# Solved: Fake Anitvirus AV2009 Getting Pop- UPs



## NWDaydreamer (Oct 29, 2003)

My AVG scanned and quarrantined AV2009Install_77052207.exe and others. I am getting pop ups ads and warning I have a virus from AV2009, me to install this and pop-ups with unwanted ads. Please help. Thanks.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:45 PM, on 7/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetStat Live] C:\Program Files\AnalogX\NetStat Live\nsl.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [lphcpgsj0etbc] C:\WINDOWS\system32\lphcpgsj0etbc.exe
O4 - HKLM\..\Run: [BM5b8d043e] Rundll32.exe "C:\WINDOWS\system32\tkyyqipx.dll",s
O4 - HKLM\..\Run: [58be37a2] rundll32.exe "C:\WINDOWS\system32\dkhdllyj.dll",b
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA9786] command /c del "C:\WINDOWS\system32\rqRIyVlk.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4834] cmd /c del "C:\WINDOWS\system32\rqRIyVlk.dll_old"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [RegistryCleanFixMFC] C:\Program Files\RegistryCleaner\registrycleaner2008.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.onerateld.com
O15 - Trusted Zone: www.villagephotos.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207382774359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9605 bytes


----------



## Cookiegal (Aug 27, 2003)

Please visit *Combofix Guide & Instructions * for instructions for installing the recovery console and downloading and running ComboFix:

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished.

*Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.*


----------



## NWDaydreamer (Oct 29, 2003)

I had to send combofix from my DH's computer to mine in an e-mail since it would not let me load the page from my computer. I have not run it yet. Should I do that now and should I close all Windows first, then post the logs? All those instructions confused me, but I did copy them.


----------



## Cookiegal (Aug 27, 2003)

Do you mean you couldn't get the BleepingComputer.com page to open?

You need to install ComboFix on the desktop. Then yes, close all windows, disconnect from the Internet and disable all security programs when running the scan.


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> Do you mean you couldn't get the BleepingComputer.com page to open?
> 
> You need to install ComboFix on the desktop. Then yes, close all windows, disconnect from the Internet and disable all security programs when running the scan.


Yes, I meant I can't get the page to open. I will do as instructed and report back.

Thank you!


----------



## Cookiegal (Aug 27, 2003)

OK. I'm signing off for the night so I'll check back in the morning.


----------



## NWDaydreamer (Oct 29, 2003)

Good night, sorry it took forever.


I just got another pop up as I was trying to post. Here are my logs:

*HijackThis log:*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:00:03 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: {9f6ce590-8be4-2cdb-1e44-9c50dbce38ef} - {fe83ecbd-05c9-44e1-bdc2-4eb8095ec6f9} - C:\WINDOWS\system32\tmdyqx.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [58be37a2] rundll32.exe "C:\WINDOWS\system32\ydrbnljc.dll",b
O4 - HKLM\..\Run: [BM5b8d043e] Rundll32.exe "C:\WINDOWS\system32\ytbqjlnq.dll",s
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.villagephotos.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207382774359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9010 bytes

*combofix log:*

ComboFix 08-07-28.4 - HP_Owner 2008-07-28 19:58:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.559 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\HP_Owner\Application Data\macromedia\Flash Player\#SharedObjects\5LJHQURD\interclick.com
C:\Documents and Settings\HP_Owner\Application Data\macromedia\Flash Player\#SharedObjects\5LJHQURD\interclick.com\ud.sol
C:\Documents and Settings\HP_Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\HP_Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\cookies.ini
C:\WINDOWS\mainms.vpi
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cdefNqru.ini
C:\WINDOWS\system32\cdefNqru.ini2
C:\WINDOWS\system32\cjlnbrdy.ini
C:\WINDOWS\system32\ddJmlRqr.ini
C:\WINDOWS\system32\ddJmlRqr.ini2
C:\WINDOWS\system32\hfvlfvye.ini
C:\WINDOWS\system32\jfkjofwx.ini
C:\WINDOWS\system32\junvcduw.dll
C:\WINDOWS\system32\jylldhkd.ini
C:\WINDOWS\system32\lnsiidej.ini
C:\WINDOWS\system32\mdgcrvlc.dll
C:\WINDOWS\system32\mqedbbvo.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\uethfq.dll
C:\WINDOWS\system32\urqNfedc.dll
C:\WINDOWS\system32\yjviafpc.ini
C:\WINDOWS\system32\zkmroi.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AUTO_HOTKEY_POLLER
-------\Service_Auto HotKey Poller

((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.

2008-07-28 17:49 . 2008-07-28 17:49	105,472	--a------	C:\WINDOWS\system32\tmdyqx.dll
2008-07-28 17:49 . 2008-07-28 17:49	105,472	--a------	C:\WINDOWS\system32\cqfaxnst.dll
2008-07-28 17:49 . 2008-07-28 17:49	83,456	--a------	C:\WINDOWS\system32\ydrbnljc.dll
2008-07-28 17:48 . 2008-07-28 17:48	91,648	--a------	C:\WINDOWS\system32\ytbqjlnq.dll
2008-07-27 13:29 . 2008-07-27 13:29	105,472	--a------	C:\WINDOWS\system32\uplkdmmi.dll
2008-07-27 13:29 . 2008-07-27 13:29	105,472	--a------	C:\WINDOWS\system32\ueqpnk.dll
2008-07-27 13:23 . 2008-07-27 13:23	91,648	--a------	C:\WINDOWS\system32\fcvpiebf.dll
2008-07-26 01:57 . 2008-07-26 01:57	105,472	--a------	C:\WINDOWS\system32\rfrtdglx.dll
2008-07-26 01:57 . 2008-07-26 01:57	105,472	--a------	C:\WINDOWS\system32\leiuro.dll
2008-07-26 01:54 . 2008-07-26 01:54	91,648	--a------	C:\WINDOWS\system32\tgnjrgbm.dll
2008-07-26 01:00 . 2008-07-26 01:00	105,472	--a------	C:\WINDOWS\system32\mxyxhk.dll
2008-07-26 01:00 . 2008-07-26 01:00	105,472	--a------	C:\WINDOWS\system32\jnynjvxv.dll
2008-07-26 00:57 . 2008-07-26 00:57	83,456	--a------	C:\WINDOWS\system32\xwfojkfj.dll
2008-07-25 00:59 . 2008-07-25 00:58	105,472	--a------	C:\WINDOWS\system32\ckfozp.dll
2008-07-25 00:58 . 2008-07-25 00:58	105,472	--a------	C:\WINDOWS\system32\occxyugu.dll
2008-07-25 00:53 . 2008-07-25 00:53	91,648	--a------	C:\WINDOWS\system32\fcquspdj.dll
2008-07-23 22:01 . 2008-07-28 19:11	111,521	--a------	C:\WINDOWS\BM5b8d043e.xml
2008-07-21 23:30 . 2008-07-21 23:30	1,409	--a------	C:\WINDOWS\system32\tmpEAE31.FOT
2008-07-21 23:30 . 2008-07-21 23:30	1,409	--a------	C:\WINDOWS\system32\tmp74D31.FOT
2008-07-21 23:30 . 2008-07-21 23:30	1,409	--a------	C:\WINDOWS\system32\tmp58D31.FOT
2008-07-21 23:30 . 2008-07-21 23:30	1,409	--a------	C:\WINDOWS\system32\tmp4BD31.FOT
2008-07-21 23:30 . 2008-07-21 23:30	1,409	--a------	C:\WINDOWS\system32\tmp20E31.FOT
2008-07-21 23:30 . 2008-07-21 23:30	1,409	--a------	C:\WINDOWS\system32\tmp07E31.FOT
2008-07-20 18:26 . 2008-07-20 18:26	60,928	--a------	C:\WINDOWS\system32\blphcpgsj0etbc.scr
2008-07-14 11:29 . 2008-07-14 11:29 d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-07-14 11:20 . 2008-07-22 21:42 d--------	C:\Program Files\Enigma Software Group
2008-07-12 12:58 . 2008-07-12 12:58	1,409	--a------	C:\WINDOWS\system32\tmpEB972.FOT
2008-07-12 12:58 . 2008-07-12 12:58	1,409	--a------	C:\WINDOWS\system32\tmpDF972.FOT
2008-07-12 12:58 . 2008-07-12 12:58	1,409	--a------	C:\WINDOWS\system32\tmpB3A72.FOT
2008-07-12 12:58 . 2008-07-12 12:58	1,409	--a------	C:\WINDOWS\system32\tmpA7A72.FOT
2008-07-12 12:58 . 2008-07-12 12:58	1,409	--a------	C:\WINDOWS\system32\tmp9AA72.FOT
2008-07-12 12:58 . 2008-07-12 12:58	1,409	--a------	C:\WINDOWS\system32\tmp7EA72.FOT
2008-07-06 22:18 . 2008-07-06 22:18	1,409	--a------	C:\WINDOWS\system32\tmpF4803.FOT
2008-07-06 22:18 . 2008-07-06 22:18	1,409	--a------	C:\WINDOWS\system32\tmpE8803.FOT
2008-07-06 22:18 . 2008-07-06 22:18	1,409	--a------	C:\WINDOWS\system32\tmp48703.FOT
2008-07-06 22:18 . 2008-07-06 22:18	1,409	--a------	C:\WINDOWS\system32\tmp3C703.FOT
2008-07-06 22:18 . 2008-07-06 22:18	1,409	--a------	C:\WINDOWS\system32\tmp1F703.FOT
2008-07-06 22:18 . 2008-07-06 22:18	1,409	--a------	C:\WINDOWS\system32\tmp02803.FOT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 03:05	94,302,240	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-29 02:11	---------	d-----w	C:\Documents and Settings\HP_Owner\Application Data\MailWasherPro
2008-07-29 01:50	1,105,316	--sha-w	C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-26 07:28	---------	d-----w	C:\Program Files\Trillian
2008-07-24 05:17	---------	d-----w	C:\Program Files\SpywareBlaster
2008-07-20 02:53	3,645	----a-w	C:\WINDOWS\viassary-hp.reg
2008-07-06 20:26	96,520	----a-w	C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-06 20:26	76,040	----a-w	C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-06 17:45	691,545	----a-w	C:\WINDOWS\unins000.exe
2008-05-04 11:14	13,766,723	----a-w	C:\WINDOWS\Internet Logs\tvDebug.zip
2007-08-10 00:07	97,448	----a-w	C:\Documents and Settings\HP_Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-07-05 14:19	7,680	----a-w	C:\Documents and Settings\HP_Owner\mspich.exe
2006-02-07 05:17	686	----a-w	C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2006-06-01 21:27	0	--sha-w	C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe83ecbd-05c9-44e1-bdc2-4eb8095ec6f9}]
2008-07-28 17:49	105472	--a------	C:\WINDOWS\system32\tmdyqx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-11-11 18:50 212992]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 17:00 1937408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55 155648]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42 659456]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54 253952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-25 08:46 185784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-07 03:38 282624]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-06-06 16:52 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 15:20 2061816]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-11-22 19:12 1060864]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-06 13:26 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"58be37a2"="C:\WINDOWS\system32\ydrbnljc.dll" [2008-07-28 17:49 83456]
"BM5b8d043e"="C:\WINDOWS\system32\ytbqjlnq.dll" [2008-07-28 17:48 91648]
"SiSPower"="SiSPower.dll" [2005-04-12 11:31 49152 C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 14:08 57344 C:\WINDOWS\system32\ico.exe]
"VTTimer"="VTTimer.exe" [2005-03-07 12:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 05:31:38 241664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-06-27 22:41:32 169472]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-05 00:17:04 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-06 13:26]
R1 pelmouse;Mouse Suite Drive;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 13:55]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-06 13:26]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 13:26]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-06 13:26]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 11:11]
S3 pelps2m;i8042 Keyboard & PS/2 Mouse Port Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2004-08-02 11:33]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0739498-b087-11d9-876c-0011d8230b0e}]
\Shell\AutoRun\command - G:\JDSecure\Windows\JDSecure20.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{062AD784-8272-4AF5-924D-371D940B3B8A} - C:\WINDOWS\system32\rqRlmJdd.dll
BHO-{B237C305-472A-45EA-90CB-0C02689EBFA4} - C:\WINDOWS\system32\rqRIyVlk.dll
HKCU-Run-LDM - \Program\BackWeb-8876480.exe
HKCU-Run-RegistryCleanFixMFC - C:\Program Files\RegistryCleaner\registrycleaner2008.exe
HKLM-Run-NetStat Live - C:\Program Files\AnalogX\NetStat Live\nsl.exe
HKLM-Run-AutoTBar - c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
HKLM-Run-lphcpgsj0etbc - C:\WINDOWS\system32\lphcpgsj0etbc.exe
ShellExecuteHooks-{B237C305-472A-45EA-90CB-0C02689EBFA4} - C:\WINDOWS\system32\rqRIyVlk.dll
Notify-rqRIyVlk - rqRIyVlk.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.myspace.com/
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1;localhost
R1 -: HKCU-SearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O8 -: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 -: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
C:\WINDOWS\Downloaded Program Files\ewidoOnlineScan.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-28 20:26:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\ydrbnljc.dll
-> C:\WINDOWS\system32\ytbqjlnq.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\update\update.exe
.
**************************************************************************
.
Completion time: 2008-07-28 20:48:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-29 03:47:16

Pre-Run: 80,939,892,736 bytes free
Post-Run: 80,920,027,136 bytes free

225	--- E O F ---	2008-07-20 07:00:25


----------



## Cookiegal (Aug 27, 2003)

Before we continue please do this:

Go to *Start* - *Search* - *All Files and Folders* and under *More advanced search options*. 
Make sure there is a check by *Search System Folders* and *Search hidden files and folders* and *Search system subfolders*.

Next click on *My Computer*. Go to *Tools* - *Folder Options*. Click on the View tab and make sure that *Show hidden files and folders* is checked. Also uncheck *Hide protected operating system files* and *Hide extensions for known file types*. Now click *Apply to all folders*. Click *Apply* then *OK*.

Now, go to the following link and upload the following file(s) for analysis and let me know what the results are please:

http://virusscan.jotti.org/
*
C:\Documents and Settings\HP_Owner\mspich.exe*


----------



## NWDaydreamer (Oct 29, 2003)

I don't understand these instructions. What file did you mean, that I need to submit? I did this according to directions but can't figure out what I'm doing. Am I to look for the file,

*C:\Documents and Settings\HP_Owner\mspich.exe *

Scan taken on 29 Jul 2008 18:28:52 (GMT) 
A-Squared Found nothing 
AntiVir Found nothing 
ArcaVir Found nothing 
Avast Found nothing 
AVG Antivirus Found nothing 
BitDefender Found nothing 
ClamAV Found nothing 
CPsecure Found nothing 
Dr.Web Found nothing 
F-Prot Antivirus Found nothing 
F-Secure Anti-Virus Found nothing 
Fortinet Found nothing 
Ikarus Found nothing 
Kaspersky Anti-Virus Found nothing 
NOD32 Found nothing 
Norman Virus Control Found nothing 
Panda Antivirus Found nothing 
Sophos Antivirus Found nothing 
VirusBuster Found nothing 
VBA32 Found nothing


----------



## Cookiegal (Aug 27, 2003)

You have to browse to locate the file on your computer and then click on submit and they will analyze it.


----------



## NWDaydreamer (Oct 29, 2003)

I don't know what I'm doing wrong but it says:

File: mspich.exe 
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database) 
MD5: 99cd458334f52f18e67578ee5d2b764e 
Packers detected: UPX 
can taken on 29 Jul 2008 20:56:49 (GMT) 
A-Squared Found nothing 
AntiVir Found nothing 
ArcaVir Found nothing 
Avast Found nothing 
AVG Antivirus Found nothing 
BitDefender Found nothing 
ClamAV Found nothing 
CPsecure Found nothing 
Dr.Web Found nothing 
F-Prot Antivirus Found nothing 
F-Secure Anti-Virus Found nothing 
Fortinet Found nothing 
Ikarus Found nothing 
Kaspersky Anti-Virus Found nothing 
NOD32 Found nothing 
Norman Virus Control Found nothing 
Panda Antivirus Found nothing 
Sophos Antivirus Found nothing 
VirusBuster Found nothing 
VBA32 Found nothing


----------



## NWDaydreamer (Oct 29, 2003)

Since my last two posts, I've received two warnings from AVG and moved them to the virus vault along with the others. 

Adware Generic11.RZ
Trojan horse Generic10. BHLZ


----------



## Cookiegal (Aug 27, 2003)

That's OK. You did it right.

As for those files, I need to know what the files names are and the paths to the files please.

