[didom]

This log looks clean!

• Don't forget to re-hide all files and folders. To re-hide all files and folders:
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading deselect "Show hidden files and folders".
  • Check the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
• This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....
  
  Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.
  
  Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.
  
  This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts. You are running Windows XP so get updated to SP-2
  
  Please post back if you are still having any problems....

[Advertisements]

thanks for all your help but one thing, my computers still slow. what else could be the problem??

[demonicangel]

thanks for all your help but one thing, my computers still slow. what else could be the problem??

[didom]

Please download RootKitRevealer from here:
http://www.sysintern...kitrevealer.zip
Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.

[demonicangel]

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 10/24/2005 4:02 PM 80 bytes Data mismatch between Windows API and raw hive data.
C:\$VAULT$.AVG\05401667.FIL 10/24/2005 4:25 PM 62.46 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\1[1].gif 10/24/2005 4:14 PM 8.23 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\adivina1[1].htm 10/24/2005 4:09 PM 10.19 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\adivinanti[1].gif 10/24/2005 4:13 PM 7.20 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\Adivinanzas[1].gif 10/24/2005 4:11 PM 2.25 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\adivinanzas[1].htm 10/24/2005 4:11 PM 18.33 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\ads[6].htm 10/24/2005 4:09 PM 2.99 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\b_body[1].gif 10/24/2005 4:11 PM 504 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\b_logic[1].gif 10/24/2005 4:11 PM 1.85 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\b_obj[1].gif 10/24/2005 4:11 PM 620 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\badge_hostedby_purp_2[1].gif 10/24/2005 4:10 PM 779 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\bannerkalimbo[1].gif 10/24/2005 4:11 PM 5.01 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\boton2_f2[1].jpg 10/24/2005 4:15 PM 6.37 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\boton5[1].jpg 10/24/2005 4:15 PM 6.33 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\boton5_f2[1].jpg 10/24/2005 4:15 PM 6.51 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\CAEJQZI1.htm 10/24/2005 4:15 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\CAFU25BJ.htm 10/24/2005 4:12 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\CAG1SP0B.htm 10/24/2005 4:13 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\CAJIALZB.htm 10/24/2005 4:14 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\caminant[1].gif 10/24/2005 4:14 PM 34.01 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\fecha[1].js 10/24/2005 4:11 PM 755 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\fichas_profe[1].gif 10/24/2005 4:11 PM 4.11 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\fondo%20copia[1].jpg 10/24/2005 4:14 PM 17.84 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\fondo[1].jpg 10/24/2005 4:15 PM 765 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\fondoadivina[1].jpg 10/24/2005 4:13 PM 4.94 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\geo_tab_right1[1].gif 10/24/2005 4:10 PM 942 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\geovck07[1].js 10/24/2005 4:10 PM 4.28 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\h[1].htm 10/24/2005 4:10 PM 10.36 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\izdafondo[1].gif 10/24/2005 4:11 PM 63 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\mt_dropdown_initialize[1].js 10/24/2005 4:15 PM 98 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\mt_style[1].css 10/24/2005 4:15 PM 1.14 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\ovad01[1].js 10/24/2005 4:10 PM 704 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\p_musica[1].gif 10/24/2005 4:11 PM 2.84 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\pie_[1].gif 10/24/2005 4:11 PM 9.17 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\recomienda[1].gif 10/24/2005 4:11 PM 159 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\rotation[1].htm 10/24/2005 4:16 PM 255 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\search[13].htm 10/24/2005 4:09 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\search[14].htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\search[15].htm 10/24/2005 4:14 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\search[4] 10/24/2005 4:12 PM 18.47 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\tab04[2].html 10/24/2005 4:10 PM 1.98 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\visit[1].gif 10/24/2005 4:10 PM 85 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\adframe06[1].html 10/24/2005 4:10 PM 1.75 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\adivina[1].gif 10/24/2005 4:11 PM 2.76 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\adivinanzas[1].htm 10/24/2005 4:11 PM 18.66 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\ads[6].htm 10/24/2005 4:15 PM 5.06 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\amazon[1].gif 10/24/2005 4:10 PM 1.65 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\ayudaespanol46[1].htm 10/24/2005 4:13 PM 20.35 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\b[1].gif 10/24/2005 4:10 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\b_idiom[1].gif 10/24/2005 4:11 PM 2.12 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\b_mus[1].gif 10/24/2005 4:11 PM 620 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\bolitaazul[1].gif 10/24/2005 4:15 PM 97 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\boton1_f2[1].jpg 10/24/2005 4:15 PM 5.14 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\boton2[1].jpg 10/24/2005 4:15 PM 6.22 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\boton3_f2[1].jpg 10/24/2005 4:15 PM 6.42 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\boton_azul[1].gif 10/24/2005 4:13 PM 682 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\CAJMGZ7L.htm 10/24/2005 4:09 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\CANEC3V5.htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\CAR247JL.htm 10/24/2005 4:15 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\CAR629NJ.htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\CAS9A7CT.htm 10/24/2005 4:13 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\CAVYS7FX.htm 10/24/2005 4:13 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\cuentacuen[1].gif 10/24/2005 4:14 PM 19.97 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\div03[1].js 10/24/2005 4:10 PM 5.40 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\div[1].css 10/24/2005 4:10 PM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\es[1].gif 10/24/2005 4:14 PM 156 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\estilo[1].css 10/24/2005 4:15 PM 7.94 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\fondo2[1].jpg 10/24/2005 4:15 PM 10.06 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\graciasindex[1].gif 10/24/2005 4:11 PM 215 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\hada1[1].gif 10/24/2005 4:14 PM 28.18 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\home[1].htm 10/24/2005 4:14 PM 11.13 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\logo[1].gif 10/24/2005 4:15 PM 1.84 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\mane_mous[1].gif 10/24/2005 4:11 PM 89 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\mini_premio[1].gif 10/24/2005 4:11 PM 1.34 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\osocaja[1].gif 10/24/2005 4:09 PM 5.29 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\p_all[1].gif 10/24/2005 4:11 PM 5.24 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\pequenet2[1].css 10/24/2005 4:11 PM 4.86 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\porque[1].gif 