internet speed moniter [RESOLVED]

Hi there,

Welcome to GeeksToGo. My name is RatHat, and I will help you get through the process of cleaning the malware from your computer.


OK firstly, I need you to print out each post I make so that you can refer to it while we fix your computer. This is because there will be times when you are unable to be online to read my instructions, and I will want you to do everything very carefully.

Next, I would like to make sure that you can view hidden files and folders;

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Under the Hidden files and folders heading SELECT Show hidden files and folders.
• UNCHECK the Hide protected operating system files (recommended) option.
• UNCHECK the Hide extensions for known file types option.
• Click Yes to confirm.
• Click OK.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Your version of Java is out of date. Please update to the latest version here (Java Runtime Environment (JRE) 6 Update 3). Once downloaded, install it and then Reboot your computer.

It is most important that you also uninstall older versions of Java.

• Click Start, Control Panel, Add/Remove Programs.
• Delete all Java updates except Java ™ 6 Update 3

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\7.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\7.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...earch.html?p=ZS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\WinAble
C:\Program Files\MyWebSearch

After that, Reboot.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Download ComboFix from Here or Here to your Desktop.

• Double click combofix.exe and follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


After completing the above, please run an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display the results if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next post, please include the following:

• The combofix log
• The Kaspersky log
• A fresh HijackThis log
• Let me know how your computer is behaving

Regards,
RatHat

Here is the log for combo.fix. I had a little trouble becasue norton tried to stop it but i finally got it to finish.


