I've gone through the processes described in the "read this first" section and it detected and removed a lot of things. Our windows went down and I reloaded it on our computer, shortly after (this morning) our IE went down completely...I couldn't connect to the internet. I went through the suggested cleaners before posting and removed a lot but something is still effecting our IE. AND, oddly enough, when I go directly to geekstogo.com it shuts the internet down right when the homepage comes up. Here is my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:04:25 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\ISPCOMP\InstallService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10068 bytes



And here is my activescan log:

Incident Status Location

Adware:adware/oemji Not disinfected Windows Registry
Adware:adware/webhancer Not disinfected Windows Registry
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\CHRIS\Cookies\chris@go[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\CHRIS\Cookies\chris@target[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\TAYLOR\Cookies\taylor@go[2].txt
Adware:Adware/WebSearch Not disinfected C:\Documents and Settings\Taylor.PC161035812295\Local Settings\Temp\nss235.tmp\dcads40.exe[²ªÇ]
Spyware:Spyware/PeoplePC Not disinfected C:\Program Files\Online Services\PeoplePC\ISP5900\Dll\RAS.DLL
Potentially unwanted tool:Application/Playmp3z Not disinfected C:\RECYCLER\S-1-5-21-31389345-3928109181-3883089438-1006\Dc2.zip[Setup.exe]

Hello postce, and welcome to Geeks to Go! I'm Fredil. I'm currently reading over your log right now and I'll do my best to try to get your system clean

Since I'm still in training, there may be a slight delay between my posts because they must be checked by an expert. We'll get your problem solved eventually though

Hello postce, I don't see very much on that box of yours. I have just a few questions before we commence fixing:

1. You say Our windows went down and I reloaded it on our computer, I'm not sure what you mean by "down" or "reloaded". Could you elaborate a bit more?
2. You also say your IE isn't working... how are you posting this without IE? And can you describe your problems in more detail?

When your internet shuts down when you go to Geeks to Go, that's a sign you have something on there. But I can't see exactly what using the information provided, so let's get a few deeper looks

Please read my entire post before commencing, and please follow my instructions in the order that they are given If you don't understand something, don't be afraid to ask!

1. Clean Temporary Files
------------------------------------------------
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

2. Deckard's System Scanner
------------------------------------------------
Please download Deckard's System Scanner (DSS) and save it to your Desktop. Close ALL open windows before running the scan.

Note: This program will clear your temporary files.

• On the first run, Deckard's System Scanner will provide you with two warnings. Press "OK" and allow DSS to scan.
• The entire scanning process will take about five minutes, often less.
• During the scan you may get warnings about sigcheck.exe trying to access the Internet; please make sure you allow it to do so.
• Your antivirus may also warn you about nircmd.exe; please make sure you do not delete nircmd.exe as it will cause DSS to malfunction.
• Once the scan is complete, you will get two logfiles - a main.txt (which you see) and an extra.txt (which is minimized). Copy the contents of both into a reply.

On subsequent runs, DSS will only provide a significantly shortened main.txt and not an extra.txt.

3. Scan with Kaspersky WebScanner
------------------------------------------------
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:
  Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

In your next post
------------------------------------------------
If your things don't fit in one reply, please make more as necessary so I can get all the information I need

• DSS main.txt and extra.txt
• Kaspersky WebScanner log

Hi and thanks for your help!

Answers to your questons:

1. Our windows operating system went down so I had to reload it onto our computer. Not sure why it failed...
2. My IE wasn't working so I loaded some of the cleaning programs from your "start here first" post onto a disk from my desktop and then loaded it onto my laptop (the computer I'm having trouble with). Once I ran those my IE started working again with the exception of going directly to the geekstogo.com web site. I have to go to geekstogo.com/login to not have my IE shut down on me.

Right now, other than the web site problems with Geeks to go, I'm not having any problems with the internet. I am worried though b/c the various programs are saying that I'm infected with something so I'm guessing I'm still infected?

I attached the reports you requested. Thanks again and looking forward to what you have to say!
Postce

Hello postce, bear with me while we remove this elusive devil I'm still a bit unclear on what you mean by "reloaded" though, did you reboot the computer multiple times or did you actually re-install Windows using the CD?

Also, in the future please copy and paste the logs into the forum, it's a bit of a pain to download them

Please read my entire post before commencing, and please follow my instructions in the order that they are given If you don't understand something, don't be afraid to ask!