Open Notepad and copy and paste the text in the code box below into it:


```
File::
C:\WINDOWS\system32\tmdyqx.dll
C:\WINDOWS\system32\cqfaxnst.dll
C:\WINDOWS\system32\ydrbnljc.dll
C:\WINDOWS\system32\ytbqjlnq.dll
C:\WINDOWS\system32\uplkdmmi.dll
C:\WINDOWS\system32\ueqpnk.dll
C:\WINDOWS\system32\fcvpiebf.dll
C:\WINDOWS\system32\rfrtdglx.dll
C:\WINDOWS\system32\leiuro.dll
C:\WINDOWS\system32\tgnjrgbm.dll
C:\WINDOWS\system32\mxyxhk.dll
C:\WINDOWS\system32\jnynjvxv.dll
C:\WINDOWS\system32\xwfojkfj.dll
C:\WINDOWS\system32\ckfozp.dll
C:\WINDOWS\system32\occxyugu.dll
C:\WINDOWS\system32\fcquspdj.dll
C:\WINDOWS\BM5b8d043e.xml
C:\WINDOWS\system32\tmpEAE31.FOT
C:\WINDOWS\system32\tmp74D31.FOT
C:\WINDOWS\system32\tmp58D31.FOT
C:\WINDOWS\system32\tmp4BD31.FOT
C:\WINDOWS\system32\tmp20E31.FOT
C:\WINDOWS\system32\tmp07E31.FOT
C:\WINDOWS\system32\blphcpgsj0etbc.scr
C:\WINDOWS\system32\tmpEB972.FOT
C:\WINDOWS\system32\tmpDF972.FOT
C:\WINDOWS\system32\tmpB3A72.FOT
C:\WINDOWS\system32\tmpA7A72.FOT
C:\WINDOWS\system32\tmp9AA72.FOT
C:\WINDOWS\system32\tmp7EA72.FOT
C:\WINDOWS\system32\tmpF4803.FOT
C:\WINDOWS\system32\tmpE8803.FOT
C:\WINDOWS\system32\tmp48703.FOT
C:\WINDOWS\system32\tmp3C703.FOT
C:\WINDOWS\system32\tmp1F703.FOT
C:\WINDOWS\system32\tmp02803.FOT
C:\WINDOWS\system32\tmdyqx.dll
C:\WINDOWS\system32\ydrbnljc.dll
C:\WINDOWS\system32\ytbqjlnq.dll 

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fe83ecbd-05c9-44e1-bdc2-4eb8095ec6f9}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"58be37a2"=-
"BM5b8d043e"=-
```
Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.










This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply together with a new HijackThis log.


----------



## NWDaydreamer (Oct 29, 2003)

ComboFix 08-07-28.4 - HP_Owner 2008-07-29 15:12:47.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.430 [GMT -7:00]
Running from: C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Owner\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\BM5b8d043e.xml
C:\WINDOWS\system32\blphcpgsj0etbc.scr
C:\WINDOWS\system32\ckfozp.dll
C:\WINDOWS\system32\cqfaxnst.dll
C:\WINDOWS\system32\fcquspdj.dll
C:\WINDOWS\system32\fcvpiebf.dll
C:\WINDOWS\system32\jnynjvxv.dll
C:\WINDOWS\system32\leiuro.dll
C:\WINDOWS\system32\mxyxhk.dll
C:\WINDOWS\system32\occxyugu.dll
C:\WINDOWS\system32\rfrtdglx.dll
C:\WINDOWS\system32\tgnjrgbm.dll
C:\WINDOWS\system32\tmdyqx.dll
C:\WINDOWS\system32\tmp02803.FOT
C:\WINDOWS\system32\tmp07E31.FOT
C:\WINDOWS\system32\tmp1F703.FOT
C:\WINDOWS\system32\tmp20E31.FOT
C:\WINDOWS\system32\tmp3C703.FOT
C:\WINDOWS\system32\tmp48703.FOT
C:\WINDOWS\system32\tmp4BD31.FOT
C:\WINDOWS\system32\tmp58D31.FOT
C:\WINDOWS\system32\tmp74D31.FOT
C:\WINDOWS\system32\tmp7EA72.FOT
C:\WINDOWS\system32\tmp9AA72.FOT
C:\WINDOWS\system32\tmpA7A72.FOT
C:\WINDOWS\system32\tmpB3A72.FOT
C:\WINDOWS\system32\tmpDF972.FOT
C:\WINDOWS\system32\tmpE8803.FOT
C:\WINDOWS\system32\tmpEAE31.FOT
C:\WINDOWS\system32\tmpEB972.FOT
C:\WINDOWS\system32\tmpF4803.FOT
C:\WINDOWS\system32\ueqpnk.dll
C:\WINDOWS\system32\uplkdmmi.dll
C:\WINDOWS\system32\xwfojkfj.dll
C:\WINDOWS\system32\ydrbnljc.dll
C:\WINDOWS\system32\ytbqjlnq.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM5b8d043e.txt
C:\WINDOWS\BM5b8d043e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\blphcpgsj0etbc.scr
C:\WINDOWS\system32\ckfozp.dll
C:\WINDOWS\system32\cqfaxnst.dll
C:\WINDOWS\system32\fcquspdj.dll
C:\WINDOWS\system32\fcvpiebf.dll
C:\WINDOWS\system32\jnynjvxv.dll
C:\WINDOWS\system32\leiuro.dll
C:\WINDOWS\system32\mxyxhk.dll
C:\WINDOWS\system32\occxyugu.dll
C:\WINDOWS\system32\rfrtdglx.dll
C:\WINDOWS\system32\tgnjrgbm.dll
C:\WINDOWS\system32\tmdyqx.dll
C:\WINDOWS\system32\tmp02803.FOT
C:\WINDOWS\system32\tmp07E31.FOT
C:\WINDOWS\system32\tmp1F703.FOT
C:\WINDOWS\system32\tmp20E31.FOT
C:\WINDOWS\system32\tmp3C703.FOT
C:\WINDOWS\system32\tmp48703.FOT
C:\WINDOWS\system32\tmp4BD31.FOT
C:\WINDOWS\system32\tmp58D31.FOT
C:\WINDOWS\system32\tmp74D31.FOT
C:\WINDOWS\system32\tmp7EA72.FOT
C:\WINDOWS\system32\tmp9AA72.FOT
C:\WINDOWS\system32\tmpA7A72.FOT
C:\WINDOWS\system32\tmpB3A72.FOT
C:\WINDOWS\system32\tmpDF972.FOT
C:\WINDOWS\system32\tmpE8803.FOT
C:\WINDOWS\system32\tmpEAE31.FOT
C:\WINDOWS\system32\tmpEB972.FOT
C:\WINDOWS\system32\tmpF4803.FOT
C:\WINDOWS\system32\ueqpnk.dll
C:\WINDOWS\system32\uplkdmmi.dll
C:\WINDOWS\system32\xwfojkfj.dll
C:\WINDOWS\system32\ydrbnljc.dll
C:\WINDOWS\system32\ytbqjlnq.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.

2008-07-29 00:17 . 2008-07-29 00:17	54,156	--ah-----	C:\WINDOWS\QTFont.qfn
2008-07-29 00:17 . 2008-07-29 00:17	1,409	--a------	C:\WINDOWS\QTFont.for
2008-07-28 20:48 . 2008-07-29 10:30	654	---hs----	C:\WINDOWS\system32\cjlnbrdy.ini
2008-07-14 11:29 . 2008-07-14 11:29 d--------	C:\Program Files\Common Files\Wise Installation Wizard
2008-07-14 11:20 . 2008-07-22 21:42 d--------	C:\Program Files\Enigma Software Group

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 22:23	95,701,024	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-29 22:17	1,122,188	--sha-w	C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-29 22:08	---------	d-----w	C:\Program Files\Trillian
2008-07-29 21:40	---------	d-----w	C:\Documents and Settings\HP_Owner\Application Data\MailWasherPro
2008-07-29 04:37	15,535,562	----a-w	C:\WINDOWS\Internet Logs\tvDebug.zip
2008-07-24 05:17	---------	d-----w	C:\Program Files\SpywareBlaster
2008-07-20 02:53	3,645	----a-w	C:\WINDOWS\viassary-hp.reg
2008-07-06 20:26	96,520	----a-w	C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-06 20:26	76,040	----a-w	C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-13 13:10	272,128	------w	C:\WINDOWS\system32\drivers\bthport.sys
2008-05-06 17:45	691,545	----a-w	C:\WINDOWS\unins000.exe
2007-08-10 00:07	97,448	----a-w	C:\Documents and Settings\HP_Owner\Application Data\GDIPFONTCACHEV1.DAT
2007-07-05 14:19	7,680	----a-w	C:\Documents and Settings\HP_Owner\mspich.exe
2006-02-07 05:17	686	----a-w	C:\Documents and Settings\HP_Owner\Application Data\wklnhst.dat
2006-06-01 21:27	0	--sha-w	C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( [email protected]_20.46.32.14 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-13 11:02:46	60,416	----a-w	C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2008-03-27 09:22:32	60,416	----a-w	C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2008-03-27 10:40:24	60,416	----a-w	C:\WINDOWS\$hf_mig$\KB942763\SP3GDR\tzchange.exe
+ 2008-03-27 10:46:15	60,416	----a-w	C:\WINDOWS\$hf_mig$\KB942763\SP3QFE\tzchange.exe
- 2007-03-06 01:22:36	14,048	----a-w	C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
+ 2007-11-30 11:18:51	17,272	----a-w	C:\WINDOWS\$hf_mig$\KB942763\spmsg.dll
- 2007-03-06 01:22:41	213,216	----a-w	C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
+ 2007-11-30 11:18:51	231,288	----a-w	C:\WINDOWS\$hf_mig$\KB942763\spuninst.exe
- 2007-03-06 01:22:34	22,752	----a-w	C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
+ 2007-11-30 11:18:51	26,488	----a-w	C:\WINDOWS\$hf_mig$\KB942763\update\spcustom.dll
- 2007-03-06 01:22:59	716,000	----a-w	C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
+ 2007-11-30 11:18:51	755,576	----a-w	C:\WINDOWS\$hf_mig$\KB942763\update\update.exe
- 2007-03-06 01:23:51	371,424	----a-w	C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2007-11-30 11:18:51	382,840	----a-w	C:\WINDOWS\$hf_mig$\KB942763\update\updspapi.dll
+ 2008-01-23 04:56:21	554,008	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\dao360.dll
+ 2007-12-10 12:41:11	518,944	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexch40.dll
+ 2007-12-10 12:41:11	326,432	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msexcl40.dll
+ 2007-12-10 12:41:11	1,516,568	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjet40.dll
+ 2007-12-10 12:41:11	355,112	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjetol1.dll
+ 2008-03-27 07:39:13	151,583	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll
+ 2007-12-10 12:41:12	60,192	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjter40.dll
+ 2007-12-10 12:41:12	248,608	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjtes40.dll
+ 2007-12-10 12:41:12	219,936	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msltus40.dll
+ 2007-12-10 12:41:12	355,104	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mspbde40.dll
+ 2007-12-10 12:41:13	432,928	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd2x40.dll
+ 2007-12-10 12:41:13	322,336	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrd3x40.dll
+ 2007-12-10 12:41:13	559,904	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msrepl40.dll
+ 2007-12-10 12:41:13	264,992	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mstext40.dll
+ 2007-12-10 12:41:13	838,432	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswdat10.dll
+ 2007-12-10 12:41:14	621,344	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\mswstr10.dll
+ 2007-12-10 12:41:14	355,104	----a-w	C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msxbde40.dll
+ 2007-03-06 01:22:36	14,048	----a-w	C:\WINDOWS\$hf_mig$\KB950749\spmsg.dll
+ 2007-03-06 01:22:41	213,216	----a-w	C:\WINDOWS\$hf_mig$\KB950749\spuninst.exe
+ 2007-03-06 01:22:34	22,752	----a-w	C:\WINDOWS\$hf_mig$\KB950749\update\spcustom.dll
+ 2007-03-06 01:22:59	716,000	----a-w	C:\WINDOWS\$hf_mig$\KB950749\update\update.exe
+ 2007-03-06 01:23:51	371,424	----a-w	C:\WINDOWS\$hf_mig$\KB950749\update\updspapi.dll
+ 2008-04-21 06:56:54	1,024,000	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\browseui.dll
+ 2008-04-21 06:56:54	151,040	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\cdfview.dll
+ 2008-04-21 06:56:55	1,054,208	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\danim.dll
+ 2008-04-21 06:56:55	357,888	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtmsft.dll
+ 2008-04-21 06:56:55	205,312	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\dxtrans.dll
+ 2008-04-21 06:56:55	55,808	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\extmgr.dll
+ 2008-04-17 10:46:59	18,432	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-21 06:56:56	251,904	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iepeers.dll
+ 2008-04-21 06:56:56	96,256	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\inseng.dll
+ 2008-04-21 06:56:56	16,384	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\jsproxy.dll
+ 2008-04-21 06:56:57	3,066,880	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtml.dll
+ 2008-04-21 06:56:57	449,024	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mshtmled.dll
+ 2008-04-21 06:56:57	146,432	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\msrating.dll
+ 2008-04-21 06:56:58	532,480	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\mstime.dll
+ 2008-04-21 06:56:58	39,424	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\pngfilt.dll
+ 2008-04-21 06:56:58	1,499,136	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shdocvw.dll
+ 2008-04-21 06:56:58	474,112	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\shlwapi.dll
+ 2008-04-21 06:56:58	618,496	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\urlmon.dll
+ 2008-04-21 06:56:59	666,624	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\wininet.dll
+ 2008-04-17 10:37:04	351,744	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\xpsp3res.dll
+ 2008-04-21 06:44:29	3,066,880	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:44:29	666,112	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:24:01	3,067,392	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:02	666,624	----a-w	C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22	17,272	----a-w	C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:22	231,288	----a-w	C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:22	26,488	----a-w	C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:22	755,576	----a-w	C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:22	382,840	----a-w	C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2008-05-07 04:55:40	1,288,192	----a-w	C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40	1,288,192	----a-w	C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15	1,288,192	----a-w	C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51	17,272	----a-w	C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51	231,288	----a-w	C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51	26,488	----a-w	C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22	755,576	----a-w	C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22	382,840	----a-w	C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
+ 2008-06-13 13:10:50	272,128	------w	C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2006-11-02 01:31:34	315,904	----a-w	C:\WINDOWS\inf\unregmp2.exe
+ 2007-06-27 05:10:26	317,440	----a-w	C:\WINDOWS\inf\unregmp2.exe
- 2006-02-28 12:00:00	1,022,976	----a-w	C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 07:03:56	1,023,488	----a-w	C:\WINDOWS\system32\browseui.dll
- 2006-02-28 12:00:00	150,528	----a-w	C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 07:03:56	151,040	----a-w	C:\WINDOWS\system32\cdfview.dll
- 2006-02-28 12:00:00	1,053,696	----a-w	C:\WINDOWS\system32\danim.dll
+ 2008-04-21 07:03:57	1,054,208	----a-w	C:\WINDOWS\system32\danim.dll
- 2006-02-28 12:00:00	1,022,976	-c--a-w	C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 07:03:56	1,023,488	-c--a-w	C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-06-13 13:10:50	272,128	-c----w	C:\WINDOWS\system32\dllcache\bthport.sys
- 2006-02-28 12:00:00	150,528	-c--a-w	C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 07:03:56	151,040	-c--a-w	C:\WINDOWS\system32\dllcache\cdfview.dll
- 2006-02-28 12:00:00	1,053,696	-c--a-w	C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 07:03:57	1,054,208	-c--a-w	C:\WINDOWS\system32\dllcache\danim.dll
- 2004-08-04 12:00:00	561,179	-c--a-w	C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:25	554,008	-c--a-w	C:\WINDOWS\system32\dllcache\dao360.dll
- 2006-02-28 12:00:00	357,888	-c--a-w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 07:03:57	357,888	-c--a-w	C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2006-02-28 12:00:00	201,728	-c--a-w	C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 07:03:57	205,312	-c--a-w	C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2006-02-28 12:00:00	55,808	-c--a-w	C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 07:03:57	55,808	-c--a-w	C:\WINDOWS\system32\dllcache\extmgr.dll
- 2006-02-28 12:00:00	18,432	-c--a-w	C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:52:54	18,432	-c--a-w	C:\WINDOWS\system32\dllcache\iedw.exe
- 2006-02-28 12:00:00	251,392	-c--a-w	C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 07:03:58	251,392	-c--a-w	C:\WINDOWS\system32\dllcache\iepeers.dll
- 2006-02-28 12:00:00	96,256	-c--a-w	C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 07:03:58	96,256	-c--a-w	C:\WINDOWS\system32\dllcache\inseng.dll
- 2006-02-28 12:00:00	15,872	-c--a-w	C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 07:03:58	16,384	-c--a-w	C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2006-02-28 12:00:00	512,029	-c--a-w	C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:28	518,944	-c--a-w	C:\WINDOWS\system32\dllcache\msexch40.dll
- 2006-02-28 12:00:00	319,517	-c--a-w	C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:30	326,432	-c--a-w	C:\WINDOWS\system32\dllcache\msexcl40.dll
- 2006-02-28 12:00:00	3,049,472	-c--a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 07:03:59	3,059,712	-c--a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
- 2006-02-28 12:00:00	448,512	-c--a-w	C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 07:03:59	449,024	-c--a-w	C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2006-02-28 12:00:00	1,507,356	-c--a-w	C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:34	1,516,568	-c--a-w	C:\WINDOWS\system32\dllcache\msjet40.dll
- 2006-02-28 12:00:00	358,976	-c--a-w	C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:40	355,112	-c--a-w	C:\WINDOWS\system32\dllcache\msjetol1.dll
- 2006-02-28 12:00:00	151,583	-c--a-w	C:\WINDOWS\system32\dllcache\msjint40.dll
+ 2008-03-27 08:12:54	151,583	-c--a-w	C:\WINDOWS\system32\dllcache\msjint40.dll
- 2006-02-28 12:00:00	53,279	-c--a-w	C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42	60,192	-c--a-w	C:\WINDOWS\system32\dllcache\msjter40.dll
- 2006-02-28 12:00:00	241,693	-c--a-w	C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:42	248,608	-c--a-w	C:\WINDOWS\system32\dllcache\msjtes40.dll
- 2006-02-28 12:00:00	213,023	-c--a-w	C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:44	219,936	-c--a-w	C:\WINDOWS\system32\dllcache\msltus40.dll
- 2006-02-28 12:00:00	348,189	-c--a-w	C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:45	355,104	-c--a-w	C:\WINDOWS\system32\dllcache\mspbde40.dll
- 2006-02-28 12:00:00	146,432	-c--a-w	C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 07:03:59	146,432	-c--a-w	C:\WINDOWS\system32\dllcache\msrating.dll
- 2006-02-28 12:00:00	421,919	-c--a-w	C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:47	432,928	-c--a-w	C:\WINDOWS\system32\dllcache\msrd2x40.dll
- 2006-02-28 12:00:00	315,423	-c--a-w	C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:49	322,336	-c--a-w	C:\WINDOWS\system32\dllcache\msrd3x40.dll
- 2006-02-28 12:00:00	552,989	-c--a-w	C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:52	559,904	-c--a-w	C:\WINDOWS\system32\dllcache\msrepl40.dll
- 2006-10-19 04:47:16	414,208	-c--a-w	C:\WINDOWS\system32\dllcache\msscp.dll
+ 2006-12-04 23:21:50	414,720	-c--a-w	C:\WINDOWS\system32\dllcache\msscp.dll
- 2006-02-28 12:00:00	258,077	-c--a-w	C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:55	264,992	-c--a-w	C:\WINDOWS\system32\dllcache\mstext40.dll
- 2006-02-28 12:00:00	530,432	-c--a-w	C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 07:03:59	532,480	-c--a-w	C:\WINDOWS\system32\dllcache\mstime.dll
- 2006-02-28 12:00:00	831,519	-c--a-w	C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:57	838,432	-c--a-w	C:\WINDOWS\system32\dllcache\mswdat10.dll
- 2006-02-28 12:00:00	614,429	-c--a-w	C:\WINDOWS\system32\dllcache\mswstr10.dll
+ 2008-03-25 04:50:58	621,344	-c--a-w	C:\WINDOWS\system32\dllcache\mswstr10.dll
- 2006-02-28 12:00:00	348,189	-c--a-w	C:\WINDOWS\system32\dllcache\msxbde40.dll
+ 2008-03-25 04:50:58	355,104	-c--a-w	C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2006-02-28 12:00:00	39,424	-c--a-w	C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 07:03:59	39,424	-c--a-w	C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2006-02-28 12:00:00	1,287,680	-c--a-w	C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48	1,287,680	-c--a-w	C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-02-28 12:00:00	200,064	-c--a-w	C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49	202,752	-c--a-w	C:\WINDOWS\system32\dllcache\rmcast.sys
- 2006-02-28 12:00:00	1,492,480	-c--a-w	C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 07:04:00	1,494,528	-c--a-w	C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2006-02-28 12:00:00	474,112	-c--a-w	C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 07:04:00	474,112	-c--a-w	C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2006-11-02 01:31:34	315,904	-c--a-w	C:\WINDOWS\system32\dllcache\unregmp2.exe
+ 2007-06-27 05:10:26	317,440	-c--a-w	C:\WINDOWS\system32\dllcache\unregmp2.exe
- 2006-02-28 12:00:00	612,352	-c--a-w	C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 07:04:00	615,936	-c--a-w	C:\WINDOWS\system32\dllcache\urlmon.dll
- 2006-02-28 12:00:00	656,384	-c--a-w	C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 07:04:00	659,456	-c--a-w	C:\WINDOWS\system32\dllcache\wininet.dll
- 2006-10-19 04:47:18	222,208	-c--a-w	C:\WINDOWS\system32\dllcache\WMASF.dll
+ 2007-10-28 00:40:30	222,720	-c--a-w	C:\WINDOWS\system32\dllcache\wmasf.dll
- 2006-10-19 04:47:20	10,834,432	-c--a-w	C:\WINDOWS\system32\dllcache\wmp.dll
+ 2007-06-12 06:51:12	10,834,944	-c--a-w	C:\WINDOWS\system32\dllcache\wmp.dll
- 2006-02-28 12:00:00	200,064	----a-w	C:\WINDOWS\system32\drivers\RMCast.sys
+ 2008-05-08 12:28:49	202,752	----a-w	C:\WINDOWS\system32\drivers\rmcast.sys
- 2006-02-28 12:00:00	357,888	----a-w	C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 07:03:57	357,888	----a-w	C:\WINDOWS\system32\dxtmsft.dll
- 2006-02-28 12:00:00	201,728	----a-w	C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 07:03:57	205,312	----a-w	C:\WINDOWS\system32\dxtrans.dll
- 2006-02-28 12:00:00	55,808	----a-w	C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 07:03:57	55,808	----a-w	C:\WINDOWS\system32\extmgr.dll
- 2006-02-28 12:00:00	251,392	----a-w	C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 07:03:58	251,392	----a-w	C:\WINDOWS\system32\iepeers.dll
- 2006-02-28 12:00:00	96,256	----a-w	C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 07:03:58	96,256	----a-w	C:\WINDOWS\system32\inseng.dll
- 2006-02-28 12:00:00	15,872	----a-w	C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 07:03:58	16,384	----a-w	C:\WINDOWS\system32\jsproxy.dll
- 2008-03-05 16:30:54	19,148,408	----a-w	C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:48	17,972,344	----a-w	C:\WINDOWS\system32\MRT.exe
- 2006-02-28 12:00:00	512,029	----a-w	C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28	518,944	----a-w	C:\WINDOWS\system32\msexch40.dll
- 2006-02-28 12:00:00	319,517	----a-w	C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30	326,432	----a-w	C:\WINDOWS\system32\msexcl40.dll
- 2006-02-28 12:00:00	3,049,472	----a-w	C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 07:03:59	3,059,712	----a-w	C:\WINDOWS\system32\mshtml.dll
- 2006-02-28 12:00:00	448,512	----a-w	C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 07:03:59	449,024	----a-w	C:\WINDOWS\system32\mshtmled.dll
- 2006-02-28 12:00:00	1,507,356	----a-w	C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34	1,516,568	----a-w	C:\WINDOWS\system32\msjet40.dll
- 2006-02-28 12:00:00	358,976	----a-w	C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40	355,112	----a-w	C:\WINDOWS\system32\msjetoledb40.dll
- 2006-02-28 12:00:00	151,583	----a-w	C:\WINDOWS\system32\msjint40.dll
+ 2008-03-27 08:12:54	151,583	----a-w	C:\WINDOWS\system32\msjint40.dll
- 2006-02-28 12:00:00	53,279	----a-w	C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42	60,192	----a-w	C:\WINDOWS\system32\msjter40.dll
- 2006-02-28 12:00:00	241,693	----a-w	C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42	248,608	----a-w	C:\WINDOWS\system32\msjtes40.dll
- 2006-02-28 12:00:00	213,023	----a-w	C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44	219,936	----a-w	C:\WINDOWS\system32\msltus40.dll
- 2006-02-28 12:00:00	348,189	----a-w	C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:45	355,104	----a-w	C:\WINDOWS\system32\mspbde40.dll
- 2006-02-28 12:00:00	146,432	----a-w	C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 07:03:59	146,432	----a-w	C:\WINDOWS\system32\msrating.dll
- 2006-02-28 12:00:00	421,919	----a-w	C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:47	432,928	----a-w	C:\WINDOWS\system32\msrd2x40.dll
- 2006-02-28 12:00:00	315,423	----a-w	C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:49	322,336	----a-w	C:\WINDOWS\system32\msrd3x40.dll
- 2006-02-28 12:00:00	552,989	----a-w	C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52	559,904	----a-w	C:\WINDOWS\system32\msrepl40.dll
- 2006-10-19 04:47:16	414,208	----a-w	C:\WINDOWS\system32\msscp.dll
+ 2006-12-04 23:21:50	414,720	----a-w	C:\WINDOWS\system32\msscp.dll
- 2006-02-28 12:00:00	258,077	----a-w	C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:55	264,992	----a-w	C:\WINDOWS\system32\mstext40.dll
- 2006-02-28 12:00:00	530,432	----a-w	C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 07:03:59	532,480	----a-w	C:\WINDOWS\system32\mstime.dll
- 2006-02-28 12:00:00	831,519	----a-w	C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:57	838,432	----a-w	C:\WINDOWS\system32\mswdat10.dll
- 2006-02-28 12:00:00	614,429	----a-w	C:\WINDOWS\system32\mswstr10.dll
+ 2008-03-25 04:50:58	621,344	----a-w	C:\WINDOWS\system32\mswstr10.dll
- 2006-02-28 12:00:00	348,189	----a-w	C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58	355,104	----a-w	C:\WINDOWS\system32\msxbde40.dll
- 2006-02-28 12:00:00	39,424	----a-w	C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 07:03:59	39,424	----a-w	C:\WINDOWS\system32\pngfilt.dll
- 2006-02-28 12:00:00	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
+ 2008-05-07 05:18:48	1,287,680	----a-w	C:\WINDOWS\system32\quartz.dll
- 2006-02-28 12:00:00	1,492,480	----a-w	C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 07:04:00	1,494,528	----a-w	C:\WINDOWS\system32\shdocvw.dll
- 2006-02-28 12:00:00	474,112	----a-w	C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 07:04:00	474,112	----a-w	C:\WINDOWS\system32\shlwapi.dll
- 2006-09-26 00:58:48	14,640	----a-w	C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51	17,272	------w	C:\WINDOWS\system32\spmsg.dll
- 2007-11-13 11:31:11	60,416	----a-w	C:\WINDOWS\system32\tzchange.exe
+ 2008-03-27 09:24:20	60,416	----a-w	C:\WINDOWS\system32\tzchange.exe
- 2006-02-28 12:00:00	612,352	----a-w	C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 07:04:00	615,936	----a-w	C:\WINDOWS\system32\urlmon.dll
- 2006-02-28 12:00:00	656,384	----a-w	C:\WINDOWS\system32\wininet.dll
+ 2008-04-21 07:04:00	659,456	----a-w	C:\WINDOWS\system32\wininet.dll
- 2006-10-19 04:47:18	222,208	----a-w	C:\WINDOWS\system32\WMASF.dll
+ 2007-10-28 00:40:30	222,720	----a-w	C:\WINDOWS\system32\wmasf.dll
- 2006-10-19 04:47:20	10,834,432	----a-w	C:\WINDOWS\system32\wmp.dll
+ 2007-06-12 06:51:12	10,834,944	----a-w	C:\WINDOWS\system32\wmp.dll
- 2007-12-06 09:38:31	350,720	----a-w	C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 10:37:04	351,744	----a-w	C:\WINDOWS\system32\xpsp3res.dll
.


----------



## NWDaydreamer (Oct 29, 2003)

*Continued:*

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2004-11-11 18:50 212992]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-02-10 17:00 1937408]
"LDM"="\Program\BackWeb-8876480.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 16:04 52736]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 22:55 155648]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 18:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 18:42 659456]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 21:54 253952]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 13:41 196608]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-09-25 08:46 185784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-07 03:38 282624]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [2007-06-06 16:52 936960]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 15:20 2061816]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2005-11-22 19:12 1060864]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-06 13:26 1232152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"SiSPower"="SiSPower.dll" [2005-04-12 11:31 49152 C:\WINDOWS\system32\SiSPower.dll]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 12:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 14:08 57344 C:\WINDOWS\system32\ico.exe]
"VTTimer"="VTTimer.exe" [2005-03-07 12:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 05:31:38 241664]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-06-27 22:41:32 169472]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-04-05 00:17:04 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-06 13:26]
R1 pelmouse;Mouse Suite Drive;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 13:55]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-06 13:26]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-06 13:26]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-06 13:26]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 11:11]
S3 pelps2m;i8042 Keyboard & PS/2 Mouse Port Driver;C:\WINDOWS\system32\DRIVERS\pelps2m.sys [2004-08-02 11:33]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e0739498-b087-11d9-876c-0011d8230b0e}]
\Shell\AutoRun\command - G:\JDSecure\Windows\JDSecure20.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 15:20:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-29 15:34:24 - machine was rebooted [HP_Owner]
ComboFix-quarantined-files.txt 2008-07-29 22:33:38
ComboFix2.txt 2008-07-29 03:48:37

Pre-Run: 81,036,713,984 bytes free
Post-Run: 81,016,954,880 bytes free

462	--- E O F ---	2008-07-29 07:00:21


----------



## NWDaydreamer (Oct 29, 2003)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:51 PM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.villagephotos.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207382774359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9072 bytes


----------



## Cookiegal (Aug 27, 2003)

Please delete this file manually:

C:\WINDOWS\system32\*cjlnbrdy.ini*

*HostsXpert 4.2 - Hosts File Manager*.

Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
Run HostsXpert 4.2 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Please download Malwarebytes Anti-Malware form *Here* or *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply along with a new HijackThis log please.

Extra Note:
*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.* 
***

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have Java then you will need to go to the following link and download the latest version (it's the fifth one down the list :

*Java Runtime Environment (JRE) 6 Update 7*

Instructions for Kaspersky scan:


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs*
* 

Archives

Mail databases
*
Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> Please delete this file manually:
> 
> C:\WINDOWS\system32\*cjlnbrdy.ini*


Figured out how to do it and am now scanning.


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## NWDaydreamer (Oct 29, 2003)

*Sorry it took me so long, had a family emergency.

Here are the logs you asked for.*

*Malwarebytes' Anti-Malware 1.23*
Database version: 1010
Windows 5.1.2600 Service Pack 2

3:21:08 PM 7/30/2008
mbam-log-7-30-2008 (15-21-08).txt

Scan type: Quick Scan
Objects scanned: 43371
Time elapsed: 7 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

*Logfile of Trend Micro HijackThis v2.0.2*
Scan saved at 3:22:40 PM, on 7/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.villagephotos.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207382774359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8726 bytes

--------------------------------------------------------------------------------
*KASPERSKY ONLINE SCANNER 7 REPORT*
Wednesday, July 30, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, July 30, 2008 17:08:56
Records in database: 1029644
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 160682
Threat name: 6
Infected objects: 10
Suspicious objects: 0
Duration of the scan: 05:23:02

File name / Threat name / Threats count
C:\Documents and Settings\HP_Owner\.housecall\Quarantine\A0109359.dll.bac_a00524	Infected: not-a-virus:AdWare.Win32.SideFind.a	1
C:\Documents and Settings\HP_Owner\.housecall6.6\Quarantine\A0109359.dll.bac_a00524	Infected: not-a-virus:AdWare.Win32.SideFind.a	1
C:\Documents and Settings\HP_Owner\My Documents\Program Files\WINZIP\cmas_cardinal.exe	Infected: not-a-virus:AdWare.Win32.Gator.3013	1
C:\Documents and Settings\HP_Owner\My Documents\Program Files\WINZIP\Fall Bluejay.exe	Infected: not-a-virus:AdWare.Win32.Gator.3103	1
C:\Program Files\PopCap Games\PopCap ActiveX Control\Uninstall.exe	Infected: not-a-virusownloader.Win32.PopCap.b	1
C:\QooBox\Quarantine\C\WINDOWS\system32\fcquspdj.dll.vir	Infected: not-a-virus:AdWare.Win32.Virtumonde.yys	1
C:\QooBox\Quarantine\C\WINDOWS\system32\jnynjvxv.dll.vir	Infected: not-a-virus:AdWare.Win32.SuperJuan.bty	1
C:\QooBox\Quarantine\C\WINDOWS\system32\leiuro.dll.vir	Infected: not-a-virus:AdWare.Win32.SuperJuan.bty	1
C:\QooBox\Quarantine\C\WINDOWS\system32\mxyxhk.dll.vir	Infected: not-a-virus:AdWare.Win32.SuperJuan.bty	1
C:\QooBox\Quarantine\C\WINDOWS\system32\rfrtdglx.dll.vir	Infected: not-a-virus:AdWare.Win32.SuperJuan.bty	1

The selected area was scanned.


----------



## Cookiegal (Aug 27, 2003)

*Click here* to download *Dr.Web CureIt* and save it to your desktop.

Doubleclick the *drweb-cureit.exe* file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the *green arrow* at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:








If so, click it and then click the next icon right below and select *Move incurable* as you'll see in next image:








This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click *file* and choose *save report list*
Save the report to your desktop. The report will be called *DrWeb.csv*
Close Dr.Web Cureit.
*Reboot* your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new Hijack This log.


----------



## NWDaydreamer (Oct 29, 2003)

Thank you. I followed your instructions and restarted my computer. When I tried to open the DrWeb file, it had change it to open in Microsoft Excel. I right clicked it and opened it in WordPad. Also, when Microsoft Excel opened I got an alert that said:

"Microsoft Office Frontpage has detected a significant change. To continue functioning properly, and to avoid entry into reduced functionality mode, you must reactivate your product. With the product in reduced functonality mode, you will not be able to save or create new documents, and other product functonality will be reduced."

I don't think this is the way the document should look, maybe I'm wrong...
I have a headache now, I'm going to bed. Probably giving you one too. Ha!



*DrWeb Log*

RegUBP2b-HP_Owner.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\HP_Owner\Desktop\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\HP_Owner\Desktop;Archive contains infected objects;Moved.;
cmas_cardinal.exe\data016;C:\Documents and Settings\HP_Owner\My Documents\Program Files\WINZIP\cmas_cardinal.exe;Adware.Gator;;
cmas_cardinal.exe;C:\Documents and Settings\HP_Owner\My Documents\Program Files\WINZIP;Archive contains infected objects;Moved.;
Fall Bluejay.exe\data016;C:\Documents and Settings\HP_Owner\My Documents\Program Files\WINZIP\Fall Bluejay.exe;Adware.Gator;;
Fall Bluejay.exe;C:\Documents and Settings\HP_Owner\My Documents\Program Files\WINZIP;Archive contains infected objects;Moved.;
KillWind.exe;C:\hp\bin;Tool.ProcessKill;Moved.;
nppopcaploader.dll;C:\Program Files\Mozilla Firefox\plugins;Program.PopcapLoader.origin;Moved.;
stream001\uninstll.exe;C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe\\Windows\access\EarthLink Setup.msi\stream001;Probably STPAGE.Trojan;;
stream001;C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe\\Windows\access\EarthLink Setup.msi;Archive contains infected objects;;
\Windows\access\EarthLink Setup.msi;C:\Program Files\Online Services\EarthLink\EarthLink Setup.exe\\Windows\access;Archive contains infected objects;;
EarthLink Setup.exe;C:\Program Files\Online Services\EarthLink;Archive contains infected objects;Moved.;
Uninstall.exe;C:\Program Files\PopCap Games\PopCap ActiveX Control;Program.PopcapLoader;Moved.;
Uninstall.exe;C:\Program Files\PopCap Games\PopCap Browser Plugin;Program.PopcapLoader.origin;Moved.;
A0019033.EXE;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP145;Program.PsExec.170;Moved.;
A0019393.EXE;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP152;Program.PsExec.170;Moved.;
A0019443.dll;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153;Adware.SearchAid.40;Moved.;
A0019451.exe\data018;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0019451.exe;Adware.SearchAid.40;;
A0019451.exe\data024;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0019451.exe;Adware.SaveNow;;
A0019451.exe\data028;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0019451.exe;Adware.SaveNow;;
A0019451.exe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153;Archive contains infected objects;Moved.;
A0020388.exe\data071;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020388.exe;Adware.SaveNow;;
A0020388.exe\data072;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020388.exe;Adware.NewDotNet;;
data073\WhAgent.exe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020388.exe\data073;Adware.WebHancer;;
data073\whInstaller.exe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020388.exe\data073;Adware.WebHancer;;
data073\WhSurvey.exe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020388.exe\data073;Adware.WebHancer;;
data073\Webhdll.dll;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020388.exe\data073;Adware.WebHancer;;
data073\whiehlpr.dll;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020388.exe\data073;Adware.WebHancer;;
data073;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020388.exe;Archive contains infected objects;;
A0020388.exe\data074;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020388.exe;Program.ProxyOSS;;
A0020388.exe\data075;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020388.exe;Program.ProxyOSS;;
A0020388.exe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153;Archive contains infected objects;Moved.;
A0020389.exe\data071;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020389.exe;Adware.SaveNow;;
A0020389.exe\data072;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020389.exe;Adware.NewDotNet;;
data073\WhAgent.exe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020389.exe\data073;Adware.WebHancer;;
data073\whInstaller.exe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020389.exe\data073;Adware.WebHancer;;
data073\WhSurvey.exe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020389.exe\data073;Adware.WebHancer;;
data073\Webhdll.dll;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020389.exe\data073;Adware.WebHancer;;
data073\whiehlpr.dll;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020389.exe\data073;Adware.WebHancer;;
data073;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020389.exe;Archive contains infected objects;;
A0020389.exe\data074;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020389.exe;Program.ProxyOSS;;
A0020389.exe\data075;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020389.exe;Program.ProxyOSS;;
A0020389.exe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153;Archive contains infected objects;Moved.;
A0020392.exe\data018;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020392.exe;Adware.SearchAid.40;;
A0020392.exe\data024;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020392.exe;Adware.SaveNow;;
A0020392.exe\data028;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153\A0020392.exe;Adware.SaveNow;;
A0020392.exe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP153;Archive contains infected objects;Moved.;
A0020466.reg;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP154;Trojan.StartPage.1505;Deleted.;
A0020468.exe\327882R2FWJFW\psexec.cfexe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155\A0020468.exe;Program.PsExec.171;;
A0020468.exe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155;Archive contains infected objects;Moved.;
stream001\uninstll.exe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155\A0020469.exe\\Windows\access\EarthLink Setup.;Probably STPAGE.Trojan;;
stream001;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155\A0020469.exe\\Windows\access\EarthLink Setup.;Archive contains infected objects;;
\Windows\access\EarthLink Setup.msi;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155\A0020469.exe\\Windows\access;Archive contains infected objects;;
A0020469.exe;C:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155;Archive contains infected objects;Moved.;
App06277.exe\hp/tmp/getgames.js;D:\I386\Apps\APP06277\App06277.exe;Probably SCRIPT.Virus;;
App06277.exe;D:\I386\Apps\APP06277;Archive contains infected objects;Moved.;
hp/tmp/src/SpyPreInstall.exe\ssengine.dll;D:\I386\Apps\APP08006\App08006.exe\hp/tmp/src/SpyPreInstall.exe;Probably MULDROP.Trojan;;
hp/tmp/src/SpyPreInstall.exe;D:\I386\Apps\APP08006\App08006.exe;Archive contains infected objects;;
App08006.exe;D:\I386\Apps\APP08006;Archive contains infected objects;Moved.;
App23450.exe\hp/tmp/firstopt.js;D:\I386\Apps\APP23450\App23450.exe;Probably SCRIPT.Virus;;
App23450.exe;D:\I386\Apps\APP23450;Archive contains infected objects;Moved.;
A0020470.exe\hp/tmp/getgames.js;D:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155\A0020470.exe;Probably SCRIPT.Virus;;
A0020470.exe;D:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155;Archive contains infected objects;Moved.;
hp/tmp/src/SpyPreInstall.exe\ssengine.dll;D:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155\A0020471.exe\hp/tmp/src/SpyPreInstall.exe;Probably MULDROP.Trojan;;
hp/tmp/src/SpyPreInstall.exe;D:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155\A0020471.exe;Archive contains infected objects;;
A0020471.exe;D:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155;Archive contains infected objects;Moved.;
A0020472.exe\hp/tmp/firstopt.js;D:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155\A0020472.exe;Probably SCRIPT.Virus;;
A0020472.exe;D:\System Volume Information\_restore{8F7A5040-9305-4BDA-A5EE-E7EE68E6A93B}\RP155;Archive contains infected objects;Moved.;

*Logfile of Trend Micro HijackThis v2.0.2*
Scan saved at 4:31:25 AM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PopCap Games\BookWorm Deluxe\BookWorm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.villagephotos.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207382774359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8769 bytes


----------



## Cookiegal (Aug 27, 2003)

Download *OTScanIt.exe *to your Desktop and double-click on it to extract the files. It will create a folder named *OTScanIt* on your desktop.

Close any open browsers.
Disconnect from the Internet.
Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of OTScanIt.
Open the *OTScanIt* folder and double-click on OTScanIt.exe to start the program.
Check the box that says *Scan All User Accounts*
Under Drivers select the radio button for *All*
Check the Radio buttons for Files/Folders Created Within *90 Days* and Files/Folders Modified Within *90 Days* 
Under Additional Scans check the following:
Reg - Disabled MS Config Items
Reg - Security Settings
Reg - Software Policy Settings
Reg - Uninstall List
Evnt - EventViewer Errors/Warnings (last 7 days)

Now click the *Run Scan* button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it automatically.
Save that Notepad file. Click the *Format* menu and make sure that *Word wrap* is not checked. If it is then click on it to uncheck it.
Use the *Reply* button and upload Notepad file here as an attachment please.


----------



## NWDaydreamer (Oct 29, 2003)

Thank you. Doing it now.


----------



## NWDaydreamer (Oct 29, 2003)

I followed these steps:

*Close any open browsers. 
Disconnect from the Internet. 
Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of OTScanIt. 
Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.*

When I double clicked on OTScanIt.exe I got a message that said:

Windows cannot access the specified device, path, or file. You may not have appropriate permission to access this file.


----------



## NWDaydreamer (Oct 29, 2003)

I was finally able to open OTScanIt. When I tried to run it. Zone alarm said it was infected with a virus. Also, there was another file in the folder called "catchme.exe". I moved them to the virus vault. I deleted the OTScanIt program and emptied the recycle bin.


----------



## Cookiegal (Aug 27, 2003)

You need to disable ZoneAlarm when downloading and running OTScanIt. This is why we say to disable security programs. Some of the components of these tools are flagged as malware because of their functions but they are not malware. So by letting it quarantine them you have corrupted the program so it won't work properly, if at all.

Please disabled ALL security programs and downloand run OtScanIt as instructed.

When disabling ZoneAlarm, turn the XP firewall back on as this won't interfere.


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> You need to disable ZoneAlarm when downloading and running OTScanIt. This is why we say to disable security programs. Some of the components of these tools are flagged as malware because of their functions but they are not malware. So by letting it quarantine them you have corrupted the program so it won't work properly, if at all.
> 
> Please disabled ALL security programs and downloand run OtScanIt as instructed.
> 
> When disabling ZoneAlarm, turn the XP firewall back on as this won't interfere.


I did shut Zone Alarm down. My AVG antivirus is still running in the background though. How can I shut it down?


----------



## NWDaydreamer (Oct 29, 2003)

Nevermind, I figured out how to disable Resident Shield. And now will do as instructed. Thanks.
:up:


----------



## NWDaydreamer (Oct 29, 2003)

I ran the OTScanIt and have attached the file.


----------



## Cookiegal (Aug 27, 2003)

Start *OTScanIt*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill Explorer]
[Unregister Dlls]
[Driver Services - All]
YN -> (SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.sys
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> LDM -> [\Program\BackWeb-8876480.exe]
< Run [HKEY_USERS\S-1-5-21-1235192796-640408551-3176611609-1009\] > -> HKEY_USERS\S-1-5-21-1235192796-640408551-3176611609-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> LDM -> [\Program\BackWeb-8876480.exe]
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> WRNotifier -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 1 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 129 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 131 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 131 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 131 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 131 domain(s) and sub-domain(s) not assigned to a zone. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1235192796-640408551-3176611609-1009\] > -> HKEY_USERS\S-1-5-21-1235192796-640408551-3176611609-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
YN -> 129 domain(s) and sub-domain(s) not assigned to a zone. -> 
[Registry - Additional Scans - Non-Microsoft Only]
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
YN -> {3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0 Update 6
YN -> {3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(TM) 6 Update 3
YN -> {7148F0A8-6813-11D6-A77B-00B0D0142030} -> Java 2 Runtime Environment, SE v1.4.2_03
[Files/Folders - Created Within 90 days]
NY -> 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> tmp4CFBD.FOT -> %SystemRoot%\System32\tmp4CFBD.FOT
NY -> tmp65FBD.FOT -> %SystemRoot%\System32\tmp65FBD.FOT
NY -> tmp80FBD.FOT -> %SystemRoot%\System32\tmp80FBD.FOT
NY -> tmp9DEBD.FOT -> %SystemRoot%\System32\tmp9DEBD.FOT
NY -> tmpB9EBD.FOT -> %SystemRoot%\System32\tmpB9EBD.FOT
NY -> tmpC6EBD.FOT -> %SystemRoot%\System32\tmpC6EBD.FOT
NY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```


----------



## NWDaydreamer (Oct 29, 2003)

Explorer killed successfully
[Driver Services - All]
Service SASKUTIL stopped successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LDM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1235192796-640408551-3176611609-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LDM not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier\ deleted successfully.
[Registry - Additional Scans - Non-Microsoft Only]
[Files/Folders - Created Within 90 days]
C:\WINDOWS\System32\tmp4CFBD.FOT moved successfully.
C:\WINDOWS\System32\tmp65FBD.FOT moved successfully.
C:\WINDOWS\System32\tmp80FBD.FOT moved successfully.
C:\WINDOWS\System32\tmp9DEBD.FOT moved successfully.
C:\WINDOWS\System32\tmpB9EBD.FOT moved successfully.
C:\WINDOWS\System32\tmpC6EBD.FOT moved successfully.
[Files/Folders - Modified Within 30 days]
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\HP_Owner\Local Settings\temp\bbassistant.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08032008_093304

Files moved on Reboot...
C:\Documents and Settings\HP_Owner\Local Settings\temp\bbassistant.log moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.

L*ogfile of Trend Micro HijackThis v2.0.2*
Scan saved at 9:41:35 AM, on 8/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.villagephotos.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207382774359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8676 bytes


----------



## Cookiegal (Aug 27, 2003)

Your *Java* is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of *Java* components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

*Upgrading Java*:


Download the latest version of *Java Runtime Environment (JRE) 6 Update 7*.
Scroll down to where it says * Java Runtime Environment (JRE) 6 Update7. The Java SE Runtime Environment (JRE) allows end-users to run Java applications* (the fifth one in the list).
Click the "*Download*" button to the right. A new page will open.
Select your platform and check the box that says: *I agree to the Java SE Runtime Environment 6 License Agreement*.
Click *Continue*.
Click on the link under *Windows Offline Installation* (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager.
Go to *Start* - *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on the download to install the newest version.

How are things now?


----------



## NWDaydreamer (Oct 29, 2003)

Thank you. 

When I tried to remove the older versions(s) of Java, I got a message that said:
"The Windows Installer Service could not be accessed. This can occur if you are running in safe mode, or if Windows Installer is not correctly installed. Contact your support for personal instructions.


----------



## NWDaydreamer (Oct 29, 2003)

I received a Windows update notice. It wanted to install WindowsXP Service Pack 3. I did not allow it yet, as it advised to back up my computer first. You advised me not to install anything yet. Did I do the right thing in waiting?


----------



## Cookiegal (Aug 27, 2003)

I would hold off on SP3 for now. Some systems have problems installing it and there is a bunch of criteria you have to follow before installing it.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## NWDaydreamer (Oct 29, 2003)

Thank you for the reply, Cookiegal.

I copied the log for you. I am attaching it as a file since it is long. All the events under 'System' seem to be the same except near the end. I still have it open if you want more that are dated 8/2/2008 there are a few errors on 8/1. I didn't know if it was a waste of time to continuing copying them or not.

~

Come to find out, there weren't that many more for the event times you requested. So, I am adding those also in case you need them.


----------



## Cookiegal (Aug 27, 2003)

For the Application Management Service errors that are repeating over and over, you need to get this Hotfix:

http://support.microsoft.com/kb/328213

Also, you W32Time service seems to be having problems synchronizing. You might want to look into another source to synchronize the time.

Also, can you please verify that you do indeed have this file in this location?

C:\Windows\system32\Msiexec.exe


----------



## NWDaydreamer (Oct 29, 2003)

Good morning Cookiegal, thank you again for the help.



Cookiegal said:


> For the Application Management Service errors that are repeating over and over, you need to get this Hotfix: http://support.microsoft.com/kb/328213


I followed the instruction A link was send to my inbox. It said:

_If you decide to install this hotfix, please note the following items:

Do not deploy a hotfix in a production environment without first testing the hotfix.

Back up the system or the computer that will receive the hotfix before you install the hotfix._

What does than mean? Do I need to back up my system and if so how? I haven't proceeded with that until further instruction.



Cookiegal said:


> Also, you W32Time service seems to be having problems synchronizing. You might want to look into another source to synchronize the time.


I don't understand what this means, synchronize the time? Nor "looking into another source". I am clueless about that. 
My clock is working.



Cookiegal said:


> Also, can you please verify that you do indeed have this file in this location?
> 
> C:\Windows\system32\Msiexec.exe


I searched for that file, and two came up. I'm assuming they're in the right locataion? Both files are Windows Installer(s).

C:\WINDOWS\system32
C:\WINDOWS\system32\dllcache


----------



## Cookiegal (Aug 27, 2003)

The MS warning is more for companies but it's always a good idea to back up important data, photos, music etc. either to an external drive or to CDs and set a new system restore point before doing anything like that but you can wait until we're done for that step.

For the time, your computer needs to synchronize with a time server periodically. The one you're using may not be available or you're not connected to the Internet when the synchronization tries to run. This is why you see several errors about that service in the Event Viewer.

Go to Control Panel and click on Date and Time. Click on the Internet Time tab and be sure there is a tick in the box marked "Automatically Synchronize with an Internet Time Server". Click on the arrow beside the current time server and see if there are others to select and if so select one of them then click "Update Now" and see if it will update. If it does then click Apply and OK to finish.

Now for the file I asked you about, I need you to export a registry key for me.

Go to *Start *- *Run *and copy and paste the following command and click OK:

*regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer"*

You won't see anything happening and it only takes a second. Now click on "My Computer" and click on your C drive. You should see the report there with the name *look.txt*. Double-click on it to open it and copy and paste the contents here please.


----------



## NWDaydreamer (Oct 29, 2003)

I did what you asked on the Internet Time tab and made sure it was ticked. 
In the box marked "Automatically Synchronize with an Internet Time Server". I clicked "Update Now", it said it was updated but the button that said to 'apply' was not active. So I clicked ok and exited.

(*Tried again to synchronize time and this time it worked!*)

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSIServer]
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6d,\
00,73,00,69,00,65,00,78,00,65,00,63,00,2e,00,65,00,78,00,65,00,20,00,2f,00,\
56,00,00,00


----------



## Cookiegal (Aug 27, 2003)

Are you sure that's all the text that was in the Look.txt file?


----------



## NWDaydreamer (Oct 29, 2003)

Yes, I checked again to make sure.


----------



## Cookiegal (Aug 27, 2003)

First, we need to backup your registry:

Please go to *Start *- *Run *and copy and paste the following and then click OK:

*regedit /e c:\registrybackup.reg*

It won't appear to be doing anything and that's normal. Your mouse pointer may turn to an hour glass for a minute.

When it no longer has the hour glass, check in your C drive to be sure you have a file called* registrybackup.reg *before continuing. If you do not see that file, please let me know before doing anything else beyond this point.

I'm attaching a MSIServer.zip file. Save it to your desktop. Unzip it and click on the MSIServer.reg file and allow it to enter into the registry.

Then, boot to safe mode and go to *Start *- *Run *and copy and paste the following, then click OK.

*msiexec /regserver*

Reboot and then try removing the older versions of Java again please.


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> First, we need to backup your registry:
> 
> Please go to *Start *- *Run *and copy and paste the following and then click OK:
> 
> ...


Did that and found the file. So good there.



Cookiegal said:


> I'm attaching a MSIServer.zip file. Save it to your desktop. Unzip it and click on the MSIServer.reg file and allow it to enter into the registry.
> 
> Then, boot to safe mode and go to *Start *- *Run *and copy and paste the following, then click OK.
> 
> ...


I did that but when I went to paste *msiexec /regserver* it didn't take. I typed it in. I may have put a space between the characters I've highlighted in red, *msiexec / regserver* but I'm not sure. I rebooted and went to remove Java and it didn't work.

~


----------



## NWDaydreamer (Oct 29, 2003)

I re-did the steps for the registry entry, this time typing in *msiexec /regserver *(it won't save the copy/paste) in safe mode. Then restarted the computer. I was able to remove Java(TM) 6 Update 6.

*I was not able to remove:*

Java(TM) 6 Update 3
Java2 Runtime Environment, SE v1.4.2_03
J2SE Runtime Environment 5.0 Update 6


----------



## Cookiegal (Aug 27, 2003)

When trying to remove the other Java's, do you get the same message you got before?


----------



## NWDaydreamer (Oct 29, 2003)

No, I didn't get a message. There is just no button to choose to remove them.


----------



## Cookiegal (Aug 27, 2003)

Download the Registry Search Tool here:

http://www.billsway.com/vbspage/

Unzip it and double click on the file to run it. If your antivirus interferes you may have to disable script blocking in the antivirus. Copy and Paste the following in the search box:

*Java*

Copy and paste the results here please.


----------



## NWDaydreamer (Oct 29, 2003)

I tried to copy and paste the results here, but it froze up Internet Explorer twice. So I've attached the file.


----------



## Cookiegal (Aug 27, 2003)

I'm sorry but I haven't forgotten you. Unfortunately, I probably won't be able to get to this until tomorrow as it involved some studying and preparing a regifx. I just wanted to let you know.


----------



## NWDaydreamer (Oct 29, 2003)

Thank you, very much. I appreciate it.


----------



## Cookiegal (Aug 27, 2003)

It's very long and tedious so let's try something else first.

Open HijackThis and click on Config and then Misc Tools. Select Open Uninstall Manager and then highlight each of the old Java versions (one at a time) and then click on Delete The Entry. 

After doing all three, reboot and let me know if they still appear in the Add/Remove list in the Control Panel please.


----------



## NWDaydreamer (Oct 29, 2003)

Good morning.

That's odd. I did as you requested. None of them show there.


----------



## Cookiegal (Aug 27, 2003)

Are they still showing in Add or Remove?

Please run OTScanIt again as you did in post no. 30 and attach the log.


----------



## NWDaydreamer (Oct 29, 2003)

Still showing in Add/Remove. I'll scan now.


----------



## Cookiegal (Aug 27, 2003)

OK, thanks.


----------



## NWDaydreamer (Oct 29, 2003)

Ok, that's done.I've attached the log.


----------



## Cookiegal (Aug 27, 2003)

Sorry but that's the incorrect scan. Please go back to post no. 30 and the instructions I posted just prior to that for running OTScanIt.


----------



## NWDaydreamer (Oct 29, 2003)

Oops, sorry about that. I've attached a new log.


----------



## NWDaydreamer (Oct 29, 2003)

I've tried three times to attach the log, but it isn't working for some reason. It was 80.7kb too large. I've put it in two separate files.... I hope, what a goof.


----------



## Cookiegal (Aug 27, 2003)

Try running the Microsoft Cleanup Utility. It should be able to remove those damaged Java installations.

http://support.microsoft.com/kb/290301

Let me know how it goes please.


----------



## Cookiegal (Aug 27, 2003)

Also, please do the following:

Start *OTScanIt*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.


```
[Kill Explorer]
[Driver Services - All]
YN -> (SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.sys
[Registry - Non-Microsoft Only]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> LDM -> [\Program\BackWeb-8876480.exe]
< Run [HKEY_USERS\S-1-5-21-1235192796-640408551-3176611609-1009\] > -> HKEY_USERS\S-1-5-21-1235192796-640408551-3176611609-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> LDM -> [\Program\BackWeb-8876480.exe]
[Empty Temp Folders]
[Start Explorer]
[Reboot]
```


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> Try running the Microsoft Cleanup Utility. It should be able to remove those damaged Java installations.
> 
> http://support.microsoft.com/kb/290301
> 
> Let me know how it goes please.


I did that, but the Java files are still in my Add/Remove. Prior, I had went to my Myspace and only went to my settings. I believe it tried to download the virus again, from there! I got the little gray box that ask me to download it. I exited.




Cookiegal said:


> Also, please do the following:
> 
> Start *OTScanIt*. Copy/Paste the information in the code box below into the pane where it says *"Paste fix here"* and then click the "Run Fix" button.
> 
> ...


Explorer killed successfully
[Driver Services - All]
Service SASKUTIL stopped successfully.
[Registry - Non-Microsoft Only]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LDM deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1235192796-640408551-3176611609-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\LDM not found.
[Empty Temp Folders]
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08092008_131225

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.


----------



## Cookiegal (Aug 27, 2003)

Do you remember what the box said?

Your profile on MySpace may be infected.


----------



## NWDaydreamer (Oct 29, 2003)

Not exactly. Something about your computer may be infected. Then the pop us as before trying to run it. How could my profile be infected? Unless someone's comment? I've had the same profile for ages.


----------



## Cookiegal (Aug 27, 2003)

They do get infected. Here's an example. It's an older link but it gives you an idea.

http://news.cnet.com/Worm-uses-QuickTime-to-spread-on-MySpace/2100-7349_3-6140613.html?hhTest=1

I would check with MySpace to see what they can do.


----------



## NWDaydreamer (Oct 29, 2003)

Thank you,

I've contacted them. What can I do now?


----------



## Cookiegal (Aug 27, 2003)

Please post a new HijackThis log.


----------



## Cookiegal (Aug 27, 2003)

Are you having any new symptoms?


----------



## NWDaydreamer (Oct 29, 2003)

Will do that now, and so far, no.


----------



## NWDaydreamer (Oct 29, 2003)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:09:01 PM, on 8/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.villagephotos.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207382774359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8758 bytes


----------



## Cookiegal (Aug 27, 2003)

The log looks fine.

Were there any other problems remaining besides the problem uninstalling the older versions of Java?

What happened when you used the Clean Up utility? Did it not have an option to remove those three versions?


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> The log looks fine.
> 
> Were there any other problems remaining besides the problem uninstalling the older versions of Java?
> 
> What happened when you used the Clean Up utility? Did it not have an option to remove those three versions?


On reboot it now has me press F1 to restart, whereas before it just started. As for the Clean Up utility, I didn't even notice an option to remove. Should I run it again, and see?


----------



## Cookiegal (Aug 27, 2003)

NWDaydreamer said:


> As for the Clean Up utility, I didn't even notice an option to remove. Should I run it again, and see?


Yes please. It would be a lot easier if we could remove them that way.


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> Yes please. It would be a lot easier if we could remove them that way.


Thank you for your patience. I ran the Clean Up utility again and found the three:

Java(TM) 6 Update 3
Java2 Runtime Environment, SE v1.4.2_03
J2SE Runtime Environment 5.0 Update 6

I was able to remove them with the Clean Up utility. I went to Add /Remove and they were gone. I searched for files in the 'Search' and found files that say, "Java". I've not touched those.


----------



## Cookiegal (Aug 27, 2003)

Now see if you can download the newest version of Java please.


----------



## NWDaydreamer (Oct 29, 2003)

I was able to install it.


----------



## Cookiegal (Aug 27, 2003)

Did you hear anything back from MySpace?


----------



## NWDaydreamer (Oct 29, 2003)

Just an automated reply so far.


----------



## Cookiegal (Aug 27, 2003)

When did this problem with F1 start?

Go to Start - Run - type in the following and click OK.

*C:\boot.ini*

The file will open up in Notepad. Be careful not to make any changes to it. Copy and paste the contents here please.


----------



## NWDaydreamer (Oct 29, 2003)

I thought it started (having to press F1) after using the *OTScanIt* utility. But I am not 100% sure. I went back to post *# 38* and have not installed the hotfix as of yet. We had skipped that and went on to backup the registry. That is also when I tried to open the notepad and it opened in Microsoft Office Frontpage. There is an eSword program that when I tried to open, Windows Installer tries to run Microsoft XP Professional With Frontpage. A box pops us and says: "The feature you are trying to use is on a CD-ROM, or other removable disk that is not available. "Insert the 'Microsoft Office XP Professional with "FrontPage' disk and click ok."

Then another box that says:
The path 'Microsoft Office XP Professional with 'FrontPage' cannot be found.VErify that you have access to this location and try again.Or try to find the installation package 'PROPLUS.MSI in a folder from which you can install the product 'Microsoft Office XP Professional with "FrontPage'

*Also, from Post #38:*



Cookiegal said:


> For the Application Management Service errors that are repeating over and over, you need to get this Hotfix:
> 
> http://support.microsoft.com/kb/328213


*Here is a copy of C:\boot.ini*

[boot loader]
timeout=0
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons


----------



## crjdriver (Jan 2, 2001)

Just took a look at this one. Usually the F1/setup means that the bios found hardware or changes that it did not expect. Are you getting a checksum error as well?

Sometimes you simply have to enter the bios and save [not making any changes at all] and that fixes it. If not, again enter the bios and load defaults; save settings and restart. Each bios is a little different. After loading defaults, you may have to reset the time/date. Sometimes yes and sometimes no.

Note please read your manual and become familiar with your bios settings before doing the above task.


----------



## crjdriver (Jan 2, 2001)

I will be gone for a while this morning so I will check back later in the day to see if this fixed the problem.


----------



## Cookiegal (Aug 27, 2003)

Thanks Chuck.


----------



## crjdriver (Jan 2, 2001)

Just had another thought as I was walking out the door.

If you have sata, check what mode the controller is using now. If you load defaults, it may default to a different mode. No big deal, you just reenter the bios and set the correct mode. If you do have a different mode such as native ide and it defaults to ahci, you will get a bsod when you restart.


----------



## NWDaydreamer (Oct 29, 2003)

Good morning folks. Thank you for the replies.

Well.... this may take me a bit of time. Most of my belongings are packed to move, upstairs. All in one room. Including my manual, somewhere. This could take me awhile to find it.


----------



## crjdriver (Jan 2, 2001)

You can always download a manual in pdf format and just read it from your screen OR you could print the manual


----------



## NWDaydreamer (Oct 29, 2003)

Oh! I wouldn't know what to look for, nor where.

I found the manual and am searching it for the informatation.

http://h10032.www1.hp.com/ctg/Manual/c00230513.pdf

Just FYI. Also, I was going back over your posts and crjdriver, you mentioned a checksum error. I don't understand the term but it occurred to me, that on startup, there is no error. At bottom of the first black screen that shows on startup (among the standard stuff) says, Floppy disk(s) fail (40). My floppy disk device wore out and was making noise so we disconnected it. I have no idea if that relates to this, probably not. I just wanted to let you know just in case.


----------



## NWDaydreamer (Oct 29, 2003)

I couldn't find the manual online that has anything to do with bios. I had my daughter try to restart to get to the BIOS Setup Utility but it wouldn't let her. It kept taking her back to the Main Menu.


----------



## ~Candy~ (Jan 27, 2001)

Are you able to access the bios setup?


----------



## crjdriver (Jan 2, 2001)

Here is a link to a page that explains some of the bios options for hp.
http://h10025.www1.hp.com/ewfrf/wc/document?docname=bph07110&dlc=en&lc=en&cc=us#

Since the floppy has failed, while in the bios you can disable the floppy controller so you do not get the msg.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Are you able to access the bios setup?


I (her daughter) tried to get to the bios set up because I am not familiar with it. I got to a place that said "Phoenix - AwardBIOS CMOS Setup Utility".



crjdriver said:


> Here is a link to a page that explains some of the bios options for hp.
> http://h10025.www1.hp.com/ewfrf/wc/document?docname=bph07110&dlc=en&lc=en&cc=us#
> 
> Since the floppy has failed, while in the bios you can disable the floppy controller so you do not get the msg.


When I got the the Phoenix - AwardBIOS CMOS Setup Utility I didn't have any of the options of that are the the link listed above. I did find a link for default settings but every time that I tried to change it (choosing yes or no) it would reset it to N. There was no other place to reset the default.

Just to clarify, as for the floppy message, it is not a error message that pops up. It is part of the black background start up screen before Windows loads.


----------



## NWDaydreamer (Oct 29, 2003)

Disregard this post. It was an AVG problem that was resolved.


----------



## Cookiegal (Aug 27, 2003)

NWDaydreamer said:


> Disregard this post. It was an AVG problem that was resolved.


Do you mean the F1 boot problem was caused by AVG?


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> Do you mean the F1 boot problem was caused by AVG?


No, it was a seperate issue. Sorry.


----------



## Cookiegal (Aug 27, 2003)

Sorry. So you still have the F1 boot problem?


----------



## NWDaydreamer (Oct 29, 2003)

Sorry, I haven't been on much today. Yes, I still have the F1 boot problem.


----------



## ~Candy~ (Jan 27, 2001)

NWDaydreamer said:


> I (her daughter) tried to get to the bios set up because I am not familiar with it. I got to a place that said "Phoenix - AwardBIOS CMOS Setup Utility".
> 
> When I got the the Phoenix - AwardBIOS CMOS Setup Utility I didn't have any of the options of that are the the link listed above. I did find a link for default settings but every time that I tried to change it (choosing yes or no) it would reset it to N. There was no other place to reset the default.
> 
> Just to clarify, as for the floppy message, it is not a error message that pops up. It is part of the black background start up screen before Windows loads.


Do you see any option to disable the floppy drive?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Do you see any option to disable the floppy drive?


My daughter left. If there is an option, I don't know where it is. If you mean on the start-up screen. No, there isn't.


----------



## ~Candy~ (Jan 27, 2001)

In the actual bios setup. There should be an option to show the floppy drive as "DISABLED." Or maybe "NONE." Bioses are all a bit different. Just look around for some reference to the floppy drive....


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> In the actual bios setup. There should be an option to show the floppy drive as "DISABLED." Or maybe "NONE." Bioses are all a bit different. Just look around for some reference to the floppy drive....


*I'm not sure that I am actually getting there. I tried to follow the directions to get to it by waiting for the first screen then hitting F10. I was at the usual black screen that shows up. It says:*

Phoenix- AwardBIOS v6. 00PG, An Energy star Ally

MSI K8MM (and a string of letters)
Main Processor AMD Athalon (tm0 64 processor 3300+
Memory Testing 9830 40K OK

IDE Channel 0 Master: ST3160021A 8.11
IDE Channel 0 slave :NONE
IDE Channel 1 Master : Memorex 16XDDL IN 1.A3

At the bottom it says:

Press F1 to continue
DEL to enter SETUP

When I hit delete, it takes me to a blue screen that saysPhoenix- AwardBIOS CMOS Setup Utility

*I looked around there and didn't see anyplace to disable the floppy drive. *


----------



## EAFiedler (Apr 25, 2000)

Hi *NWDaydreamer*

Yes, *DEL* is what you want.

You need to use the arrow keys to move through the tabs at the top.
The *Advanced* tab on my machine allows me to disable the floppy drive.
The *Boot* tab allows me to toggle through the boot options.

Do you see something similar?


----------



## NWDaydreamer (Oct 29, 2003)

Thanks for the reply, Can I take a screenshot? It would be easier than restarting and typing it all out. If so, how can I do that? Mine doesn't even get to the floppy configuration. At least, I didn't find it. On second thought, I think I will try again. Thank you! And how thoughtless of me, hello to you also, EAFiedler.


----------



## ~Candy~ (Jan 27, 2001)

Is there a boot order? Anything that shows a 3 1/2 inch floppy drive? Sometimes it can be worded differently.

The only way to take a screen shot in that mode would be to take a picture.

If you can give us the main categories ontop, perhaps we can try to figure it out.


----------



## EAFiedler (Apr 25, 2000)

You would most likely need to use a camera.

The screen shots I posted are from a Virtual Machine (a system within a system).


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Is there a boot order? Anything that shows a 3 1/2 inch floppy drive? Sometimes it can be worded differently.
> 
> The only way to take a screen shot in that mode would be to take a picture.
> 
> If you can give us the main categories ontop, perhaps we can try to figure it out.


Thank you AcaCandy. I have a digital camera, I could try that if I can't find the advanced tab. What do you think is best for me to help you more quickly?


----------



## NWDaydreamer (Oct 29, 2003)

I went ahead and took the pictures.

This is the screen in order. The second is a little fuzzy. I can retake it if you can't make it out.


----------



## NWDaydreamer (Oct 29, 2003)

*I received a reply from MySpace. It says:*

Hello,

Thank you for contacting MySpace Customer Support regarding this issue. After researching the issue further we were able to confirm that it is working properly for us on our end, therefore, this issue cannot be supported any further by us. We suggest checking the settings on your computer, referring to your user manual, or contacting a technical support specialist who may be able to assist you further.

If you think you have obtained a virus, adware, malware of spyware, we offer free downloadable software in our Downloads section of the site. To go to the MySpace download site, click on the More button located in the MySpace navigation toolbar, or simply click here. If the webpage does not load, copy and paste the following URL into your web browser: http://www.myspace.com/index.cfm?fuseaction=downloads

Thank you, 
MySpace.com

*The link took me to the downloads. Which had a spyware link to antivirus programs.*

http://www.myspace.com/index.cfm?fuseaction=downloads&cat=spywarecenter


----------



## Cookiegal (Aug 27, 2003)

Can You reiterate what the problem was with MySpace please?


