# iexplore.exe virus



## parm289 (Jun 24, 2007)

Hello,

I've looked around for info on this and found one guide on how to solve it. I followed the guide and my computer is O.K., but I want to completely remove the virus (yes, I'm sure it's a virus because of the location: C:\Windows\iexplore.exe).

Here's an explanation: My computer had been really slow, and i had been noticing an extra iexplore.exe in the task manager. I looked around, found that my userinit.exe was infected (well, the registry key was changed to userinit32.exe instead of userinit.exe). The userinit32.exe was launching the infected iexplore.exe, which was giving me loads of popups. I fixed the registry and deleted the userinit32.exe file, and I no longer recieve popups.

Now, I'm sure I still have the virus on my computer - the key HKLM\Software\Microsot\Windows\CurentVersion\Run\Explorer="C:\Windows\iexplore.exe" is still present, and when I delete the key, it comes back when I restart my computer.

Here's my Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:34:06 PM, on 6/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [WUSB54Gv2] "C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ResChanger 2005] "C:\Program Files\ResChanger 2005\ResChanger2005.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?931b01bc58774339a847fdfc3e3bf66c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?931b01bc58774339a847fdfc3e3bf66c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179516396546
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimatebaseballonline.com/myubo/launchubo.OCX
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB54Gv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv2.exe (file missing)

Thanks in advance for your help.


----------



## parm289 (Jun 24, 2007)

Any suggestions? I know that this:

O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe

is the registry value that I was referring to. Should I select it in HJT?


----------



## MFDnNC (Sep 7, 2004)

NOTE: If you have downloaded ComboFix previously please delete that version and download it again!

Download this file :

http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
or
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJack log in your next reply

Note: 
Do not mouseclick combofix's window while its running. That may cause it to stall
==============

Download Superantispyware (SAS) free home version

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
·	It will ask if you want to update the program definitions, click Yes.
·	Under Configuration and Preferences, click the Preferences button.
·	Click the Scanning Control tab.
·	Under Scanner Options make sure the following are checked:
o	Close browsers before scanning
o	Scan for tracking cookies
o	Terminate memory threats before quarantining.
o	Please leave the others unchecked.
o	Click the Close button to leave the control center screen.
·	On the main screen, under Scan for Harmful Software click Scan your computer.
·	On the left check C:\Fixed Drive.
·	On the right, under Complete Scan, choose Perform Complete Scan.
·	Click Next to start the scan. Please be patient while it scans your computer.
·	After the scan is complete a summary box will appear. Click OK.
·	Make sure everything in the white box has a check next to it, then click Next.
·	It will quarantine what it found and if it asks if you want to reboot, click Yes.
·	To retrieve the removal information for me please do the following:
o	After reboot, double-click the SUPERAntispyware icon on your desktop.
o	Click Preferences. Click the Statistics/Logs tab.
o	Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o	It will open in your default text editor (such as Notepad/Wordpad).
o	Please highlight everything in the notepad, then right-click and choose copy.
·	Click close and close again to exit the program.
·	Please paste that information here for me *with a new HijackThis log*.


----------



## parm289 (Jun 24, 2007)

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 7:11:35 PM, on 6/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [WUSB54Gv2] "C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [ViewMgr] "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ResChanger 2005] "C:\Program Files\ResChanger 2005\ResChanger2005.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?931b01bc58774339a847fdfc3e3bf66c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?931b01bc58774339a847fdfc3e3bf66c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179516396546
O16 - DPF: {77538FC7-CE52-4704-9865-494FE92BC320} (LaunchUBO.Ulit) - http://www.ultimatebaseballonline.com/myubo/launchubo.OCX
O16 - DPF: {82FFA573-38AA-482A-99AD-91F697B91631} (Installer.InstallControl) - http://www.file2you.net/applet.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WUSB54Gv2SVC - Unknown owner - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe" "WUSB54Gv2.exe (file missing)

--------------------------------------------------------------------------------------------------------------------
ComboFix log:

ComboFix 07-06-18.2 - C:\Documents and Settings\Matthew\Desktop\ComboFix.exe
"Matthew" - 2007-06-24 17:04:15 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\Common Files\{38582~1
C:\WINDOWS\system32\msxml3a.dll

((((((((((((((((((((((((( Files Created from 2007-05-24 to 2007-06-24 )))))))))))))))))))))))))))))))

2007-06-24 17:03	49,152	--a------	C:\WINDOWS\nircmd.exe
2007-06-22 18:39 d--------	C:\Program Files\UT2004
2007-06-22 18:31	164,352	--a------	C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-12 17:57 d--------	C:\Program Files\Joost
2007-06-12 17:57 d--------	C:\DOCUME~1\Matthew\APPLIC~1\Joost
2007-06-11 18:36 d--------	C:\DOCUME~1\Matthew\APPLIC~1\SecondLife

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-24 18:39:29	--------	d-----w	C:\DOCUME~1\Matthew\APPLIC~1\Launchy
2007-06-24 18:34:57	--------	d-----w	C:\Program Files\LogMeIn
2007-06-23 20:10:51	--------	d-----w	C:\Program Files\FlashGet
2007-06-22 01:19:17	--------	d--h--w	C:\Program Files\InstallShield Installation Information
2007-06-21 13:31:24	630,432	----a-w	C:\WINDOWS\system32\drivers\VetEFile.sys
2007-06-21 13:31:24	108,624	----a-w	C:\WINDOWS\system32\drivers\VetEBoot.sys
2007-06-14 19:29:04	--------	d-----w	C:\DOCUME~1\Matthew\APPLIC~1\gtk-2.0
2007-06-14 19:05:02	--------	d-----w	C:\Program Files\AIM6
2007-06-14 19:04:35	--------	d-----w	C:\Program Files\Viewpoint
2007-06-13 22:40:32	--------	d-----w	C:\DOCUME~1\Matthew\APPLIC~1\LimeWire
2007-06-13 22:39:58	--------	d-----w	C:\Program Files\World of Warcraft
2007-05-19 20:04:50	218,624	----a-w	C:\WINDOWS\system32\uxtheme.dll
2007-05-18 11:03:45	--------	d-----w	C:\Program Files\Movie Maker
2007-05-18 11:03:18	23,444	----a-w	C:\WINDOWS\system32\emptyregdb.dat
2007-05-18 11:02:24	--------	d-----w	C:\Program Files\Windows NT
2007-05-16 22:43:09	--------	d-----w	C:\Program Files\LimeWire
2007-05-16 15:12:02	683,520	----a-w	C:\WINDOWS\system32\inetcomm.dll
2007-05-12 22:42:38	--------	d-----w	C:\Program Files\Apple Software Update
2007-05-11 00:21:50	805	----a-w	C:\WINDOWS\mozver.dat
2007-05-11 00:21:48	--------	d-----w	C:\Program Files\DivX
2007-04-30 20:24:20	--------	d-----w	C:\Program Files\Common Files\Blizzard Entertainment
2007-04-29 17:38:06	--------	d-----w	C:\Program Files\Common Files\Bcgsoft
2007-04-29 17:27:17	--------	d-----w	C:\Program Files\The Game Creators
2007-04-25 19:57:47	164	----a-w	C:\install.dat
2007-04-25 14:21:15	144,896	----a-w	C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23	2,854,400	----a-w	C:\WINDOWS\system32\msi.dll
2007-04-17 02:47:36	33,624	----a-w	C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54	1,710,936	----a-w	C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48	549,720	----a-w	C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42	325,976	----a-w	C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36	203,096	----a-w	C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28	92,504	----a-w	C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20	53,080	----a-w	C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20	43,352	----a-w	C:\WINDOWS\system32\wups2.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 04:56]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}=C:\PROGRA~1\FlashGet\jccatch.dll [2006-05-16 15:19]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 02:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2007-03-17 20:13]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\Windows Live Toolbar\msntb.dll [2006-10-11 00:26]
{F156768E-81EF-470C-9057-481BA8380DBA}=C:\PROGRA~1\FlashGet\getflash.dll [2006-07-07 16:30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 18:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 21:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-09-07 18:35]
"nwiz"="nwiz.exe" [2006-10-22 13:22 C:\WINDOWS\system32\nwiz.exe]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-23 20:06]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 06:01]
"CaAvTray"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" [2006-10-08 09:11]
"CAVRID"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" [2006-10-08 09:11]
"WUSB54Gv2"="C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 12:19]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 14:24]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 22:51]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-24 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-25 17:54]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe" [2006-10-31 15:34]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 04:10]
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2007-01-04 17:38]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" []
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ResChanger 2005"="C:\Program Files\ResChanger 2005\ResChanger2005.exe" [2005-05-26 19:30]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-25 20:28]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 21:25]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 08:00]
"Aim6"="" []
"AWMON"="C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe" [2005-05-25 13:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

*Newly Created Service* - GTNDIS5

Contents of the 'Scheduled Tasks' folder
2006-10-13 12:49:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-24 20:53:01 C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-24 17:07:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-24 17:08:43
C:\ComboFix-quarantined-files.txt ... 2007-06-24 17:08

--- E O F ---

SAS Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/24/2007 at 06:38 PM

Application Version : 3.8.1002

Core Rules Database Version : 3260
Trace Rules Database Version: 1271

Scan type : Complete Scan
Total Scan Time : 01:23:01

Memory items scanned : 487
Memory threats detected : 0
Registry items scanned : 5977
Registry threats detected : 0
File items scanned : 82065
File threats detected : 54

Adware.Tracking Cookie
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][3].txt
C:\Documents and Settings\Matthew\Cookies\matth[email protected][3].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][3].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][2].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt
C:\Documents and Settings\Matthew\Cookies\[email protected][1].txt


----------



## MFDnNC (Sep 7, 2004)

Add remove programs - remove all occurrences of Viewpoint

=================

Please click here http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html to download the latest version of JAVA Install the application, then go to the Add/Remove Programs options in the Control Panel and *Remove ALL previous versions of JAVA*.

===============

How are things


----------



## parm289 (Jun 24, 2007)

Thanks for the help, followed the directions and the registry entry has not come back. My computer is not slowed down, and I deleted the iexplore.exe file and it has not reappeared. The problem seems to be fixed - what happened to be the original problem in the first place (a Java hole, or a virus in the Viewpoint toolbal/media player?)?


----------



## MFDnNC (Sep 7, 2004)

Not sure - I think its an AV hole

Clean








If you feel its is fixed mark it solved via Thread Tools above

Turn off restore points, boot, turn them back on  heres how

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam


----------



## parm289 (Jun 24, 2007)

Nope, not clean - the registry entry came back (Explorer="C:\Windows\iexplore.exe"). Do i still have the virus?


----------



## MFDnNC (Sep 7, 2004)

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1.	Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2.	Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3.	On the main screen select the icon "Update" then select the "Update now" link.
o	Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4.	Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5.	Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6.	Under "Reports"
o	Select "Automatically generate report after every scan"
o	Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1.	Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2.	Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3.	Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4.	AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5.	If you have any infections you will be prompted. Then select "Apply all actions."
6.	Next select the "Reports" icon at the top.
7.	Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8.	Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log


----------



## parm289 (Jun 24, 2007)

Hmmm...not to be rude or anything, as I really appreciate your help, but you think the only way to solve this problem is to continually scan with different anitvirus/spyware programs? Before I asked here, I've scanned with Spy-Sweeper, Ad-Aware, CA E-Z Antivirus, and Spybot Search and Destroy, as well as online scans such as Trend Micro. I even manually researched for my problem (and found the solution I eventually tried, which is in my first post). I was just short of taking it in to be serviced, when I found these forums and asked for help. Is the only way to solve this problem to scan it with every virus scanner available?

I will download AVG and scan it, but I'm leaving for camp soon and won't be around to continually scan (but, then again, I won't be using m computer either). Is there any specific solution to my problem, so I can eliminate the virus and be done with it?


----------



## MFDnNC (Sep 7, 2004)

Well then since you are advanced fix it yourself, most folks appreciate the help and do what we ask

Good luck


----------



## parm289 (Jun 24, 2007)

Thanks for the help then.


----------