1. P2P
------------------------------------------------
I see you are using the P2P file-transfer program LimeWire. Although the program is legal, most of the files it downloads aren't, and many are malware infected. Based on this, the best course of action would be to remove LimeWire from your computer, or you risk possibly severe reinfections.

2. Clean Temporary Files
------------------------------------------------
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

3. Submit File for Testing
------------------------------------------------
Please go to this website: Link

Once there, you will see a textbox in the middle of the screen. Copy and paste the following line into the textbox:

C:\found.006

Click the large "Send File" button. Your file will be scanned by MANY different antivirus engines, so until the top says Current status: Finished, don't close the window/copy the results! Once the scan is finished, copy and paste the entire table into a reply so it looks like this:



Once finished with C:\found.006, please repeat the process with these lines at the beginning:

C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\system32\dcads-remove.exe

Post those results as well.

In your next post
------------------------------------------------

• VirusTotal logs

How's your computer?

Yes, I re-loaded Windows...sorry for the confusion.

I uninstalled Limewire and I did the ATF cleaner per your first reply, so should I do it again? Let me know and then I'll continue per your instructions.

Thanks!

Postce

Hehehe... sorry, my memory slipped. Just do the VirusTotal scans.

I'm also not going to be at home during the weeekend, sorry about that

Here are the logs (one other thing...what should my computer have as far as protection? Virus protection? Firewall? What else?):

First scan:

0 bytes size received / Se ha recibido un archivo vacio

Second scan:

File superiorads-uninst.exe received on 11.21.2007 00:21:42 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 45 and 65 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.11.21.0 2007.11.20 -
AntiVir 7.6.0.34 2007.11.20 -
Authentium 4.93.8 2007.11.20 -
Avast 4.7.1074.0 2007.11.20 -
AVG 7.5.0.503 2007.11.20 -
BitDefender 7.2 2007.11.20 -
CAT-QuickHeal 9.00 2007.11.20 -
ClamAV 0.91.2 2007.11.20 -
DrWeb 4.44.0.09170 2007.11.20 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.3.5312 2007.11.20 -
Ewido 4.0 2007.11.20 -
FileAdvisor 1 2007.11.21 -
Fortinet 3.11.0.0 2007.11.20 -
F-Prot 4.4.2.54 2007.11.19 -
F-Secure 6.70.13030.0 2007.11.20 -
Ikarus T3.1.1.12 2007.11.20 -
Kaspersky 7.0.0.125 2007.11.20 -
McAfee 5167 2007.11.20 -
Microsoft 1.3007 2007.11.20 -
NOD32v2 2673 2007.11.20 -
Norman 5.80.02 2007.11.20 -
Panda 9.0.0.4 2007.11.20 -
Prevx1 V2 2007.11.21 -
Rising 20.19.10.00 2007.11.20 -
Sophos 4.23.0 2007.11.20 -
Sunbelt 2.2.907.0 2007.11.20 -
Symantec 10 2007.11.21 -
TheHacker 6.2.9.135 2007.11.20 -
VBA32 3.12.2.5 2007.11.20 -
VirusBuster 4.3.26:9 2007.11.20 -
Webwasher-Gateway 6.0.1 2007.11.21 -
Additional information
File size: 40731 bytes
MD5: 50a012bcada57f7d29062dd7d6971145
SHA1: 9b10ee1d3db1ea121a6723c5c4611bb7945795d6


ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.



Third scan:

File dcads-remove.exe received on 11.21.2007 01:02:23 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 7.
Estimated start time is between 59 and 85 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
AhnLab-V3 2007.11.21.0 2007.11.20 -
AntiVir 7.6.0.34 2007.11.20 -
Authentium 4.93.8 2007.11.20 -
Avast 4.7.1074.0 2007.11.20 -
AVG 7.5.0.503 2007.11.20 -
BitDefender 7.2 2007.11.20 -
CAT-QuickHeal 9.00 2007.11.20 -
ClamAV 0.91.2 2007.11.21 -
DrWeb 4.44.0.09170 2007.11.20 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.3.5312 2007.11.20 -
Ewido 4.0 2007.11.20 -
FileAdvisor 1 2007.11.21 -
Fortinet 3.14.0.0 2007.11.21 -
F-Prot 4.4.2.54 2007.11.19 -
F-Secure 6.70.13030.0 2007.11.21 -
Ikarus T3.1.1.12 2007.11.20 -
Kaspersky 7.0.0.125 2007.11.21 -
McAfee 5167 2007.11.20 -
Microsoft 1.3007 2007.11.21 -
NOD32v2 2673 2007.11.20 -
Norman 5.80.02 2007.11.20 -
Panda 9.0.0.4 2007.11.21 -
Prevx1 V2 2007.11.21 -
Rising 20.19.10.00 2007.11.20 -
Sophos 4.23.0 2007.11.20 -
Sunbelt 2.2.907.0 2007.11.20 -
Symantec 10 2007.11.21 -
TheHacker 6.2.9.135 2007.11.20 -
VBA32 3.12.2.5 2007.11.20 -
VirusBuster 4.3.26:9 2007.11.20 -
Webwasher-Gateway 6.0.1 2007.11.21 -
Additional information
File size: 80105 bytes
MD5: 3b193dd05fa9f621fdc8c089131dccfe
SHA1: 6f392beeb7d6770ddecb9be09fc0e6eafdec42ca

Hello postce, lets run an F-Secure online scan for Viruses, Spyware and RootKits:

• Go to http://support.f-secure.com/enu/home/ols.shtml
• Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
• Allow the Active X control to be installed on your computer, then click the Accept button
• Click Full System Scan and allow the components to download and the scan to complete.
• If malware is found, check Submit samples to F-Secure then select Automatic cleaning
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan

• When the cleaning option is presented, Uncheck Submit samples to F-Secure
• Click Automatic cleaning
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:

• This scan will only work with Internet Explorer
• You must have administrator rights to run this scan
• This scan can take several hours, so please be patient

Also, you have adequate protection on your computer, but it's mainly LimeWire that's dropping nasties on your system

This post has been edited by Fredil Yupigo: Nov 20 2007, 09:56 PM

Hi,

When I click the scan button it says I have insufficient rights to use Active X controls...which is odd because I've installed it before? How do I get the rights? It's my home computer so I should have them.

Thanks,
postce

Hello postce, can you log onto Safe Mode with Networking:

• Reboot your computer.
• As soon as your computer is starting up, tap F8 repeatedly.
• Eventually you will be presented with an Advanced Options menu; select Safe Mode with Networking.
• Log in with the Administrator account - important!

Now try to run the scan again from the Administrator account When it finishes, save the results somewhere - because you will have to reboot into Normal Mode and do the following:

Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

In your next post
------------------------------------------------

• F-Secure results
• ComboFix log

Hi again,

I've gone through safemode with networking, logged in as the administrator and it is still saying I have insufficient rights. Which is odd, because I'm fairly sure I've enabled ActiveX before on this computer...

Postce

Hello postce, ignore the F-Secure scan and just run ComboFix

Sorry it took me so long to respond... Here are the two logs:

Combo log:

ComboFix 07-11-19.4C - Christine 2007-12-01 13:49:29.1 - NTFSx86
Running from: C:\Documents and Settings\Christine\Temporary Internet Files\Content.IE5\H1BAQIDF\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-01 to 2007-12-01 )))))))))))))))))))))))))))))))
.