ComboFix 07-10-12.4 - Carl 2007-10-14 19:04:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.77 [GMT -5:00]
Running from: C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\EQF3EG17\ComboFix[1].exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Carl\Application Data\ICROSO~1
C:\Documents and Settings\Carl\Application Data\macromedia\Flash Player\#SharedObjects\NRK8GW8N\www.broadcaster.com
C:\Documents and Settings\Carl\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Carl\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Carl\My Documents\internet.lnk
C:\Documents and Settings\Carl\My Documents\WNSXS~1
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\Installr\3.bin\F3EZSETP.DLL
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\7.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\7.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\7.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\7.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\7.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\7.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\7.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\7.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\7.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\7.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\7.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\7.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\7.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\7.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\7.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Cache\0006D8EE
C:\Program Files\MyWebSearch\bar\Cache\000F1C58.bin
C:\Program Files\MyWebSearch\bar\Cache\000F1FA4.bin
C:\Program Files\MyWebSearch\bar\Cache\000F2234.bin
C:\Program Files\MyWebSearch\bar\Cache\000F5DB7.bin
C:\Program Files\MyWebSearch\bar\Cache\000F6037.bin
C:\Program Files\MyWebSearch\bar\Cache\000F6289.bin
C:\Program Files\MyWebSearch\bar\Cache\000F676B.bin
C:\Program Files\MyWebSearch\bar\Cache\000F6930.bin
C:\Program Files\MyWebSearch\bar\Cache\000F6A3A.bin
C:\Program Files\MyWebSearch\bar\Cache\000F6B24.bin
C:\Program Files\MyWebSearch\bar\Cache\000F6D95.bin
C:\Program Files\MyWebSearch\bar\Cache\00466DF7
C:\Program Files\MyWebSearch\bar\Cache\005B9957.bin
C:\Program Files\MyWebSearch\bar\Cache\009EA7E7
C:\Program Files\MyWebSearch\bar\Cache\041DF9B0
C:\Program Files\MyWebSearch\bar\Cache\22359A2A.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\prevcfg.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat.bak
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.htm.bak
C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL
C:\Program Files\WinAble
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\drivers\blank.gif
C:\WINDOWS\system32\drivers\box_1.gif
C:\WINDOWS\system32\drivers\box_2.gif
C:\WINDOWS\system32\drivers\box_3.gif
C:\WINDOWS\system32\drivers\button_buynow.gif
C:\WINDOWS\system32\drivers\button_freescan.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_box.gif
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\footer_back.jpg
C:\WINDOWS\system32\drivers\header_1.gif
C:\WINDOWS\system32\drivers\header_2.gif
C:\WINDOWS\system32\drivers\header_3.gif
C:\WINDOWS\system32\drivers\header_4.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\icon_warning_big.gif
C:\WINDOWS\system32\drivers\infected.gif
C:\WINDOWS\system32\drivers\main_back.gif
C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
C:\WINDOWS\system32\drivers\product_1_header.gif
C:\WINDOWS\system32\drivers\product_1_name_small.gif
C:\WINDOWS\system32\drivers\product_2_header.gif
C:\WINDOWS\system32\drivers\product_2_name_small.gif
C:\WINDOWS\system32\drivers\product_3_header.gif
C:\WINDOWS\system32\drivers\product_3_name_small.gif
C:\WINDOWS\system32\drivers\product_features.gif
C:\WINDOWS\system32\drivers\pt.htm
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\remove_spyware_header.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\sep_hor.gif
C:\WINDOWS\system32\drivers\sep_vert.gif
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\drivers\spacer.gif
C:\WINDOWS\system32\drivers\spy_away_box.jpg
C:\WINDOWS\system32\drivers\spyware_detected.gif
C:\WINDOWS\system32\drivers\star.gif
C:\WINDOWS\system32\drivers\star_gray.gif
C:\WINDOWS\system32\drivers\star_gray_small.gif
C:\WINDOWS\system32\drivers\star_small.gif
C:\WINDOWS\system32\drivers\style.css
C:\WINDOWS\system32\drivers\v.gif
C:\WINDOWS\system32\drivers\warning_ico.gif
C:\WINDOWS\system32\drivers\warning_icon.gif
C:\WINDOWS\system32\drivers\win_logo.gif
C:\WINDOWS\system32\drivers\x.gif
C:\WINDOWS\system32\drivers\yellow_warning_ico.gif
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\UpMedia
C:\WINDOWS\system32\UpMedia\uninstallSE.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-14 19:01 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 18:18 <DIR> d-------- C:\Documents and Settings\Carl\.SunDownloadManager
2007-10-13 21:48 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-13 19:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-10-13 19:31 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-10-13 19:31 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-13 19:31 <DIR> d-------- C:\Documents and Settings\Carl\Application Data\SUPERAntiSpyware.com
2007-10-13 15:55 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-13 12:10 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-10-13 12:05 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-10-13 12:05 22,016 --a------ C:\WINDOWS\system32\ace16win.dll
2007-10-11 22:09 <DIR> d---s---- C:\Documents and Settings\Carl\%USERPROFILE%
2007-10-08 18:02 <DIR> d---s---- C:\WINDOWS\system32\%USERPROFILE%
2007-10-06 21:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-04 20:23 <DIR> d-------- C:\Program Files\Common Files\Kodak
2007-10-04 20:23 <DIR> d-------- C:\KPCMS
2007-10-04 18:53 <DIR> d-------- C:\Program Files\Easy SpyRemover
2007-10-04 17:16 63 --a--c--- C:\WINDOWS\system\SysSD.dll
2007-09-29 05:50 <DIR> d-------- C:\Program Files\Temporary
2007-09-29 05:47 <DIR> d-------- C:\Program Files\ISM2