----------



## NWDaydreamer (Oct 29, 2003)

Thank you for the reply Cookiegal,

I had told you earlier, that when I went to MySpace, it tried to load the same virus (antispyware). I contacted them but did not hear back. You gave me a link as to the vulnerability on MySpace. So, I contacted them again and gave them the link. That is when they responded with the above e-mail. I have not had the pop-up since the last one trying to download it. I was just giving you their response to my initial contact with them. You had asked if I had heard from them.


----------



## Cookiegal (Aug 27, 2003)

OK so you said that's not happening anymore with MySpace.

So the only problem remaining is having to press F1 to boot?


----------



## NWDaydreamer (Oct 29, 2003)

Yes I'm waiting for a reply.


----------



## ~Candy~ (Jan 27, 2001)

Is the F1 problem still happening?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Is the F1 problem still happening?


Thank you. Yes the F1 problem is still happening. I could not figure out how to access the BIOS set up, The pictures show where I am when I try. I don't know where to go from there.
~


----------



## ~Candy~ (Jan 27, 2001)

When you hit F1, doesn't that take you into the bios?  If so, you should be able to hit, maybe F10, you'll be prompted to save changes, say yes, then allow the computer to restart.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> When you hit F1, doesn't that take you into the bios?  If so, you should be able to hit, maybe F10, you'll be prompted to save changes, say yes, then allow the computer to restart.


No, when I shut down, I _sometimes_ get a message box that says "MCCWSAWindows"
This program is not responding. When it shuts down and restarts it goes to the black screen:
Phoenix - AwardBIOS. At the bottom it gives me two choices:
Press 1 to continue
DEL to enter set up.

When I press F10, nothing happens..

When I hit Press 1 it goes to the Windows start up screen.

When I hit delete it goes to this part of the screen:


----------



## ~Candy~ (Jan 27, 2001)

Ok, perfect. Hit F10, save and exit.


----------



## ~Candy~ (Jan 27, 2001)

http://sg.answers.yahoo.com/question/index?qid=20070520115704AAIJTIu

Does this apply?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Ok, perfect. Hit F10, save and exit.


*When I get to this screen, I hit F10 and exit, it then reboots. I restarted and the problem is still there.*












AcaCandy said:


> http://sg.answers.yahoo.com/question/index?qid=20070520115704AAIJTIu
> 
> Does this apply?


I don't know what Webroot Window Washer is so I don't know if or when it was installed. If so it was not by me. If there it has not been removed to my knowledge. I did a complete search of my files and folders and found nothing like that.


----------



## ~Candy~ (Jan 27, 2001)

Try to load optimized defaults.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Try to load optimized defaults.


Thank you AcaCandy,

I tried that, but it didn't work.


----------



## EAFiedler (Apr 25, 2000)

Have you gone into the Boot Sequence section?
Advanced Bios Features > Boot Sequence

What are the options there?


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> Have you gone into the Boot Sequence section?
> Advanced Bios Features > Boot Sequence
> 
> What are the options there?


----------



## EAFiedler (Apr 25, 2000)

Beside *Boot Sequence*, it says *[Press Enter]* did you do that?

You may need to arrow over to *[Press Enter]* so that it becomes highlighted.


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> Beside *Boot Sequence*, it says *[Press Enter]* did you do that?
> 
> You may need to arrow over to *[Press Enter]* so that it becomes highlighted.


When I arrow over and Press Enter, it goes here. Then what do I do?


----------



## EAFiedler (Apr 25, 2000)

Click the plus + and minus - keys to toggle through the options.

Clicking the plus sign once should change *[Floppy]* to *[Hard Disk]* or *[CDRom]*
Clicking the plus sign again will continue to advance through the list of options until you reach *[Floppy]*, at this point you will have cycled through the list and started over.
The plus key will step you forward, the minus key will step you back in your list of options.
When you have changed the 1st Boot Device, arrow down to the 2nd Boot Device and change it then repeat for the 3rd Boot Device.

Since your floppy is not working, I would place it as the third boot device.

When you are done, your list will look like this:

1st Boot Device...*[CDRom]*
2nd Boot Device...*[Hard Disk]*
3rd Boot Device...*[Floppy]*


----------



## NWDaydreamer (Oct 29, 2003)

Okay, I did what you said, saved it and still had to press F1 to get Windows to load. I restarted again to make sure that it saved the setting and it did. But I still had to press F1 to load Windows after restarting.


----------



## EAFiedler (Apr 25, 2000)

See if changing the 3rd Boot Device from *[Floppy]* to none, makes a difference.
Do you have an option for No devices?

Also, check out the other options in the Bios to see if you can locate the section that would allow you to Disable the *[Floppy]*


----------



## NWDaydreamer (Oct 29, 2003)

Thanks, I will try that.


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> See if changing the 3rd Boot Device from *[Floppy]* to none, makes a difference.
> Do you have an option for No devices?












*I did that, It made no difference.*



EAFiedler said:


> Also, check out the other options in the Bios to see if you can locate the section that would allow you to Disable the *[Floppy]*












*I got here then checked around. I know there is an option, when my daughter was here to help me, I saw it. I can't find it and have no clue where to look.*


----------



## EAFiedler (Apr 25, 2000)

The Floppy has now been disabled?

Are you showing a previous picture of the Bios?
As it looks like the Boot order has not changed.

Does the Boot Sequence look like this, now?


1st Boot Device...*[CDRom]*
2nd Boot Device...*[Hard Disk]*
3rd Boot Device...*[None]*


----------



## EAFiedler (Apr 25, 2000)

Are the two images attached in your last post, out of order?

The first image looks like you located the option to disable the Floppy, and the second image is where you would change the boot order.


----------



## EAFiedler (Apr 25, 2000)

Hi *NWDaydreamer*

Just checking in, are you still required to hit the F1 key to load Windows?

How old is the computer? If it is several years old, it may need the motherboard battery replaced.


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> See if changing the 3rd Boot Device from *[Floppy]* to none, makes a difference.
> Do you have an option for No devices?
> 
> Also, check out the other options in the Bios to see if you can locate the section that would allow you to Disable the *[Floppy]*


In the first picture I showed you that I was answering this question, I was showing you that I changed the floppy to none gut it shows it as the third boot order in the newest picture. I thought that would disable it. Yes they were out of order but I was trying to answer each of your questions I had quoted. Sorry about that.



EAFiedler said:


> Are the two images attached in your last post, out of order?
> 
> The first image looks like you located the option to disable the Floppy, and the second image is where you would change the boot order.


 Also I forgot to upload the picture to show that yes I changed the boot order. Here is the picture.












EAFiedler said:


> Hi *NWDaydreamer*
> 
> Just checking in, are you still required to hit the F1 key to load Windows?
> 
> How old is the computer? If it is several years old, it may need the motherboard battery replaced.


 I still have to press F1. The computer is maybe 3 1/2 years old I think. My husband replaced the motherboard about 5 months ago.


----------



## ~Candy~ (Jan 27, 2001)

When you scroll down on the 3rd boot device, do you have an option for NONE, or DISABLED? I think if that isn't an option, you can make it hard drive as well. So, it would be cdrom, hard disk, hard disk.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> When you scroll down on the 3rd boot device, do you have an option for NONE, or DISABLED? I think if that isn't an option, you can make it hard drive as well. So, it would be cdrom, hard disk, hard disk.


There is no option for NONE or DISABLED, I changed it. So it now says, cdrom, hard disk, hard disk. I still have to press F1 when I restart. in order for Windows to load.


----------



## ~Candy~ (Jan 27, 2001)

Can you try all hard disk entries?


----------



## ~Candy~ (Jan 27, 2001)

Also, boot from other device should be disabled.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Can you try all hard disk entries?


Can you explain what you mean by try all hard disk entries? Try what?



AcaCandy said:


> Also, boot from other device should be disabled.


I will try to do that now. Thank you for helping me.

I was able to disable "boot from other devices". I still had to press F1 to load Windows. I still need to know what you mean by "Can you try all hard disk entries?"


----------



## EAFiedler (Apr 25, 2000)

NWDaydreamer said:


> Can you explain what you mean by try all hard disk entries? Try what?
> 
> I was able to disable "boot from other devices". I still had to press F1 to load Windows. I still need to know what you mean by "Can you try all hard disk entries?"


The Boot Sequence would look like this, using or trying all Hard disk entries:


1st Boot Device...*[Hard Disk]*
2nd Boot Device...*[Hard Disk]*
3rd Boot Device...*[Hard Disk]*


----------



## NWDaydreamer (Oct 29, 2003)

I just changed it to: 

1st Boot Device...*[Hard Disk]*
2nd Boot Device...*[Hard Disk]*
3rd Boot Device...*[Hard Disk]*

I saved the settings, yet still have to press F1 to get Windows to load


----------



## ~Candy~ (Jan 27, 2001)

Unfortunately, I don't know what else to try 

I'm assuming that when you go back into the bios, the changes you've made are staying put?


----------



## NWDaydreamer (Oct 29, 2003)

Yes they are.


----------



## EAFiedler (Apr 25, 2000)

If it were me... 
I would open the case, remove or disconnect the floppy drive, and replace the battery. Just to cover everything. 

Actually, I would probably go out and buy a new floppy drive, but that's just me.


----------



## ~Candy~ (Jan 27, 2001)

Does anyone even use a floppy anymore?


----------



## EAFiedler (Apr 25, 2000)




----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> If it were me...
> I would open the case, remove or disconnect the floppy drive, and replace the battery. Just to cover everything.
> 
> Actually, I would probably go out and buy a new floppy drive, but that's just me.


We did disconnect it. But would that solve the boot problem, replacing the battery or buying a new one I mean? It was making a whining noise, that was why we disconnected it.



AcaCandy said:


> Does anyone even use a floppy anymore?


Wellllll... actually we added it to this CPU. Yes I do.


----------



## EAFiedler (Apr 25, 2000)

NWDaydreamer said:


> We did disconnect it. But would that solve the boot problem, replacing the battery or buying a new one I mean? It was making a whining noise, that was why we disconnected it.


Sorry, I missed the "already disconnected" part.
Is that when the F1 issue started?

If you reconnect the floppy drive and the F1 issue goes away, then I would disregard replacing the battery.


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> Sorry, I missed the "already disconnected" part.
> Is that when the F1 issue started?
> 
> If you reconnect the floppy drive and the F1 issue goes away, then I would disregard replacing the battery.


No, the issue started after I removed the virus.


----------



## EAFiedler (Apr 25, 2000)

If you open Device Manager, do you see any Exclamation marks, X-outs or Yellow warning symbols?

Right click My Computer:
Properties > Hardware tab > Device Manager button


----------



## ~Candy~ (Jan 27, 2001)

In the bios setup again, is there a setting to HALT ON ERROR?

If so, set the indicator of Halt in the Standards CMOS Features to "NO ERRORS."


----------



## EAFiedler (Apr 25, 2000)

Thought you were out of ideas. 

I don't have the option: *Hard disk boot priority* what does that cover?

I am also curious what this does:
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe


----------



## ~Candy~ (Jan 27, 2001)

I was  I had a vision 

The raid tool would be too late, wouldn't load until the desktop, so that shouldn't be an issue.


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> If you open Device Manager, do you see any Exclamation marks, X-outs or Yellow warning symbols?
> 
> Right click My Computer:
> Properties > Hardware tab > Device Manager button


Yes, under Universal Serial Bus controllers, there is a yellow circle with and exclamation by the *USB Mass Storage Device*.


----------



## ~Candy~ (Jan 27, 2001)

Do you have an external drive attached?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Do you have an external drive attached?


That's the Hard Drive right? No I don't. There is a D and C drive. My old computer burnt up so my husband put the HD from it into the new one.


----------



## ~Candy~ (Jan 27, 2001)

NWDaydreamer said:


> Yes, under Universal Serial Bus controllers, there is a yellow circle with and exclamation by the *USB Mass Storage Device*.


Then for now, go ahead and delete that. We'll see if Windows tries to put it back.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Then for now, go ahead and delete that. We'll see if Windows tries to put it back.


Ok, I deleted the *USB Mass Storage Device*. I was instructed to restart my computer in order for it to remove it. I restarted and when Windows loaded, a Windows box with a big red X came up on my desktop. *LVLnchr.exe*
It said:

_There is no disk in the drive. Please insert a disk into \Device\Harddisk3\DR5._

I looked under under Universal Serial Bus controllers, there was still a yellow circle with and exclamation by the *USB Mass Storage Device*.

I restarted again and the message didn't appear this time. I went back to the Universal Serial Bus controllers, and the *USB Mass Storage Device* was there but the exclaimation warning was gone. I still had to press F1 to boot to Windows.


----------



## ~Candy~ (Jan 27, 2001)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Take that out of your startups via start, msconfig, startup tab.

Also, post the contents of the boot.ini file. Do start, search, then look for boot.ini --- I have another vision


----------



## ~Candy~ (Jan 27, 2001)

Do you have an SD slot, or slots, or any other chip type slots?


----------



## ~Candy~ (Jan 27, 2001)

Here's an easier way to locate the boot.ini, just in case it's hidden:

Start, run, type sysdm.cpl, then click ok.
On the advanced tab, click Settings under Startup and Recovery.
Under System Startup, click Edit.

You should be able to copy the contents, and come back and paste them here.


----------



## ~Candy~ (Jan 27, 2001)

AcaCandy said:


> In the bios setup again, is there a setting to HALT ON ERROR?
> 
> If so, set the indicator of Halt in the Standards CMOS Features to "NO ERRORS."


Did you look for this?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Do you have an SD slot, or slots, or any other chip type slots?


What is an SD slot or other chip type slots?




AcaCandy said:


> Here's an easier way to locate the boot.ini, just in case it's hidden:
> 
> Start, run, type sysdm.cpl, then click ok.
> On the advanced tab, click Settings under Startup and Recovery.
> ...


[boot loader]
timeout=0
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons



AcaCandy said:


> Did you look for this?


Yes, I didn't see a setting that said "HALT ON ERROR"


----------



## ~Candy~ (Jan 27, 2001)

SD slot, for camera chips, mp3 player chips, etc. If you don't know what they are, you probably don't have one.

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

I'm curious about that entry. I'll have to reboot into my XP system, as I know I have recovery console on the startup boot, but, I don't recall what directory it points to.

Can you verify that that directory exists?


----------



## ~Candy~ (Jan 27, 2001)

http://support.microsoft.com/kb/216417

Nevermind, I see that it is correct 

Now, I'm really out of ideas


----------



## EAFiedler (Apr 25, 2000)

I don't have the option: *Hard disk boot priority* what does that cover?

I still don't know what that covers. 

*NWDaydreamer* what options does the *Hard disk boot priority* show?

In device manager, does the floppy disk drive still exist?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> SD slot, for camera chips, mp3 player chips, etc. If you don't know what they are, you probably don't have one.


Ok, yes I believe I do. In the front of the CPU?

SmartMedia/xD MCC/SD USB 2.0
CompacFlash/1/11 MS/MS PRO

Then to the right are a slot for my camera cord, headphones, etc. Is that what you were asking?



AcaCandy said:


> C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
> 
> I'm curious about that entry. I'll have to reboot into my XP system, as I know I have recovery console on the startup boot, but, I don't recall what directory it points to.
> 
> Can you verify that that directory exists?


How do I verify that it exists?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
> 
> Take that out of your startups via start, msconfig, startup tab.


LOLOL!! Gotta laugh here... sorry I'm missing things, I think.
How do I do that? Or did I already?


----------



## Cookiegal (Aug 27, 2003)

FYI:

This line is added by ComboFix when installing the RC so it's legit:

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> I don't have the option: *Hard disk boot priority* what does that cover?
> 
> I still don't know what that covers.
> 
> ...





















*In device manager, yes the floppy drive does still exist.*


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> FYI:
> 
> This line is added by ComboFix when installing the RC so it's legit:
> 
> C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons


Thanks Cookiegal.


----------



## EAFiedler (Apr 25, 2000)

I can read number: 
2. Bootable Add-in Cards

Number one is unfamiliar so I don't know what I am looking at. 

Will those options change if you hit the plus + key?


----------



## EAFiedler (Apr 25, 2000)

Candy, you are the hardware person.











Would it make a difference if *NWDaydreamer* disables the floppy disk drive and controller and then Scans for hardware changes in Device Manager?


----------



## ~Candy~ (Jan 27, 2001)

Cookiegal said:


> FYI:
> 
> This line is added by ComboFix when installing the RC so it's legit:
> 
> C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons


Thanks Karen. It's on my XP system too, but, I installed it manually so I would have that option on boot up  I have to run out for a while, my TV died last night  big time, and we all know what that means when you have a person who can't sleep without the remote control in his hand 

I shall return with a nice new 32" LCD


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> I can read number:
> 2. Bootable Add-in Cards
> 
> Number one is unfamiliar so I don't know what I am looking at.
> ...


The First picture is where you click to get to the second.

The second picture reads:

1. Ch0 M. :ST3 160021A 
You can highlight them hitting + or - but even saving it, hitting F10 didn't
change anything,


----------



## ~Candy~ (Jan 27, 2001)

EAFiedler said:


> Candy, you are the hardware person.
> 
> 
> 
> ...


Worth a try, but, again, that is well after F1 prompt.


----------



## ~Candy~ (Jan 27, 2001)

On that bootable add-in card entry --- is it possible to set that to NONE or DISABLED?


----------



## ~Candy~ (Jan 27, 2001)

ST3 160021A ---- FYI, this is the Seagate main hard drive. So that is all we REALLY want the boot up to be looking for.


----------



## NWDaydreamer (Oct 29, 2003)

I'm not sure what you need me to do next?


----------



## ~Candy~ (Jan 27, 2001)

Is there some way you can disable the bootable add in card option there?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Is there some way you can disable the bootable add in card option there?


Is that what I answered in post # 176. If so, no I cannot change it. Is there somewhere else that I'm not seeing to disable it?


----------



## ~Candy~ (Jan 27, 2001)

At this point, I'm not sure  It's very frustrating indeed and I have no more "less than intelligent" ideas to suggest


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> ST3 160021A ---- FYI, this is the Seagate main hard drive. So that is all we REALLY want the boot up to be looking for.


I wanted to back up to this post. I overlooked it or something. How would I manage for the boot up to look for ST3 160021A, and what does it mean?


----------



## ~Candy~ (Jan 27, 2001)

Well, it appeared that there were two choices in that screen shot that you posted, but, I thought you couldn't remove the external boot device, or whatever the other option was there, I forget now.....and just make it the hard drive.....I think we already covered that being the first boot device in the bios right?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Well, it appeared that there were two choices in that screen shot that you posted, but, I thought you couldn't remove the external boot device, or whatever the other option was there, I forget now.....and just make it the hard drive.....I think we already covered that being the first boot device in the bios right?


Yes you are right. I could not change it. Sorry. Thanks for trying to help me. I appreciate it.


----------



## ~Candy~ (Jan 27, 2001)

You're welcome. This is probably bugging me more than you


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> You're welcome. This is probably bugging me more than you


I think you may be right. Actually I was thinking. "I can press F1 a lot of times and not do this much work. So is it time to give up and say 'uncle' on this one?


I still have issues I need to address but I think Cookiegal would have to help me on those.

 <------ at the issues, not Cookiegal.


----------



## ~Candy~ (Jan 27, 2001)

What are the other issues remaining?


----------



## NWDaydreamer (Oct 29, 2003)

I put the other issues off when I started concentrating on the F1 issue.

So I will start with this. Cookiegal had told me to download a hot fix which I did but waited to use it. until night before last, I think. I tried to install the Hotfix, I don't think it worked because I had forgot that the e-mail said something about the password expiring. I had forgotten that I need to back up my files first.I will get back to that. Because these other things were happening after the virus removal. I still have not downloaded the Microsft update service pack that it keeps pestering me to do.


When I open SpywareBlaster a gray Windows box comes up that says: Please wait while Micrsoft configures Microsoft XP Professional with Frontpage. Then a Windows gray box comes up that says:

The feature you are trying to use is on a CD- ROM or other removable disk that is not available. Insert the "Microsoft XP Office Professional with Frontpage' disk and click OK.

When I click OK a box comes up with a yellow warning triangle comes up that says "The path "Microsoft XP Office Professional with Frontpage' cannot be found. Verify that you have access to this location and try again.Or try to find the installation package 'PROPLUS.MSI in a folder from which you can install the product Microsoft XP Office Professional with Frontpage. When I click OK it freezes up. When I click cancel I get an error box w/ warning sign that says:

Error 1706 Setup cannot find the required files. Check your connection to the network, or CD - ROM drive. For other potential solutions to this problem see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HELP When I clike OK it tries to lad again, if I click it fast a couple of times, it will close and open Spyware Blaster.

When I Open another program called e-Sword it does the same as above but I have to click it several times fast because it tries to load Microsoft XP Office Professional with Frontpage over and over. Then does as above on Spybot.

My Desktop Icons loaded slowly a couple of times so I wanted to post another HiJack This log,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:37 AM, on 9/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.villagephotos.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207382774359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8748 bytes


----------



## ~Candy~ (Jan 27, 2001)

For the MS Front page message, you'll need your Office installation CD.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> For the MS Front page message, you'll need your Office installation CD.


I have it. So I need to reinstall it? Also do I need to uninstall it first?


----------



## ~Candy~ (Jan 27, 2001)

http://support.microsoft.com/kb/297834

See if that helps any. I had that error message once, a long time ago, can't remember what I did to fix it. Knowing me, I probably formatted the hard drive and started over


----------



## NWDaydreamer (Oct 29, 2003)

Thank you. I uninstalled and reinstalled it. Also my CD player will not play a CD.


----------



## ~Candy~ (Jan 27, 2001)

Does it play anything? Will it read anything? Will the operating system disk boot from it?


----------



## NWDaydreamer (Oct 29, 2003)

Yes I put a CD in that has pictures and it showed them but not automatically. Also now I remember right after this happened I was not able to watch a movie that I had rented. I though that it was something wrong with the program that plays movies. I rarely watch movies so had forgot about that until you just asked me. Could I have lost files when I used a tool to remove the virus?


----------



## Cookiegal (Aug 27, 2003)

I have to catch up with this thread to see where we stand.

In the meantime, CDs will play, you just have to start them manually as ComboFix disables autoruns. This was explained before downloading ComboFix. It can be changed back but it's a security risk.


----------



## NWDaydreamer (Oct 29, 2003)

Thank you Cookiegal. I forgot that. It worked!


----------



## ~Candy~ (Jan 27, 2001)

One more stab at the F1 message 

In the bios, is there an option to "seek floppy" ?


----------



## Cookiegal (Aug 27, 2003)

You're welcome.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> One more stab at the F1 message
> 
> In the bios, is there an option to "seek floppy" ?




Not a quitter? lol Sorry I know the feeling.

I don't know, do you have an idea where I can find that option?


----------



## ~Candy~ (Jan 27, 2001)

Just look back through all the various bios screens  Your bios is different than mine. THAT would have been WAY too easy


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Just look back through all the various bios screens  Your bios is different than mine. THAT would have been WAY too easy


Of course, I should have know that! 

I'll go check now.


----------



## NWDaydreamer (Oct 29, 2003)

Okay, I looked through all my bios screens and there was no option to "seek floppy"


----------



## ~Candy~ (Jan 27, 2001)

Ok,  there has to be something we haven't looked at....but, dang if I can figure it out.


----------



## Cookiegal (Aug 27, 2003)

Do you get a message before the F1 prompt such as "Secondary drive 0 not found" (not necessarily a "0". Press F1 to Boot and F2 to Setup Utility?


----------



## Cookiegal (Aug 27, 2003)

For the others who are helping here:

I think it may have something to do with this line in the boot.ini:

multi(0)disk(0)rdisk(0)*partition(2)*\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Is there another partition? It could be a recovery partition perhaps.

Does this thread shed any light?:

http://www.experts-exchange.com/Software/System_Utilities/Partition_Tools/Q_22664839.html

or this one?

http://www.bleepingcomputer.com/forums/topic88216.html


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> Do you get a message before the F1 prompt such as "Secondary drive 0 not found" (not necessarily a "0". Press F1 to Boot and F2 to Setup Utility?


Cookiegal I posted that somewhere, I'll go back and get what it says and post it here. Does my *HijackThis* log look okay? Or, am I getting ahead of myself here?


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> Do you get a message before the F1 prompt such as "Secondary drive 0 not found" (not necessarily a "0". Press F1 to Boot and F2 to Setup Utility?


*I found it. No it does not say that, below is what it does say:*

Phoenix- AwardBIOS v6. 00PG, An Energy star Ally

MSI K8MM (and a string of letters)
Main Processor AMD Athalon (tm0 64 processor 3300+
Memory Testing 9830 40K OK

IDE Channel 0 Master: ST3160021A 8.11
IDE Channel 0 slave :NONE
IDE Channel 1 Master : Memorex 16XDDL IN 1.A3

*At bottom of the first black screen that shows on startup (among the standard stuff) says,* Floppy disk(s) fail (40).

*At the bottom it says:*

Press F1 to continue
DEL to enter SETUP

When I hit delete, it takes me to a blue screen that saysPhoenix- AwardBIOS CMOS Setup Utility


----------



## Cookiegal (Aug 27, 2003)

Yes the HijackThis log looks fine.

Let's see if Candy or Elizabeth have any comments about the links I posted.


----------



## Cookiegal (Aug 27, 2003)

Do you actually have a floppy drive? Did you disable it?


----------



## Cookiegal (Aug 27, 2003)

Also, lets check the Event Viewer again for any recent errors:

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## ~Candy~ (Jan 27, 2001)

Cookiegal said:


> For the others who are helping here:
> 
> I think it may have something to do with this line in the boot.ini:
> 
> ...


I don't think that should matter Karen, as I have Windows installed on partition 2, 3 and 4 sometimes 

The F1 option would pop into play well before the operating system choices.


----------



## ~Candy~ (Jan 27, 2001)

Experts Exchange won't let me log in  I was just there a couple of days ago


----------



## ~Candy~ (Jan 27, 2001)

Ok, question.

Has this ALWAYS happened? Or did it start after some event that you participated in? Like replacing a hard drive, cdrom, etc.? I'm cooking dinner, so it may be awhile before I can reply again, unless the fire dept. has to be called


----------



## Cookiegal (Aug 27, 2003)

It seems to have happend around the time OTScanIt was run but I've checked back and we didn't remove much and certainly nothing that would cause something like this.


----------



## Cookiegal (Aug 27, 2003)

Was the floppy drive disabled Candy?


----------



## EAFiedler (Apr 25, 2000)

Cookiegal said:


> Was the floppy drive disabled Candy?


*NWDaydreamer* said they disconnected the floppy because it started making noise.

Though I am unclear if it was just the power that was disconnected or if both the power and the controller were disconnected.


----------



## ~Candy~ (Jan 27, 2001)

If it has no power, it shouldn't be an issue. If it has no controller connected to it, and does have power, it shouldn't be an issue.

The only issue would be if the bios is looking for it. And I think we killed everything possible in the bios setup


----------



## ~Candy~ (Jan 27, 2001)

As a side thought, I don't even think Format C: would fix it


----------



## ~Candy~ (Jan 27, 2001)

Cookiegal said:


> It seems to have happend around the time OTScanIt was run but I've checked back and we didn't remove much and certainly nothing that would cause something like this.


That's interesting. I sure would like to hear confirmation on that :up:


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> *NWDaydreamer* said they disconnected the floppy because it started making noise.
> 
> Though I am unclear if it was just the power that was disconnected or if both the power and the controller were disconnected.


Just the power to the floppy was disconnected. How would you go about disconnecting the controller?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> That's interesting. I sure would like to hear confirmation on that :up:


Are you asking for confirmation that it happened around the time OTScanIt was run? If so, yes it was but I will go back to those posts again and see if anything reminds me of some other even around that time.


----------



## ~Candy~ (Jan 27, 2001)

NWDaydreamer said:


> Just the power to the floppy was disconnected. How would you go about disconnecting the controler?


Unplug the gray cable leading to the floppy, you can also remove it from the motherboard too, if you aren't going to be using it again. Loose cables restrict airflow inside.


----------



## ~Candy~ (Jan 27, 2001)

NWDaydreamer said:


> Are you asking for confirmation that it happened around the time OTScanIt was run? If so, yes it was but I will go back to those posts again and see if anything reminds me of some other even around that time.


:up: Yes, that would help me think of something else, maybe


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> Also, lets check the Event Viewer again for any recent errors:
> 
> Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under both "Application" and "System" for recent (the last 48 hours or so) errors (shown in red) and if found, do this for each one.
> 
> Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


It was too long so I have attached the Event Log in Notepad.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> :up: Yes, that would help me think of something else, maybe


Isn't this supposed to be a drag to do and no fun?

*snicker*

You are cracking me up. Are we in trouble now?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> :up: Yes, that would help me think of something else, maybe


Ok, I went back and no, there was nothing else that changed or happened at that time but....

*In post # 83 *



crjdriver said:


> Just took a look at this one. Usually the F1/setup means that the bios found hardware or changes that it did not expect. Are you getting a checksum error as well?
> 
> Sometimes you simply have to enter the bios and save [not making any changes at all] and that fixes it. *If not, again enter the bios and load defaults; save settings and restart. Each bios is a little different. After loading defaults, you may have to reset the time/date. Sometimes yes and sometimes no.*
> Note please read your manual and become familiar with your bios settings before doing the above task.


I don't remember trying to load the defaults. Is it worth a try at this point?


----------



## ~Candy~ (Jan 27, 2001)

I thought we tried defaults. Also, I thought we had you just pop in and out, saving changes, even though you hadn't made any changes.

You replaced the cmos battery on the motherboard, right?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> I thought we tried defaults. Also, I thought we had you just pop in and out, saving changes, even though you hadn't made any changes.
> You replaced the cmos battery on the motherboard, right?


I don't remember trying to save the defaults. I did pop in and out, not making changes.

I had posted, at least I thought I had, that I did not change the battery on the motherboard because it was new.


----------



## ~Candy~ (Jan 27, 2001)

I think I would go this order. 

Try defaults.

Then change battery.

Even though they are "new" --- who knows how long they've been sitting on the shelf....or in the sun.


----------



## NWDaydreamer (Oct 29, 2003)

Ok I'll do that. What information do I need to have, to get the right battery if the defaults thing doesn't work?


----------



## ~Candy~ (Jan 27, 2001)

The batteries are all the same, it's going to be a CR-2032....available at Walmart for $3 or so.

http://www.compumusic.com/p478685.htm


----------



## EAFiedler (Apr 25, 2000)

Yay! The case will be opened. 







And we'll find the floppy drive has been reconnected.


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> Yay! The case will be opened.
> 
> And we'll find the floppy drive has been reconnected.


*BZZZT!* Wrong answer.



Are you all ready? 

Ok, time to break out in a little dance and promise not to shoot me. DH went to get the battery. He came back and said they didn't have any. I had already went into BIOS but saved nothing and same problem. I got busy with other things and was getting ready to shut the computer down. I said to myself, "hey self", why not give it one more try before you go to bed? Sort of like AcaCandy does.... 

So, I shut it down and when it came up on restart. I was thinking, I know there is something I am missing. I was in there somewhere before, but how? So instead of going into Advanced BIOS, I went in to Standard CMOS and back to here.










It was showing that it was checked in 1.44M, 3.5 in. So I moved it back to none, and saved it. It loaded right up, but I restarted again to make sure and IT WORKED!!!!



I'm going to bed now....


----------



## Cookiegal (Aug 27, 2003)

I thought that was done before. In any event, it worked! Yay! :up:

And thanks to Candy and Elizabeth for all your hard work on this. :up:

After all this, would you please post a final HijackThis log so I can see if everything still looks fine there.


----------



## ~Candy~ (Jan 27, 2001)

Yeah, I KNOW we tried that before I think I even asked if the changes were holding  

Anyway, mark this marathon puppy solved!!!!!!!!!!!!!

YAY!!!!!!!!!!!!!!!!!!!!!


----------



## ~Candy~ (Jan 27, 2001)

I hope you two girls checked to see how long we've been working on this thread, OVER 30 days  

NWDaydreamer, that's an inside joke  No worries about it


----------



## Cookiegal (Aug 27, 2003)

Yeah but Candy the deal is 30 days of inactivity (NO replies), not working for 30 days.


----------



## Cookiegal (Aug 27, 2003)

We should also change the title and archive this puppy.


----------



## ~Candy~ (Jan 27, 2001)

NWDaydreamer said:


> *I did that, It made no difference.*
> 
> 
> 
> ...


Here's where we hit that option, but, somewhere along the line, maybe you didn't save on exit, or you tried loading default settings, which would have put it back.


----------



## NWDaydreamer (Oct 29, 2003)

I'm glad your not a quitter AcaCandy and EAFiedler, thanks so much for helping Cookiegal to help me.

:up:

There are still a few things before I post a new HijackThis log, but I think I know what I need to do but wanted to check with all of you first. Or if you would rather, I start a new thread?

 

*Ad-Aware* will not update should I un-install and re-install?

When I open *SpybotSD*.exe I get an error, a gray box with a red circle with an X in it. It says:
This application has failed to start because sqlite3.dll was not found. Reinstalling the application may fix this problem. Can I un-install and re-install it?

The *Hot Fix* HOTFIX113859_ENU_i386_zip.exe

Did Hot Fix install and can I toss it in the Recycle Bin, from my desktop where it was saved?

Also, 
My *AVG.* When it tries to scan for viruses it freezes up and I have to restart the computer. That has been going on for several days. It seems to make my Mailwasher act strange and failed a couple of times. I also though I would remove and reinstall AVG?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Here's where we hit that option, but, somewhere along the line, maybe you didn't save on exit, or you tried loading default settings, which would have put it back.


Right and I'm not sure which happened. I'm thinking the former since I still had to press F1 after I thought I had saved it.


----------



## ~Candy~ (Jan 27, 2001)

I would uninstall the problem apps and reinstall.

As to the hotfix, check your add/remove programs to see if it's listed there. Then you can dump it.


----------



## Cookiegal (Aug 27, 2003)

Didn't you say the hotfix had expired or something along those lines? I don't think you ever installed it. If not, you may have to request another one.

Your programs, Ad-Aware, Spybot may have been damaged by the malware. Please do uninstall them via the Control Panel and then reinstall them.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy, no it was not in my add/remove program.



Cookiegal said:


> Didn't you say the hotfix had expired or something along those lines? I don't think you ever installed it. If not, you may have to request another one.
> 
> Your programs, Ad-Aware, Spybot may have been damaged by the malware. Please do uninstall them via the Control Panel and then reinstall them.


Yes it did expire, I will request another one. I un-installed Ad-Aware and SpybotSD and re-installed them.

I will do the same with AVG. Then go back and get the hotfix and install it.


----------



## NWDaydreamer (Oct 29, 2003)

Oh, I almost forgot *Cookiegal*. 
I am supposed to do a back-up before I install the hot fix aren't I? If so, how do I do that?


----------



## ~Candy~ (Jan 27, 2001)

Just create a system restore point.

http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx

Create Restore Points Manually
Only application installations that use a System Restore restorept.api-compliant installer will trigger the creation of a restore point. So it's a good idea to create a restore point manually before you install an application that you suspect won't have one a restorept.api-compliant installer. For example, before installing a screensaver you've downloaded from the Internet or a beta program from a software vendor, you should manually create a restore point. For more information, see the TechNet article, Windows XP System Restore.

