installer from this link: Hijack This 1. Save " HJTInstall.exe" to your desktop. 2. Double click on HJTInstall.exe to run the program. 3. By default it will install to C:\Program Files\Trend Micro\HijackThis. 4. Accept the license agreement by clicking the "I Accept" button. 5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log. 6. Click "Save log" to save the log file and then the log will open in Notepad. 7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. 8. Paste the log in your next reply. 9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

ESET Trial AVG Free Kapersky owed in system machinic 6 pro Nortan that came with machine McAfee Trend Micro All Trials of latest products I have had many diffrent registry cleaners Most of all things I have owned trials of is in my Registry still even though I have uninstalled. I have earased this hard drive with product that came with sm6pro name slips my mind but it said it was mility compliant I couldnt tell you how many times due to learning, and messing something up with my machine. I have had four diffrent users from time to time before I rebuilt old machines with diffrent product trials or freeware that I would download on this one first. So as I was trying to figure out what was wrong with installing SM8Pro the other night. Which is bought. I only put in the firewill and let ESET in I forgot it was not a free version. oopps. It came back with that Trend Mirco was my firewall. I uninstalled that. Used Revo unistaller. Which I wont do again. I uninstalled that, last night. Searching through my machine by "search" I found that I still have symatec files, AVG files, ESET file (which I uninstalled), and Trend Micro. Now Im agrivated because I cant surf the internet with a Anti-virus. I just feel so open to so much. I will do what you asked on your post and wait for your relpy. Thank you, Lady Leo Keep working with it..it can be fixed...

Malwarebytes' Anti-Malware 1.26 Database version: 1122 Windows 5.1.2600 Service Pack 3 9/7/2008 9:29:35 AM mbam-log-2008-09-07 (09-29-35).txt Scan type: Quick Scan Objects scanned: 47176 Time elapsed: 4 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:32:38 AM, on 9/7/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\zHotkey.exe C:\Program Files\eM\Bay Reader\Shwicon2k.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.exe C:\Documents and Settings\J & M\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin... R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin... R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - (no file) O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [showicon2k] C:\Program Files\\eM\Bay Reader\Shwicon2k.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls... O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Drive... O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySp... O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win... O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/... O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic... O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_ins... O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://ak.imgag.com/imgag/cp/instal... O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing) O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 6756 bytes Keep working with it..it can be fixed...

What antivirus are you trying to install and which ones were installed in the past? Run Hijack This, close all windows and browsers except Hijack This, place a check to the left of the following items and press "fix checked": R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-92BE-BF2DFE9AAE2C} - (no file) O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe Exit Hijack This. Run Hijack This> click "open the misc. tool section"> click "open uninstall manager"> click "save list"> click "save"> click "yes"> post that log please. Please download ComboFix to the desktop from one of the following links: Link1 Link 2 Link 3 Combofix is a powerful tool so follow the instructions exactly or you could damage your computer. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with Combofix and remove some of its embedded files which may cause "unpredictable results". Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. In your case to run Combofix do the following: 1 Go offline, turn off yor Eset antivirus and any antispyware protection that you have. 2. Run Hijack This and save its log. 3. Restart the computer to get the antivirus running again. 4. Post the Combofix log. Remember to re-enable the protection again afterwards before connecting to the Internet. Double-click combofix.exe Follow the prompts. (Don't click on the window while the program is running or move the mouse, it will cause your system to hang.) Please post the log it produces.