10/24/2005 4:11 PM 4.58 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\pu5geo[1].js 10/24/2005 4:10 PM 1.91 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\search[10].htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\search[11].htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\search[12].htm 10/24/2005 4:12 PM 15 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\search[5] 10/24/2005 4:08 PM 16.96 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\seleccionada[1].jpg 10/24/2005 4:14 PM 3.38 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\ws-riddles[1].htm 10/24/2005 4:10 PM 12.27 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\1089543[1].htm 10/24/2005 4:09 PM 1 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\8peq[1].gif 10/24/2005 4:11 PM 1.23 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\a[2] 10/24/2005 4:10 PM 119 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\ace1[1].htm 10/24/2005 4:15 PM 15.44 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\b_all[1].gif 10/24/2005 4:11 PM 606 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\b_anim[1].gif 10/24/2005 4:11 PM 549 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\b_com[1].gif 10/24/2005 4:11 PM 626 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\b_natura[1].gif 10/24/2005 4:11 PM 1.70 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\barra1[1].gif 10/24/2005 4:14 PM 7.99 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\blue[1].gif 10/24/2005 4:11 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\boton1[1].jpg 10/24/2005 4:15 PM 4.93 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\boton4_f2[1].jpg 10/24/2005 4:15 PM 927 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\boton6[1].jpg 10/24/2005 4:15 PM 5.38 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\CA9KY11F 10/24/2005 4:15 PM 1.77 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\CAFUQTB7.htm 10/24/2005 4:13 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\CAM7GHA3.htm 10/24/2005 4:10 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\CANE0RVT.htm 10/24/2005 4:12 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\centadivina[1].jpg 10/24/2005 4:13 PM 28.80 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\derecha[1].jpg 10/24/2005 4:15 PM 23.08 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\enlace-2[1].gif 10/24/2005 4:14 PM 2.58 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\ff2[1].htm 10/24/2005 4:15 PM 914 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\fichas2[1].swf 10/24/2005 4:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\fondo%20fucsia[1].jpg 10/24/2005 4:09 PM 3.16 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\geov2[1].js 10/24/2005 4:10 PM 635 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\green[1].gif 10/24/2005 4:11 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\hada[1].gif 10/24/2005 4:14 PM 28.24 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\index[2].htm 10/24/2005 4:15 PM 56.26 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\izdafondo_top[1].gif 10/24/2005 4:11 PM 156 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\logos_pie[1].gif 10/24/2005 4:11 PM 2.80 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\mariquita[1].gif 10/24/2005 4:09 PM 597 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\menu_down[1].gif 10/24/2005 4:11 PM 549 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\mini_correos[1].gif 10/24/2005 4:11 PM 1.36 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\preadivina[1].htm 10/24/2005 4:11 PM 17.40 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\search[11].htm 10/24/2005 4:07 PM 15 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\search[12].htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\search[13].htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\search[14].htm 10/24/2005 4:15 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\search[4] 10/24/2005 4:13 PM 16.95 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\t-spainb[1].gif 10/24/2005 4:10 PM 926 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\ws-riddles[1].htm 10/24/2005 4:10 PM 2.67 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\3_02[1].gif 10/24/2005 4:15 PM 9.78 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\adivina[1].htm 10/24/2005 4:13 PM 12.30 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\b_let[1].gif 10/24/2005 4:11 PM 631 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\b_personas[1].gif 10/24/2005 4:11 PM 1.71 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\b_raton[1].gif 10/24/2005 4:11 PM 277 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\bimag30[1].jpg 10/24/2005 4:13 PM 29.75 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\boton3[1].jpg 10/24/2005 4:15 PM 6.21 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\boton6_f2[1].jpg 10/24/2005 4:15 PM 5.68 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\CA76Y9NZ.htm 10/24/2005 4:14 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\CA7AGZRL.htm 10/24/2005 4:10 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\CA9SW39D.htm 10/24/2005 4:08 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\cabecera_[1].gif 10/24/2005 4:11 PM 19.53 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\CAGXA3WT.htm 10/24/2005 4:14 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\CaLib_468_2[1].gif 10/24/2005 4:11 PM 5.75 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\CALW3YFL 10/24/2005 4:09 PM 1.38 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\clouds[1].jpg 10/24/2005 4:10 PM 2.43 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\diainternet[1].gif 10/24/2005 4:11 PM 7.92 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\envia[1].gif 10/24/2005 4:11 PM 1.69 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\fondobarra[1].jpg 10/24/2005 4:15 PM 406 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\fundo[1].jpg 10/24/2005 4:15 PM 1.80 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\geo_mast_small2[1].gif 10/24/2005 4:10 PM 1.26 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\geo_tab_left1[1].gif 10/24/2005 4:10 PM 943 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\geopromos_120x60[1].gif 10/24/2005 4:16 PM 14.25 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\h[1].php 10/24/2005 4:10 PM 3.64 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\izdafondo[1].gif 10/24/2005 4:11 PM 111 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\izquierda[1].jpg 10/24/2005 4:15 PM 29.44 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\letras[1].gif 10/24/2005 4:14 PM 3.31 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\looney[1].mid 10/24/2005 4:09 PM 4.97 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\menu_up[1].gif 10/24/2005 4:11 PM 198 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\MenuPrinc[1].swf 10/24/2005 4:13 PM 76.50 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\miedo[1].gif 10/24/2005 4:11 PM 21.54 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\mt_dropdown_content[1].js 10/24/2005 4:15 PM 9.39 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\mt_dropdownC[1].js 10/24/2005 4:15 PM 16.12 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\pequeizda[1].gif 10/24/2005 4:11 PM 3.42 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\pequenet[1].js 10/24/2005 4:11 PM 3.87 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\pie_menu[1].gif 10/24/2005 4:11 PM 206 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\search[13].htm 10/24/2005 4:13 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\search[14].htm 10/24/2005 4:14 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\search[2] 10/24/2005 4:12 PM 7.89 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\transparent[1].gif 10/24/2005 4:14 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\wsi-riddle[1].gif 10/24/2005 4:10 PM 2.13 KB Hidden from Windows API.
C:\System Volume Information\_restore{2C8073A7-4A82-4858-BA3D-DA45F71A3330}\RP1\A0000015.exe 10/10/2005 7:53 PM 62.00 KB Visible in Windows API, but not in MFT or directory index.

