Here are the results of the work that I was to do.
The Blacklight scan- it did not find anything harmful, but here is the log
04/10/06 13:38:02 [Info]: BlackLight Engine 1.0.35 initialized
04/10/06 13:38:02 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/10/06 13:38:03 [Note]: 7019 4
04/10/06 13:38:03 [Note]: 7005 0
04/10/06 13:39:00 [Note]: 7006 0
04/10/06 13:39:00 [Note]: 7011 1968
04/10/06 13:39:00 [Note]: 7026 0
04/10/06 13:39:00 [Note]: 7026 0
04/10/06 13:39:01 [Note]: FSRAW library version 1.7.1015
04/10/06 13:41:14 [Note]: 7007 0
Here is the Panda Log
Incident Status Location
Adware:adware/statblaster Not disinfected C:\WINDOWS\SYSTEM32\WBCMUninst.exe
Adware:adware/ieplugin Not disinfected C:\WINDOWS\kwv2.dat
Adware:adware/sidesearch Not disinfected C:\WINDOWS\sepsd.bin
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys
Potentially unwanted tool:application/mywebsearch Not disinfected C:\PROGRAM FILES\MyWebSearch
Potentially unwanted tool:application/myway Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MY WAY SPEEDBAR UNINSTALL
Adware:adware/esyndicate Not disinfected Windows Registry
Potentially unwanted tool:application/funweb Not disinfected HKEY_CLASSES_ROOT\SCREENSAVERCONTROL.SCREENSAVERINSTALLER
Spyware:spyware/apropos Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ALTNETDM
Adware:adware/comet Not disinfected Windows Registry
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Cookies\user@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\user\Cookies\user@adultfriendfinder[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Cookies\user@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\user\Cookies\user@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Cookies\user@belnk[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Cookies\user@burstnet[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\user\Cookies\user@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Cookies\user@com[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\user\Cookies\user@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\user\Cookies\user@entrepreneur[1].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\user\Cookies\user@errorguard[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\user\Cookies\user@fastclick[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\user\Cookies\user@go[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\user\Cookies\user@paycounter[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\user\Cookies\user@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\user\Cookies\user@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\user\Cookies\user@serving-sys[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\user\Cookies\user@trafficmp[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\user\Cookies\user@webpower[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\user\Cookies\user@zedo[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\user\Cookies\user@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\user\Cookies\user@adultfriendfinder[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\user\Cookies\user@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\user\Cookies\user@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Cookies\user@belnk[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\user\Cookies\user@burstnet[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\user\Cookies\user@ccbill[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\user\Cookies\user@com[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\user\Cookies\user@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\user\Cookies\user@entrepreneur[1].txt
Spyware:Cookie/Errorguard Not disinfected C:\Documents and Settings\user\Cookies\user@errorguard[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\user\Cookies\user@fastclick[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\user\Cookies\user@go[2].txt
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\user\Cookies\user@paycounter[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\user\Cookies\user@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\user\Cookies\user@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\user\Cookies\user@serving-sys[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\user\Cookies\user@trafficmp[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\user\Cookies\user@webpower[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\user\Cookies\
[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\user\Cookies\user@zedo[1].txt
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\user\Desktop\backups\backup-20051206-165912-359.inf
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Documents and Settings\user\Desktop\backups\backup-20060301-221430-394.dll
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
Here is the HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 3:40:57 PM, on 4/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.c.../search/ie.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my.msn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://store.presari...&c=1c02&lc=0409R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "c:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {C23D8BF6-40C7-4630-881F-244C7EE41F89} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -
http://zone.msn.com/...fault/shapo.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{EFA2375C-8790-409E-99C9-3CADD940CC01}: NameServer = 204.127.203.135,216.148.225.135
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
I also have a Program file on my desktop that I never recall getting, I think it came from a download that someone else had me do to fix problems. It is called Desktop it looks like a notepad with a gear on it.
It says if I delete it I can harm some programs, here is a copy of the program
[LocalizedFileNames]
Windows Media Player.lnk=@C:\WINDOWS\inf\unregmp2.exe,-4
THe file is from the configuration settings from the Destop file
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
Let me know what to do next
thanks
Hiebs5