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-14 23:29 --------- d-----w C:\Program Files\Java
2007-10-14 03:26 --------- d-----w C:\Program Files\QuickTime
2007-10-14 03:25 --------- d-----w C:\Program Files\MSN Messenger
2007-10-13 20:48 --------- d-----w C:\Documents and Settings\Carl\Application Data\Lavasoft
2007-10-09 23:30 --------- d-----w C:\Program Files\LimeWire
2007-10-07 21:16 --------- d-----w C:\Program Files\Norton SystemWorks
2007-10-07 03:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\IEService
2007-10-06 00:18 --------- d-----w C:\Program Files\DivX
2007-10-05 01:24 --------- d-----w C:\Program Files\Kodak
2007-10-05 01:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2007-09-30 00:37 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-09-03 23:02 --------- d-----w C:\Documents and Settings\Carl\Application Data\Image Zone Express
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-19 23:10 --------- d-----w C:\Documents and Settings\Carl\Application Data\AdobeUM
2007-07-31 00:19 92,504 -c--a-w C:\WINDOWS\system32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-31 00:19 43,352 -c--a-w C:\WINDOWS\system32\wups2.dll
2007-07-31 00:19 325,976 -c--a-w C:\WINDOWS\system32\wucltui.dll
2007-07-31 00:19 203,096 -c--a-w C:\WINDOWS\system32\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-26 23:06 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-07-26 23:06 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-05-02 04:55 374 -c--a-w C:\Documents and Settings\Carl\Application Data\internaldb6334.dat
2007-05-02 04:52 538 -c--a-w C:\Documents and Settings\Carl\Application Data\internaldb8467.dat
2007-05-02 04:52 18,432 -c--a-w C:\Documents and Settings\Carl\Application Data\internaldb41.dat
2005-08-18 21:48:00 32 -csha-w C:\WINDOWS\{05BAE28E-BBFE-4674-9A62-F16789590606}.dat
2005-08-18 21:48:00 32 -csha-w C:\WINDOWS\{21FF71E5-6F27-486E-B4A4-BDA7F2E7A70E}.dat
2005-08-18 21:46:34 32 -csha-w C:\WINDOWS\{2D993910-49C1-44FA-BE37-44EC170D530C}.dat
2005-08-18 21:48:00 32 -csha-w C:\WINDOWS\{79C72AE7-4B14-44C2-A185-5BD388EBDEC3}.dat
2005-08-18 21:49:03 32 -csha-w C:\WINDOWS\{CEB52D4A-3F7A-4A9B-BF7E-6ED83EEA5C79}.dat
2005-08-18 21:49:48 32 -csha-w C:\WINDOWS\{D90807CD-71B5-44EF-9051-83314DFAEDD4}.dat
2005-08-18 21:50:20 32 -csha-w C:\WINDOWS\{F9BE0E3C-5AE1-47D9-A7C4-350EAF2599E2}.dat
2004-11-23 15:14:06 425,239 -csh--w C:\WINDOWS\security\Database\sarlld.bak1
2004-11-24 03:14:41 840,921 -csh--w C:\WINDOWS\security\Database\sarlld.bak2
2005-08-18 21:48:00 32 -csha-w C:\WINDOWS\system32\{05456890-7C8E-43A3-A583-1B4068F17501}.dat
2005-08-18 21:49:03 32 -csha-w C:\WINDOWS\system32\{13272F38-CA43-47C0-93E6-42A450A33467}.dat
2005-08-18 21:48:00 32 -csha-w C:\WINDOWS\system32\{5F2287E4-4E54-4059-8361-3583FC8982DE}.dat
2005-08-18 21:46:34 32 -csha-w C:\WINDOWS\system32\{95DDE957-DCAF-4186-83EB-BFD0C692EE63}.dat
2005-08-18 21:48:00 32 -csha-w C:\WINDOWS\system32\{C32E1BD5-2D58-4332-BBBA-56D781092C40}.dat
2005-08-18 21:50:20 32 -csha-w C:\WINDOWS\system32\{C5E85ECA-AB48-4595-AE83-830765DB7D0B}.dat
2005-08-18 21:49:48 32 -csha-w C:\WINDOWS\system32\{F065B90A-BAF4-48AF-8923-AE9584E6820F}.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2002-08-19 22:22]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-08-19 22:23]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2005-08-20 02:43]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-09-29 14:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-06-28 22:33]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-07-31 15:54]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 19:04]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll,schannel.dll,digest.dll,msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CompuServe 7.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CompuServe 7.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\CompuServe 7.0 Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=C:\WINDOWS\pss\Kodak software updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Carl^Start Menu^Programs^Startup^Solo para Adultos.lnk]
path=C:\Documents and Settings\Carl\Start Menu\Programs\Startup\Solo para Adultos.lnk
backup=C:\WINDOWS\pss\Solo para Adultos.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cat]
C:\Program Files\CAT\cat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Cleaner]
"C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPS]
C:\DOCUME~1\Carl\LOCALS~1\Temp\TEMP~4.FR2\TBPS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)

R1 DcCam;Kodak Camera Proxy;C:\WINDOWS\system32\DRIVERS\DcCam.sys
R2 DCFS2K;Kodak DCFS2K Driver;C:\WINDOWS\system32\drivers\dcfs2k.sys
R3 Intels51;Intel® 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys
R3 trid3d;trid3d;C:\WINDOWS\system32\DRIVERS\trid3dm.sys
S1 Exportit;Exportit;C:\WINDOWS\system32\DRIVERS\exportit.sys
S3 DcFpoint;DcFpoint;C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
S3 DcLps;Legacy Polling Service;C:\WINDOWS\system32\DRIVERS\DcLps.sys
S3 DcPTP;dcptp;C:\WINDOWS\system32\DRIVERS\DcPTP.sys
S3 NPDriver;Norton Unerase Protection Driver;\??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
S3 pc22nd5;Toshiba PCX2200 USB Cable Modem networking driver (NDIS);C:\WINDOWS\system32\DRIVERS\pc22nd5.sys
S3 pc22unic;Toshiba PCX2200 USB Cable Modem WDM driver;C:\WINDOWS\system32\DRIVERS\pc22unic.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-10-13 01:00:32 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
"2007-10-12 22:32:28 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
"2007-10-14 23:03:17 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-14 19:12:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-14 19:50:47 - machine was rebooted
.
--- E O F ---

Please continue with the Kaspersky scan, and post me the report and a fresh HijackThis log.

Also, please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Regards,
RatHat

Here is Kaspersky log. Will send hijackthis log in next post. THANKS for all your help!!!!!

KASPERSKY ONLINE SCANNER REPORT
Sunday, October 14, 2007 9:54:33 PMOperating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 15/10/2007Kaspersky Anti-Virus database records: 436036

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\C:\D:\E:\

Scan Statistics
Total number of scanned objects 43665
Number of viruses found 22
Number of infected objects 86
Number of suspicious objects 0
Duration of the scan process 01:38:03

Infected Object Name Virus Name Last Action
C:\2087.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\2087.tmp NSIS: infected - 1 skipped

C:\2088.tmp/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped

C:\2088.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.AdBand.c skipped

C:\2088.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.jn skipped

C:\2088.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.jn skipped

C:\2088.tmp NSIS: infected - 4 skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Carl\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped

C:\Documents and Settings\Carl\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Carl\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Carl\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Carl\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Carl\Local Settings\History\History.IE5\MSHist012007101420071015\index.dat Object is locked skipped

C:\Documents and Settings\Carl\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\Carl\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Carl\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Carl\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\3.bin\F3EZSETP.DLL.vir Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.f skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\4.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\5.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\6.bin\MWSBAR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\F3CJPEG.DLL.vir Infected: not-a-virus:AdWare.Win32.FunWeb.d skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\F3DTACTL.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.z skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\F3HISTSW.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\F3HTMLMU.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\F3HTTPCT.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\F3POPSWT.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\F3PSSAVR.SCR.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\F3REPROX.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.v skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\F3RESTUB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\F3SCRCTR.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\F3WPHOOK.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\M3HTML.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.f skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\M3IDLE.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\M3OUTLCN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\M3PLUGIN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\M3SKIN.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\MWSOEPLG.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\MWSOESTB.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\bar\7.bin\NPMYWEBS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1377\A0429578.exe Infected: Trojan.Win32.VB.azo skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1378\A0429595.exe Infected: not-virus:Hoax.Win32.Renos.kj skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1378\A0429596.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1378\A0429597.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1378\A0429598.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1378\A0429599.dll Infected: Trojan-Spy.Win32.Banker.exc skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1378\A0429600.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1378\A0429602.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1378\A0429602.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1378\A0429602.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431877.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431878.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.f skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431879.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431880.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431881.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431882.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431883.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431884.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431885.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431886.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431887.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.p skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431888.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431889.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.z skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431890.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431891.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431892.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431893.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431894.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431895.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.v skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431896.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431897.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431898.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.bh skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431899.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.f skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431900.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ax skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431901.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431902.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431903.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431904.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ab skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431905.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431906.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431908.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431909.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431910.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\A0431913.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1382\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Here is hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 10:05:45 PM, on 10/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.co...ne_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay10...es/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Hey phatboy454,

We're getting there!