[didom]

Download CCleaner and install it. (Please do not run the CCleaner utility yet.)

Start Ccleaner. click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right).

Then reboot your computer.

---------------------------------------

Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

[demonicangel]

10/25/05 17:06:32 [Info]: BlackLight Engine 1.0.23 initialized
10/25/05 17:06:32 [Info]: OS: 5.1 build 2600 (Service Pack 1)
10/25/05 17:06:34 [Note]: 4019 4
10/25/05 17:06:34 [Note]: 4005 0
10/25/05 17:06:42 [Note]: 4006 0
10/25/05 17:06:42 [Note]: 4011 1808
10/25/05 17:06:50 [Note]: FSRAW library version 1.7.1011
10/25/05 17:11:42 [Note]: 4007 0

[demonicangel]

sorry for double posting but umm..now what am i suppose to do?

[didom]

I thought there was something hiding on your computer, but ther isn't.

That means that you are clean!

[demonicangel]

so what could be causing my computer to be so slow? if it helps theres always something that pops up when im scanning saying i have a virus in the volume restore thing.

[didom]

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP:
http://support.micro...?...[LN];310405

Reboot again and tell me how your computer is running now.

[demonicangel]

its still slow...it got fast like about 3% more

[didom]

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

[demonicangel]

oo and i accidentally disabled a cookie and now i cant login to photobucket. how can i enable it?



Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\steph.STEPHANIE\Desktop\aproposfix

************

Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!


Logfile of HijackThis v1.99.1
Scan saved at 3:23:22 PM, on 10/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

[didom]

oo and i accidentally disabled a cookie and now i cant login to photobucket. how can i enable it?

What do you mean by "disabled"? If you deleted the cookie you have to login at photobucket again!

---------------------------

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido security suite it is a free version of the program.

• Install ewido security suite
• When installing, under "Additional Options" uncheck..
  • Install background guard
  • Install scan via context menu
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  
• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed.
  (the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Run Ewido:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido security suite.

Reboot into normal mode.

Then, please run this online virus scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log and the Ewido log in your next reply.

[demonicangel]

panda said i was clean

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:27:22 PM, 10/31/2005
+ Report-Checksum: 57FADA3A

+ Scan result:

C:\Documents and Settings\liz\Cookies\liz@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\liz\Cookies\liz@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\MYF8S0BY\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\WINDOWS\system32\MRT.exe -> Heuristic.Win32.AVKiller : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 8:27:32 PM, on 10/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe