I get the triangle below stating system alert I have spyware or trojan. Then I get pop ups. Can some one assist. I ran lavasoft crap cleaner, trojan scans as well. HHH

download kaspersky suite from kaspersky.com Intel Original/Intel Chipset

I cannot install this because I have Norton already. I have ran my virus scan and it detects trojans it cant get rid. Any other suggestions HHH

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. Please download HJTsetup.exe from this link http://www.thespykiller.co.uk/files/HJTsetup.exe to your desktop. Doubleclick on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click "next" in the setup dialogue boxes until you get to the "Select Addition Tasks" dialogue. Put a check by "Create a desktop icon" then click "Next" again. Continue to follow the rest of the prompts from there. At the final dialogue box click "Finish" and it will launch Hijack This. Click on the "Do a system scan and save a logfile" button. It will scan and the log should open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log and post it in this thread. Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Here ya go. Logfile of HijackThis v1.99.1 Scan saved at 7:28:38 PM, on 9/13/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\LEXBCES.exe C:\WINDOWS\system32\LEXPPS.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe C:\WINDOWS\CDProxyServ.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\isnotify.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\WINDOWS\system32\NWTRAY.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\TrojanHunter 4.6\THGuard.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\WinZip\WZQKPICK.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\Lotus\Notes\NLNOTES.exe C:\Lotus\Notes\naldaemn.exe C:\Lotus\Notes\nwrdaemn.exe C:\Lotus\Notes\nupdate.exe C:\Lotus\Notes\nhldaemn.exe C:\PROGRA~1\MICROS~2\Office\OUTLOOK.exe C:\Program Files\Microsoft ActiveSync\WCESMgr.exe C:\Program Files\Sling Media\SlingPlayer Mobile\AutoSyncPC.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Microsoft Office\Office\EXCEL.exe C:\Program Files\Internet Explorer\IEXPLORE.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://proxy.corp.sprint.com/proxy.pac O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NWTRAY] NWTRAY.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe" O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active... O16 - DPF: {E2A96175-32D0-4651-B228-B474C2408346} (DacomDownload Control) - http://program.webhard.co.kr/Plus/a... O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} - http://eroom1.pcslab.com/eRoomSetup... O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Plug and Play Device Manager ($sys$DRMServer) - First 4 Internet Ltd - C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\UTStarcom\VPN Client\cvpnd.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: Pantech&Curitel Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\UTStarcom\Sprint\Sprint PCS Connection Manager\PnCUtilityService.exe O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe HHH

Please download ATF-Cleaner to your desktop from this link http://www.atribune.org/content/view/19/2/ We will need it later in safe mode Download and install Ewido Security Suite We will need this later in safe mode Be sure to update Ewido Please download SmitRemFix from this link http://siri.urz.free.fr/Fix/SmitfraudFix.zip Then extract the contents to your desktop But do not run it yet Next, please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. In Safe Mode, run Ewido and click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared. Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side. Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop). Run ATF-Cleaner from safe mode.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Disable real time protection in Ewido or the fix may not work: Ewido Open Ewido by double-clicking the yellow 'E' icon in the system tray. In the 'Your security status' section, toggle the Ewido Guard realtime protection 'off' by clicking 'active' which will then change the protection status to 'inactive'. When you reboot, Ewido will prompt you as to whether you would like to "Restart the guard?". Reply 'no' and set it to 'inactive' for the duration of your cleanup. Reboot into safe mode. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; I need that log afterwards. The report can also be found at the root of the system drive, usually at C:\rapport.txt Warning : running option #2 on a non infected computer will remove your Desktop background. Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

Things are looking good. I dont have the little triangle tellin me i have a trojan. Can i donate to this place? ewido anti-spyware - Scan Report + Created at: 11:53:57 AM 9/14/2006 + Scan result: C:\Documents and Settings\WSmith357\My Documents\AрpPatch\smss.exe -> Downloader.PurityScan.cj : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@advertising[1].txt -> TrackingCookie.Advertising : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@centrport[2].txt -> TrackingCookie.Centrport : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@e-2dj6wjmiandjedq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@ehg-laptops.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@ehg-qualcommcorp.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@ehg-traderelectronicmedia.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : No action taken. C:\Documents and Settings\WSmith357\Cookies\wsmith357@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken. C:\WINDOWS\system32\1024 -> Trojan.Small : No action taken. C:\WINDOWS\system32\1024\ldF341.tmp -> Trojan.Small : No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : No action taken. ::Report end HHH