2007-11-26 12:19 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-19 12:43 26,496 --a------ C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-14 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2007-11-13 20:57 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-13 20:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-13 20:48 <DIR> d-------- C:\Deckard
2007-11-09 19:14 <DIR> d-------- C:\Documents and Settings\Taylor.PC161035812295\Application Data\Grisoft
2007-11-08 20:22 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-11-08 20:22 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2007-11-08 20:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-08 19:26 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-08 19:26 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-08 19:26 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-11-08 19:26 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-08 19:26 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-08 19:26 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-08 19:26 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-11-08 19:26 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-08 19:26 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-08 17:43 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-08 15:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-08 15:17 <DIR> d-------- C:\Documents and Settings\Christine\Application Data\SUPERAntiSpyware.com
2007-11-08 15:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-08 15:15 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-08 14:29 <DIR> d-------- C:\Documents and Settings\Administrator.PC161035812295\Application Data\Grisoft
2007-11-08 14:28 <DIR> d-------- C:\Documents and Settings\Administrator.PC161035812295\Application Data\Symantec
2007-11-08 14:28 <DIR> d-------- C:\Documents and Settings\Administrator.PC161035812295\Application Data\Intuit
2007-11-08 14:23 <DIR> d-------- C:\Documents and Settings\Christine\Application Data\Grisoft
2007-11-08 14:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 14:22 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-08 13:19 <DIR> d-------- C:\Program Files\Netscape Internet Service
2007-11-08 13:19 <DIR> d-------- C:\Program Files\Common Files\ISPCOMP
2007-11-08 13:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ISPCOMP
2007-11-08 13:08 <DIR> d-------- C:\Documents and Settings\Christine\Application Data\Netscape
2007-11-08 12:40 <DIR> d--hs---- C:\found.006
2007-11-08 11:58 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-08 11:58 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-07 23:44 <DIR> d-------- C:\Program Files\Dcads Games Collection
2007-11-07 22:51 <DIR> d-------- C:\Documents and Settings\Taylor.PC161035812295\Application Data\Yahoo!
2007-11-07 18:49 <DIR> d-------- C:\Documents and Settings\Christine\Application Data\AdobeUM
2007-11-07 07:52 <DIR> d-------- C:\Documents and Settings\Christine\Application Data\Yahoo!
2007-11-06 20:03 <DIR> d-------- C:\Documents and Settings\Taylor.PC161035812295\Shared
2007-11-06 20:03 <DIR> d-------- C:\Documents and Settings\Taylor.PC161035812295\Incomplete
2007-11-06 20:03 <DIR> d-------- C:\Documents and Settings\Taylor.PC161035812295\Application Data\LimeWire
2007-11-06 18:26 <DIR> d--hs---- C:\Documents and Settings\Taylor.PC161035812295\UserData
2007-11-06 12:23 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-11-06 12:23 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-11-06 12:23 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-11-05 22:33 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-11-05 22:16 574,464 --------- C:\WINDOWS\system32\dllcache\ntfs.sys
2007-11-05 21:40 <DIR> d--hs---- C:\Documents and Settings\Christine\UserData
2007-11-05 21:20 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-11-05 21:07 <DIR> d--hs---- C:\Documents and Settings\Taylor.PC161035812295\Temporary Internet Files
2007-11-05 21:07 <DIR> d--hs---- C:\Documents and Settings\Taylor.PC161035812295\History
2007-11-05 21:07 <DIR> d-------- C:\Documents and Settings\Taylor.PC161035812295\Application Data\Symantec
2007-11-05 21:07 <DIR> d-------- C:\Documents and Settings\Taylor.PC161035812295\Application Data\Intuit
2007-11-05 20:44 <DIR> d--hs---- C:\Documents and Settings\Christine\Temporary Internet Files
2007-11-05 20:44 <DIR> d--hs---- C:\Documents and Settings\Christine\History
2007-11-05 20:44 1,717 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_Presario C300 (RH211UA#ABA)_YN_0Pres_QCND6372976_E433358001_46_I30C6_SHP_V78.08_BF.05_T060814_
XH2_L409_M503_J60_7Intel_8Celeron M 420_91.6_#071105_N10EC8139_(RH211UA#ABA)_XMOBILE_CN10_Z_2F.05.MRK
2007-11-05 20:43 <DIR> d-------- C:\Documents and Settings\Christine\Application Data\Symantec
2007-11-05 20:43 <DIR> d-------- C:\Documents and Settings\Christine\Application Data\Intuit
2007-11-05 20:42 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2007-11-05 20:42 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intuit
2007-11-05 20:39 5,632 --a------ C:\WINDOWS\system32\kbdusa.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-11-10 16:56]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-25 17:59]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 23:58]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 06:17]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 06:13]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 06:17]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 09:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 22:19]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-16 23:22]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-23 15:43]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 17:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 17:30]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 16:21]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 11:50]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 11:23]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 10:52]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"Netscape"="C:\Program Files\Common Files\ISPCOMP\InstallService.exe" [2005-09-06 18:01]
"NetscapeClient"="" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-14 16:39:12]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 10:39:30]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-08-08 23:54:31]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2007-11-10 16:56 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL


*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-11-17 01:42:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-06 02:52:01 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Hewlett-Packard\SDP\HPSdpApp.exef/remind /LaunchPoint reminder /App C:\Program Files\Hewlett-Packard\Easy Internet signup\StartEIS.aml
"2007-11-05 00:15:32 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-11-17 06:38:17 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Christine.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
"2007-11-17 02:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - TAYLOR.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 13:58:00
Windows 5.1.2600 Service