Please download OTMoveIt by OldTimer.

• Save it to your desktop.
• Double-click OTMoveIt.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\2087.tmp
C:\2088.tmp
C:\Program Files\MSN Messenger\riched20.dll


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.

• Click the red Moveit! button.
• Open Notepad, and copy everything in the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
• Save the Notepad file to your Desktop as OTM.txt.
• Close OTMoveIt

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please include the contents of OTM.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now you already have SUPERAntispyware, so lets update the definitions, then run a scan with it:

• Double-click the SUPERAntispyware icon on your desktop to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next, please produce an Uninstall List from HijackThis:

• Re-Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager"
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


So in your next reply, please include the following:

• OTM.txt
• The SUPERAntiSpyware log
• The HijackThis Uninstall list
• Let me know how your computer is performing now

Regards,
RatHat

hi, hey the house got hit by lightening. just wanted to say we havent been able to work on pc yet, we havent left you. thank you very much for all the help you are giving us.

No problem, get back to me when you can.

Regards,
RatHat

OK, here is the lists your requested. Hopefully this does the trick. THANKS for everything!!!!

C:\2087.tmp moved successfully.
C:\2088.tmp moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\MSN Messenger\riched20.dll
C:\Program Files\MSN Messenger\riched20.dll NOT unregistered.
C:\Program Files\MSN Messenger\riched20.dll moved successfully.
File/Folder not found.

Created on 10/27/2007 15:52:43


Adobe Reader 6.0.1
AVG Anti-Spyware 7.5
CardRd81
CCHelp
CCScore
CR2
DivX Web Player
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSEMAIL
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
Hijackthis 1.99.1
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HLPSFO
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Solution Center 7.0
HP Update
iLrn Online
Indeo® software
Java™ 6 Update 3
Kaspersky Online Scanner
Kodak EasyShare software
KSU
LimeWire 4.14.10
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Office 2000 Professional
Microsoft Picture It! Express 7.0
Microsoft PowerPoint Viewer 97
Motocross Mania
MSN Toolbar
MySpaceIM
Norton SystemWorks 2003
Norton WMI Update
Notifier
OfotoXMI
OTtBP
OTtBPSDK
Panda ActiveScan
PCDLNCH
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
SFR
SFR2
Shockwave
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
USB MassStorage CardReader
VCAMCEN
VPRINTOL
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Address AutoComplete
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar

SUPERAntiSpyware Scan Log
Generated 10/27/2007 at 06:08 PM

Application Version : 3.6.1000

Core Rules Database Version : 3332
Trace Rules Database Version: 1333

Scan type : Complete Scan
Total Scan Time : 02:08:34

Memory items scanned : 451
Memory threats detected : 0
Registry items scanned : 5080
Registry threats detected : 0
File items scanned : 50244
File threats detected : 42