Nortan that came with machinejust rebuit it in Jan 2008 had to remove it. Think I got it all. AVG free for awhile but quit updating for some reason. Trend Micro trials thought I had removed all of it. AVG but would only update right at times. Removed it and installed ESET trial. Which expired. So I bought System Mechanic Pro with Kapersky Ant-Virus and Firewill. I want Kapersky in it. But it says that Trend Micro is still the firewall and ESET is the Ant-V. I uninstalled both of them. 56Kbps Internal Modem Acrobat.com Acrobat.com Adobe AIR Adobe AIR Adobe Flash Player ActiveX Adobe Reader 9 Adobe Shockwave Player AIM 6 AnyDVD AOL Instant Messenger (SM) ArcSoft PhotoBase 3 ArcSoft PhotoStudio 5 Ares 2.0.9 BigFix Canon CanoScan Toolbox 4.1 Canon iP1800 series Canon iP1800 series User Registration Canon My Printer Canon Utilities Easy-LayoutPrint Canon Utilities Easy-PhotoPrint CCleaner (remove only) CloneDVD2 DriverGuide Toolkit eMachines Bay Reader V1.00 EMBARQ Help Embarq Toolbar Google Earth Google Updater HijackThis 2.0.2 Hotfix for Windows Internet Explorer 7 (KB947864) Java 2 Runtime Environment Standard Edition v1.3.1 Java 2 Runtime Environment Standard Edition v1.3.1_02 Java(TM) 6 Update 6 Java(TM) 6 Update 7 Learn2 Player (Uninstall Only) Legacy 7.0 Legacy Charting 7.0 Malwarebytes' Anti-Malware MB Feng Shui Bagua Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft Data Access Components KB870669 Microsoft Money 2004 Microsoft Money 2004 System Pack Microsoft Office PowerPoint Viewer 2007 (English) Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Works 7.0 Mobipocket Reader 6.2 Mozilla Firefox (3.0) Multimedia Keyboard Driver MyHeritage Family Tree Builder Netflix Movie Viewer NVIDIA Display Driver NVIDIA Drivers NVIDIA nForce Drivers OmniPage SE OpenOffice.org Installer 1.0 OverDrive Media Console PowerDVD QuickTime Rapid Resizer Rapid Resizer Compatibility Fix RealPlayer Basic RJT DateCalc Scrapbooks Plus Workshop Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows XP (KB923789) System Requirements Lab The Print Shop® 6.0 Deluxe Viewpoint Media Player Winamp (remove only) Windows Backup Utility Windows Internet Explorer 7 Windows Live installer Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Yahoo! Messenger ComboFix 08-09-05.04 - J & M 2008-09-07 18:07:22.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.417 [GMT -5:00] Running from: C:\Documents and Settings\J & M\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\actskn43.ocx C:\WINDOWS\system32\skinboxer43.dll C:\WINDOWS\system32\winsusrm.dll . ((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 ))))))))))))))))))))))))))))))) . 2008-09-05 16:09 . 2008-09-05 16:09 <DIR> d-------- C:\Documents and Settings\J & M\Application Data\Malwarebytes 2008-09-05 16:08 . 2008-09-05 16:08 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-05 16:08 . 2008-09-05 16:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-05 16:08 . 2008-09-02 00:26 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-05 16:08 . 2008-09-02 00:25 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-04 22:07 . 2008-09-04 22:07 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo 2008-09-04 22:07 . 2008-09-04 22:07 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg 2008-09-04 22:03 . 2008-09-04 22:03 74,703 --a------ C:\WINDOWS\system32\mfc45.dll 2008-09-04 22:00 . 2008-09-05 00:36 <DIR> d-------- C:\Documents and Settings\J & M\Application Data\iolo 2008-09-04 22:00 . 2008-09-06 10:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-09-04 20:49 . 2008-09-06 08:49 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-29 09:17 . 2008-08-29 09:17 21 --a------ C:\WINDOWS\system32\fesuib 2008-08-29 09:16 . 2008-08-29 09:16 <DIR> d-------- C:\Program Files\MB Free Feng Shui Bagua 2008-08-28 22:18 . 2008-08-28 22:18 <DIR> d-------- C:\Program Files\ESET 2008-08-28 22:18 . 2008-08-28 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-28 16:48 . 2008-09-06 17:25 <DIR> d-------- C:\Program Files\TweakNow RegCleaner Std 2008-08-28 13:18 . 2008-08-28 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8 2008-08-27 11:26 . 2008-08-27 11:26 345 --a------ C:\WINDOWS\system32\NVU001.nvu 2008-08-27 11:25 . 