Adware.Tracking Cookie
C:\Documents and Settings\Carl\Cookies\[email protected][1].txt
C:\Documents and Settings\Carl\Cookies\[email protected][2].txt
C:\Documents and Settings\Carl\Cookies\carl@adlegend[1].txt
C:\Documents and Settings\Carl\Cookies\[email protected][2].txt
C:\Documents and Settings\Carl\Cookies\carl@adrevolver[1].txt
C:\Documents and Settings\Carl\Cookies\carl@2o7[1].txt
C:\Documents and Settings\Carl\Cookies\carl@bluestreak[2].txt
C:\Documents and Settings\Carl\Cookies\carl@specificclick[1].txt
C:\Documents and Settings\Carl\Cookies\carl@cgi-bin[2].txt
C:\Documents and Settings\Carl\Cookies\carl@tribalfusion[1].txt
C:\Documents and Settings\Carl\Cookies\carl@trafficmp[1].txt
C:\Documents and Settings\Carl\Cookies\[email protected][1].txt
C:\Documents and Settings\Carl\Cookies\carl@questionmarket[2].txt
C:\Documents and Settings\Carl\Cookies\carl@screensavers[2].txt
C:\Documents and Settings\Carl\Cookies\[email protected][2].txt
C:\Documents and Settings\Carl\Cookies\carl@doubleclick[2].txt
C:\Documents and Settings\Carl\Cookies\carl@realmedia[1].txt
C:\Documents and Settings\Carl\Cookies\[email protected][1].txt
C:\Documents and Settings\Carl\Cookies\carl@adserver[1].txt
C:\Documents and Settings\Carl\Cookies\carl@casalemedia[1].txt
C:\Documents and Settings\Carl\Cookies\[email protected][1].txt
C:\Documents and Settings\Carl\Cookies\carl@ad[1].txt
C:\Documents and Settings\Carl\Cookies\[email protected][1].txt
C:\Documents and Settings\Carl\Cookies\carl@partner2profit[2].txt
C:\Documents and Settings\Carl\Cookies\[email protected][2].txt
C:\Documents and Settings\Carl\Cookies\carl@mediaplex[1].txt
C:\Documents and Settings\Carl\Cookies\carl@zedo[1].txt
C:\Documents and Settings\Carl\Cookies\[email protected][2].txt
C:\Documents and Settings\Carl\Cookies\carl@revsci[2].txt
C:\Documents and Settings\Carl\Cookies\carl@atdmt[2].txt
C:\Documents and Settings\Carl\Cookies\[email protected][1].txt
C:\Documents and Settings\Carl\Cookies\carl@fastclick[2].txt
C:\Documents and Settings\Carl\Cookies\carl@media6degrees[1].txt
C:\Documents and Settings\Carl\Cookies\carl@advertising[1].txt
C:\Documents and Settings\Carl\Cookies\[email protected][1].txt
C:\Documents and Settings\Carl\Cookies\carl@adrevolver[2].txt
C:\Documents and Settings\Carl\Cookies\[email protected][2].txt
C:\Documents and Settings\Carl\Cookies\carl@interclick[1].txt
C:\Documents and Settings\Carl\Cookies\[email protected][2].txt
C:\Documents and Settings\Carl\Cookies\carl@serving-sys[1].txt

Trojan.Downloader-Gen/Burre
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1378\A0429599.DLL

Adware.eXact Advertising
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B4165FD0-9C08-46F0-907F-31D799E6559E}\RP1378\A0429602.EXE


Phatboy454

Hey Carl,

Hope everything is OK with the house now.

Alright the most likely source of your infection is Limewire. P2P programs cause more problems than they are worth, and are one of the easiest methods of spreading maware, so lets get rid of it.

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

LimeWire 4.14.10

Please note any other programs that you dont recognize in that list in your next response

After that, Reboot.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next, please run ATF Cleaner again: Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now please double-click OTMoveIt.exe to run it.
Click the Clean up button
Click YES at the next prompt (list downloaded, Do you want to begin cleanup process?)
Click Yes to the reboot.
Then you can delete OTMoveIt.exe and the folder C:\_OTMoveIt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now lets Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Turn OFF System Restore.

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• Check Turn off System Restore.
• Click Apply, and then click OK.

Restart your computer.

Turn ON System Restore.

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• UN-Check Turn off System Restore.
• Click Apply, and then click OK.

System Restore will now be active again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OK, in your next post, could you give me a fresh HijackThis log, and let me know how your machine is running.

Regards,
RatHat

Do you still require assistance with this log?

Regards,
RatHat

i think we got it the pc is workin great, i cannot thank you enough for all your help and the time you have givin us on this matter, do we take off all the stuff you had us install, what do i do with all the logs i had copied and sent to you do i delete or save that stuff. you all are just awesume and i thank you for all the help. Carl

Hey Carl,

Could you post me one more HijackThis log, just so I can make sure that you are completely clean.

Regards,
RatHat

ok, we will get it to you. may not make it before you leave thou; i wll get it on here. thanx again.