2003-10-29 12:02 110,592 --------- C:\WINDOWS\system32\nvusmb.exe 2008-08-25 06:50 . 2008-08-25 09:13 <DIR> d-------- C:\Program Files\NOS 2008-08-24 09:10 . 2008-08-24 09:10 7,680 --ahs---- C:\WINDOWS\Thumbs.db 2008-08-24 08:16 . 2008-08-24 08:16 244 --ah----- C:\sqmnoopt05.sqm 2008-08-24 08:16 . 2008-08-24 08:16 232 --ah----- C:\sqmdata05.sqm 2008-08-22 07:17 . 2008-08-22 07:19 <DIR> d-------- C:\Program Files\Rapid Resizer 2008-08-21 17:00 . 2008-08-21 17:00 2 --a------ C:\WINDOWS\Twain001.Mtx 2008-08-21 13:10 . 2008-08-21 13:10 <DIR> d-------- C:\Program Files\Ares 2008-08-18 20:45 . 2008-09-06 17:17 <DIR> d-------- C:\Program Files\a-squared Free 2008-08-18 20:35 . 2008-08-18 20:35 63 --a------ C:\WINDOWS\system\SysSD.dll 2008-08-18 20:34 . 2008-08-20 07:17 <DIR> d-------- C:\Program Files\SpywareDetector 2008-08-17 15:42 . 2008-08-17 15:42 <DIR> d-------- C:\Documents and Settings\J & M\Application Data\Millennia 2008-08-13 14:17 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 14:15 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 22:25 --------- d-----w C:\Program Files\Wise Registry Cleaner 3 2008-09-06 22:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-06 22:19 --------- d-----w C:\Program Files\VS Revo Group 2008-09-05 23:46 --------- d-----w C:\Documents and Settings\J & M\Application Data\Desktopicon 2008-09-05 03:35 --------- d-----w C:\Program Files\Microsoft Works 2008-09-04 17:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater 2008-09-01 13:50 --------- d-----w C:\Documents and Settings\J & M\Application Data\Canon 2008-08-25 14:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS 2008-08-22 12:19 --------- d-----w C:\Program Files\DriverGuide Toolkit 2008-08-22 12:19 --------- d-----w C:\Program Files\DivX 2008-08-22 12:19 --------- d-----w C:\Program Files\aim 2008-08-20 13:16 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-20 12:31 --------- d-----w C:\Program Files\Yahoo! 2008-08-20 12:23 --------- d-----w C:\Program Files\SmartDraw 2008 2008-08-20 12:13 --------- d-----w C:\Program Files\Google 2008-08-20 03:51 --------- d-----w C:\Documents and Settings\J & M\Application Data\U3 2008-08-09 15:18 --------- d-----w C:\Documents and Settings\J & M\Application Data\UseNeXT 2008-08-06 12:24 --------- d-----w C:\Program Files\embarqtoolbar 2008-08-06 12:22 --------- d-----w C:\Program Files\AVG 2008-08-06 12:06 --------- d-----w C:\Documents and Settings\J & M\Application Data\EMBARQTOOLBAR 2008-08-05 18:52 --------- d-----w C:\Program Files\Sun 2008-08-05 18:52 --------- d-----w C:\Program Files\Java 2008-08-05 16:08 --------- d-----w C:\Program Files\Virtual Assistant 2008-08-03 19:31 77,824 ----a-w C:\WINDOWS\zipexe_r.exe 2008-08-03 19:30 --------- d-----w C:\Program Files\Motive 2008-08-03 19:30 --------- d-----w C:\Program Files\Common Files\Motive 2008-08-03 18:33 --------- d-----w C:\Documents and Settings\J & M\Application Data\Move Networks 2008-08-03 18:31 --------- d-----w C:\Program Files\microsoft frontpage 2008-08-03 18:26 --------- d-----w C:\Program Files\SBC Self Support Tool 2008-08-03 18:25 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-08-03 18:25 --------- d-----w C:\Program Files\MyHeritage 2008-08-03 18:25 --------- d-----w C:\Program Files\Canon 2008-07-23 20:12 --------- d-----w C:\Program Files\Free TV on PC Full 2008-07-23 20:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-07-21 00:40 --------- d-----w C:\Documents and Settings\J & M\Application Data\SmartDraw 2008-07-20 02:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-07-19 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA 2008-07-19 21:02 --------- d-----w C:\Program Files\SystemRequirementsLab 2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-18 17:11 --------- d-----w C:\Program Files\Unlocker 2008-07-16 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-07-16 19:16 --------- d-----w C:\Program Files\Viewpoint 2008-07-16 19:16 --------- d-----w C:\Program Files\AIM6 2008-07-16 19:16 --------- d-----w C:\Documents and Settings\J & M\Application Data\acccore 2008-07-16 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-07-16 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-07-16 19:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\acccore 2008-07-16 19:14 --------- d-----w C:\Program Files\Common Files\AOL 2008-07-16 19:05 --------- d-----w C:\Documents and Settings\J & M\Application Data\Aim 2008-07-16 14:07 --------- d-----w C:\Program Files\Blender Foundation 2008-07-16 14:07 --------- d-----w C:\Documents and Settings\J & M\Application Data\Blender Foundation 2008-07-16 14:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Blender Foundation 2008-07-15 17:58 --------- d-----w C:\Documents and Settings\J & M\Application Data\Auslogics 2008-07-13 18:43 38,224 ----a-w C:\WINDOWS\system32\drivers\neokdss.sys 2008-07-12 13:11 --------- d-----w C:\Program Files\Creative 2008-07-12 00:55 --------- d-----w C:\Documents and Settings\J & M\Application Data\Creative 2008-07-12 00:38 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-10 10:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ScanSoft 2008-07-07 22:10 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 12:31 184,320 ----a-w C:\WINDOWS\system32\ssce5332.dll 2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-21 15:05 45,056 ----a-w C:\WINDOWS\system32\sstunst2.exe 2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "showicon2k"="C:\Program Files\\eM\Bay Reader\Shwicon2k.exe" [2003-07-04 135168] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 1197648] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 5058560] "Motive SmartBridge"="C:\PROGRA~1\VIRTUA~1\SMARTB~1\SprintDSLAlert.exe" [2008-08-05 438359] "nwiz"="nwiz.exe" [2003-10-06 C:\WINDOWS\system32\nwiz.exe] "CHotkey"="zHotkey.exe" [2003-06-03 C:\WINDOWS\zHotkey.exe] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-06-21 06:59 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "tmproxy"=3 (0x3) "TmPfw"=3 (0x3) "TMBMServer"=2 (0x2) "SfCtlCom"=2 (0x2) "gusvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\dpnsvr.exe"= "C:\\WINDOWS\\system32\\dxdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\AIM6\\aim6.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Ares\\Ares.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312] S3 SS1024;Siemens SpeedStream Wireless PCI Driver;C:\WINDOWS\system32\DRIVERS\SSPCIN51.sys [ ] S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b229a6c6-4a9f-11dd-9b66-0040ca6d98ff}] \Shell\AutoRun\command - J:\LaunchU3.exe -a *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-UfSeAgnt - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\J & M\Application Data\Mozilla\Firefox\Profiles\zqbw0mg6.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://speeddial/content/speeddial.xul FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1249.1854\npCIDetect11.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll . . ------- File Associations (Beta) ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-07 18:09:33 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-09-07 18:12:35 ComboFix-quarantined-files.txt 2008-09-07 23:11:31 Pre-Run: 94,883,799,040 bytes free Post-Run: 95,045,361,664 bytes free 204 --- E O F --- 2008-08-26 20:01:28 Keep working with it..it can be fixed...

Go to start> control panel and uninstall these three old java entries: Java 2 Runtime Environment Standard Edition v1.3.1 Java 2 Runtime Environment Standard Edition v1.3.1_02 Java(TM) 6 Update 6 Open Notepad and copy/paste everything between the X"s into it and make sure the first word (such as KILLALL, Or File, etc.) is at the very top of the page. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX File:: C:\sqmnoopt05.sqm C:\sqmdata05.sqm Driver:: Viewpoint Manager Service Folder:: C:\Program Files\Viewpoint XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop. Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run". Download the Registry Search Tool from here: http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip Unzip to your Desktop and double click on regsrch.vbs (if you have script protection, please allow this to run) In the dialog that opens enter the following: trendmicro Press 'OK' The search will run for a while then alert you when it is finished. Press 'OK' and copy the contents of the WordPad window and post in this thread. Please post the results of this scan .