To manually create a restore point:

1.
Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.

2.
On the Welcome page, click Create a restore point.

3.
On the Create a Restore Point page, enter a descriptive name for your restore point, as shown in Figure 3, and then click Create.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Just create a system restore point.


Ok, I downloaded* AVG* It changed my browser settings. MY IE froze up a couple of times and was slow. Spybot said it changed some registry keys.


I created a *system restore* manually.

I went back and got a new *hotfix*. Installed the hotfix and unzipped the file. I looked in my Add/Remove Program, but can't find it there. I don't know the name of it and I don't see one that was added today, or are the date showing in the Add/Remove when the files were created?

I ran *HijackThis* again, here is the log::

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:49 PM, on 9/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.download.com
O15 - Trusted Zone: www.villagephotos.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207382774359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9838 bytes


----------



## ~Candy~ (Jan 27, 2001)

When you install programs, do you do the default install? If so, you shouldn't. Many times that is how web browsers get changed, add in get added, like toolbars, etc.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> When you install programs, do you do the default install? If so, you shouldn't. Many times that is how web browsers get changed, add in get added, like toolbars, etc.


Yes I did. If I uninstall AVG then re-install would it go away? Or can I remove the settings?


----------



## ~Candy~ (Jan 27, 2001)

Sometimes tool bars, etc. don't uninstall nicely.

Go to add/remove programs and see if there is anything you didn't mean to install.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy, no there is nothing new there.


----------



## ~Candy~ (Jan 27, 2001)

Tell us what changed on the browser then. I know AVG puts itself there, that in itself is no biggie.


----------



## NWDaydreamer (Oct 29, 2003)

It also put a Yahoo search in there.


----------



## ~Candy~ (Jan 27, 2001)

Yahoo toolbar should have an uninstall?

If not, right click on a blank area in the toolbar area, and uncheck yahoo toolbar.


----------



## EAFiedler (Apr 25, 2000)

NWDaydreamer said:


> DH went to get the battery.


Does DH stand for Darling Husband? 



> It was showing that it was checked in 1.44M, 3.5 in. So I moved it back to none, and saved it. It loaded right up, but I restarted again to make sure and IT WORKED!!!!


Woohoo!

EAFiedler, scribbles furiously...."Must ask for action to be repeated that has a negative answer." 

Google/Yahoo toolbars = Hitchhikers.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Yahoo toolbar should have an uninstall?
> 
> If not, right click on a blank area in the toolbar area, and uncheck yahoo toolbar.


It's not a toolbar, the toolbar is AVG which I find annoying. It installed a Yahoo search within the toolbar.


----------



## ~Candy~ (Jan 27, 2001)

Karen should be able to help with that 

If you right click in that area, if you see AVG toolbar, then uncheck that....if not, then back to Karen


----------



## EAFiedler (Apr 25, 2000)

Yep, we are not letting you do anything else until that is triple checked. 

I do remember unchecking the installation of the Yahoo toolbar when I installed AVG 8.


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> Does DH stand for Darling Husband?
> 
> Woohoo!
> 
> ...


No dahhhling, it means Dear.  

Whoo hoo! Yes, a did a happy dance... after I slapped myself upside the head.



Trying to be serious and geeky here, ok?


----------



## ~Candy~ (Jan 27, 2001)

Heck, this thread is so long now, we may as well party away  

I'm still on birthday celebration mode


----------



## ~Candy~ (Jan 27, 2001)

By the way, I can't believe that Walmart was out of those batteries


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> Yep, we are not letting you do anything else until that is triple checked.
> 
> I do remember unchecking the installation of the Yahoo toolbar when I installed AVG 8.


Yes, lol. That's why I'm waiting. I just want to un-install then re-install and uncheck anything extra!



If I do install something again and choose to uncheck anything that is added. In most cases, cant you add it later if you want it or need it?

Oh also Windows is still bugging me to update the service pack but I am waiting for permission and instruction on that.


----------



## Cookiegal (Aug 27, 2003)

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click *fix checked*.

*O15 - Trusted Zone: *.download.com*

Let me explain why I'm asking you to remove the above line. Putting that entry in the Trusted Zone basically gives free frein to anything from the download.com site to bypass all security measures in place on your computer. Ultimately, it's up to you but I highly recommend you remove it from there by doing the above with HijackThis.

Everything else looks fine. Are there any other problems remaining? Please say no.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> By the way, I can't believe that Walmart was out of those batteries





AcaCandy said:


> Heck, this thread is so long now, we may as well party away
> 
> I'm still on birthday celebration mode


Well so much for being all serious and geeky. I knew it, you just want to get this to 25 pages before you archive it! Thanks for the laughs.


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click *fix checked*.
> 
> *O15 - Trusted Zone: *.download.com*
> 
> ...


Hi Cookiegal, I had to add it so that it would allow me to download AVG. But I have no problem removing it. I just want to get rid of that toolbar and yahoo search if I can.

Also, the only other issue I can think of is the Windows Service Pack 3 wants to install along with some others added now. You had told me to wait as it could cause issues. I'm going now to remove the entry with Hijack This.


----------



## Cookiegal (Aug 27, 2003)

I thought you were successful in removing the toolbar? 

I would hold off installing SP3. When you're prompted to download it with updates you can uncheck it so it doesn't get installed and it won't keep bugging you about it. You can always get it from the MS site when you want to download it.

Open HijackThis and click on "Config" and then on the "Misc Tools" button. If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section". Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


----------



## NWDaydreamer (Oct 29, 2003)

Done Cookiegal, 

Do you want me to post a HijackThis log? Oh and since I downloaded the new AVG with the toolbar, when I open my browser, it freezes up.


----------



## ~Candy~ (Jan 27, 2001)

NWDaydreamer said:


> Well so much for being all serious and geeky. I knew it, you just want to get this to 25 pages before you archive it! Thanks for the laughs.


I'm sure you won't believe it, but, I THINK I have the longest thread at TSG  Can't remember how many pages it went, but, it was looooooooooooonnnnngggggggg


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> I thought you were successful in removing the toolbar?
> 
> I would hold off installing SP3. When you're prompted to download it with updates you can uncheck it so it doesn't get installed and it won't keep bugging you about it. You can always get it from the MS site when you want to download it.
> 
> Open HijackThis and click on "Config" and then on the "Misc Tools" button. If you're viewing HijackThis from the Main Menu then click on "Open the Misc Tools Section". Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here please.


No there was no place to remove it. I will do this step next. Thanks.


----------



## ~Candy~ (Jan 27, 2001)

Yes, please hold off on SP3 until we have everything else stable.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Yes, please hold off on SP3 until we have everything else stable.


I will hold off. Here is the list *Cookiegal*.

1st Page 2000 2.00 Free
Ad-Aware
Adobe Flash Player ActiveX
Adobe Shockwave Player
Agere Systems PCI Soft Modem
AVG Free 8.0
BookWorm Deluxe 1.0y
CDDRV_Installer
Complete CD Maker
e-Sword
Foxit PDF Creator
Foxit PDF Editor
Foxit Reader
GdiplusUpgrade
GIMP 2.4.4
Help and Support Additions
HijackThis 2.0.2
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 4.2.3
HP Organize
HP Photosmart Cameras 4.0
HP PSC & OfficeJet 4.0
HP Software Update
HP Update
IntelliMover Data Transfer Demo
InterVideo DiscLabel
InterVideo WinDVD Creator
InterVideo WinDVD Player
IrfanView (remove only)
Java(TM) 6 Update 7
KhalInstallWrapper
Logitech Desktop Messenger
Logitech SetPoint
MailWasher Pro
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Mouse Suite
Mozilla Firefox (1.0.7)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 3.5 magicMoments - HPD
Nero PhotoShow Elite
Nero Suite
OLYMPUS CAMEDIA Master 4.3
Panda ActiveScan
Panda ActiveScan 2.0
PC-Doctor for Windows
PhotoFantasy 2000
Photosmart 320,370,7400,8100,8400 Series
PlayLinc
PopCap ActiveX Control
PopCap Browser Plugin
Print Perfect Platinum
PrintMaster 7.00
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2005
QuickTime
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Serif DrawPlus 3.0
SiS VGA Utilities
Snapfish PhotoShow Express
Spybot - Search & Destroy
SpywareBlaster v3.5.1
Trellix Web
Trillian
Turbo Lister 2
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Updates from HP
URGE
Verizon Online DSL
Verizon Online Help and Support
VIA Platform Device Manager
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Yahoo! Messenger
ZoneAlarm
Zuma Deluxe RA


----------



## Cookiegal (Aug 27, 2003)

Yes please post a new regular HijackThis log.

If it's the AVG Security Toolbar you want to uninstall, it doesn't look like there's an option so you'd have to uninstall it and redownload it answer no when it asks if you want to install the security toolbar.


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> Yes please post a new regular HijackThis log.
> 
> If it's the AVG Security Toolbar you want to uninstall, it doesn't look like there's an option so you'd have to uninstall it and redownload it answer no when it asks if you want to install the security toolbar.


I think that is what I will do, it's really irritating. Thank you. Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:47:07 PM, on 9/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.villagephotos.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207382774359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9852 bytes


----------



## Cookiegal (Aug 27, 2003)

OK but this time try downloading it directly from Grisoft's servers:

http://free.avg.com/ww.download?prd=afe

You shouldn't have to put anything in the trusted zone to download a program.

You should probably disable SpyBot's TeaTimer though as it might interfere.

To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box.


----------



## Cookiegal (Aug 27, 2003)

Do you really need this site in the Trusted Zone as well?

O15 - Trusted Zone: www.villagephotos.com


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> Do you really need this site in the Trusted Zone as well?
> 
> O15 - Trusted Zone: www.villagephotos.com


I already re-downloaded AVG again. This time I installed it minus the toolbars and it worked. Sorry, I did it before you posted the last post. But it worked and the browser loaded immediately and nothing added. It's working great so far.

As for O15 - Trusted Zone: www.villagephotos.com It's been a while but I think I allowed it because I couldn't upload pictures without allowing it.


----------



## Cookiegal (Aug 27, 2003)

If you need to add things to the trusted zone to upload them it's likely the fault of your firewall ZoneAlarm blocking it. I would fix that other Trusted Zone entry with HijackThis as well.

Here are some final instructions for you.

*Follow these steps to uninstall Combofix and all of its files and components.*

 Click *START* then *RUN*
 Now type *Combofix /u* in the runbox and click *OK*. Note the *space* between the *X* and the *U*, it needs to be there.









The following program will remove some of the tools we've used and their associated files and backups and then it will delete itself.

Please download *OTMoveIt2 by OldTimer*.

*Save* it to your *desktop*.
Make sure you have an Internet Connection.
Double-click *OTMoveIt.exe* to run it. (Vista users, please right-click on *OTMoveIt2.exe* and select "Run as an *Administrator*")
Click on the *CleanUp!* button
A list of tool components used in the cleanup of malware will be downloaded.
If your firewall or real-time protection attempts to block OTMoveIt2 to reach the Internet, please allow the application to do so.
Click Yes to begin the cleanup process and remove these components, including this application which will delete itself.
You will be asked to reboot the machine to finish the cleanup process. If you are asked to reboot the machine choose *Yes.*

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start* - *All Programs* - *Accessories* - *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.


----------



## ~Candy~ (Jan 27, 2001)

Are we there yet?


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Are we there yet?




Oh! Of course not.

I Clicked START then RUN and typed Combofix /u in the runbox and clicked OK. I noted the space between the X and the U. It couldn't find it. I know I didn't delete it and the rest of the tools are on my dektop to my knowledge. I searched my files and it showed it was in
C:\Documents and Settings\HP_Owner\DoctorWeb\Quarantine
The ComboFix folder is in C:\
ComboFix.txt is in C:\
ComboFix2.txt is in C:\
ComboFix-quarantine-files.txt is in C:\QooBox
uninstall_list.txt is on my desktop.


----------



## ~Candy~ (Jan 27, 2001)

Ok  well, Karen is on EST. I've got to go figure out something for dinner 

So, until we meet again manana


----------



## EAFiedler (Apr 25, 2000)

NWDaydreamer said:


> Oh! Of course not.
> 
> I Clicked START then RUN and typed Combofix /u in the runbox and clicked OK. I noted the space between the X and the U. It couldn't find it. I know I didn't delete it and the rest of the tools are on my dektop to my knowledge. I searched my files and it showed it was in
> C:\Documents and Settings\HP_Owner\DoctorWeb\Quarantine
> ...


You did try it at least three times?


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> You did try it at least three times?


Actually I did!


----------



## EAFiedler (Apr 25, 2000)

Good for you! :up:


----------



## Cookiegal (Aug 27, 2003)

OK, so Dr. Web quarantined it as malware. This happens frequently with the tools we use although they are not malicious.

You can just delete the ComboFix folder, the Qoobox folder located at C:\Qoobox and the Combofix.txt and Combofix2.txt files.


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> OK, so Dr. Web quarantined it as malware. This happens frequently with the tools we use although they are not malicious.
> 
> You can just delete the ComboFix folder, the Qoobox folder located at C:\Qoobox and the Combofix.txt and Combofix2.txt files.


I deleted the files then downloaded *OTMoveIt2 by OldTimer.* Follwed the instructions. What all was it supposed to delete? I still have on my desktop:

2_DrWeb.csv 
Dr.Web ® CureIt! ®
RegSrch.zip
MSIServer.zip
Win32 Cabinet Self-Extractor (msicuu2.exe) _<-----What is that?_

*I have not taken any steps below yet. I wanted to wait and see what I should do next before I proceed. Also, I already have SPYWAREBLASTER.*



Cookiegal said:


> Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:
> 
> To turn off system restore, on the Desktop, right click on My Computer and click on Properties.
> Click the System Restore tab.
> ...


----------



## Cookiegal (Aug 27, 2003)

You should uninstall Dr. Web via the Control Panel - Add/Remove programs.

You can delete these:

*RegSrch.zip
MSIServer.zip
Win32 Cabinet Self-Extractor (msicuu2.exe)*

MSI refers to the Windows Installer registry fix which I had you run back at the beginning of August but it can be removed now.


----------



## NWDaydreamer (Oct 29, 2003)

Thank you, going to do it now.


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> You should uninstall Dr. Web via the Control Panel - Add/Remove programs.
> 
> You can delete these:
> 
> ...


I deleted those but these below are not in my Add/Remove Programs.

2_DrWeb.csv 
Dr.Web ® CureIt! ®


----------



## Cookiegal (Aug 27, 2003)

NWDaydreamer said:


> I deleted those but these below are not in my Add/Remove Programs.
> 
> 2_DrWeb.csv
> Dr.Web ® CureIt! ®


You can delete those then.


----------



## NWDaydreamer (Oct 29, 2003)

Ok thanks, there are two files when I did a search. They are in C:\ProgramFiles\Ahead\Nero

DRWEBASE.VDB
Drweb32.dll

Those belong there don't they?


----------



## NWDaydreamer (Oct 29, 2003)

NWDaydreamer said:


> Ok thanks, there are two files when I did a search. They are in C:\ProgramFiles\Ahead\Nero
> 
> DRWEBASE.VDB
> Drweb32.dll
> ...


I left those files alone.

I then turned off System Restore and saved. Rebooted then tried to create a new Restore point.



Cookiegal said:


> Restart your computer, turn System Restore back on and create a restore point.
> 
> To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.
> 
> ...


I could not find the System Restore wizard.


----------



## EAFiedler (Apr 25, 2000)

You can also invoke System Restore this way:
Start > Run
Key in, or copy and paste the following,
*%SystemRoot%\system32\restore\rstrui.exe*
Click *OK*


----------



## NWDaydreamer (Oct 29, 2003)

EAFiedler said:


> You can also invoke System Restore this way:
> Start > Run
> Key in, or copy and paste the following,
> *%SystemRoot%\system32\restore\rstrui.exe*
> Click *OK*


I tried that both ways and I can turn the System Restore back on but the wizard to actually set a new restore point doesn't come up, so I can't set a new restore point.

Also, I saved the hotfix to my desktop and used it as requested. What do I do with it, can I delete it or do I need to save it somewhere?


----------



## ~Candy~ (Jan 27, 2001)

Did you reboot the computer after you cleared restore points?


----------



## Cookiegal (Aug 27, 2003)

NWDaydreamer said:


> Ok thanks, there are two files when I did a search. They are in C:\ProgramFiles\Ahead\Nero
> 
> DRWEBASE.VDB
> Drweb32.dll
> ...


Those appear to be plugins for Nero for Dr. Web so I would delete those two files.

Go to Start - Run and copy and paste the following command to reinstall System Restore:

*rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf*

Reboot and let me know if you now have the System Restore wizard.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Did you reboot the computer after you cleared restore points?


Yes I did reboot.


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> Those appear to be plugins for Nero for Dr. Web so I would delete those two files.
> 
> Go to Start - Run and copy and paste the following command to reinstall System Restore:
> 
> ...


I deleted those two files. I tried the system restore again and the wizard appeared but when I sat the restore point it did not give me place to name the restore point but it did set a restore point. That was prior to these instructions below. I had tried it several times and rebooted each time.



Cookiegal said:


> Go to Start - Run and copy and paste the following command to reinstall System Restore:
> *rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf*
> 
> Reboot and let me know if you now have the System Restore wizard.


 I have not tried that. Do I need to turn off my system restore again, reboot and try the method to run *rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf*?


----------



## ~Candy~ (Jan 27, 2001)

If you go to use a restore point, is it showing there?

If so, reboot, and try to make another one and see if you can name it.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> If you go to use a restore point, is it showing there?
> 
> If so, reboot, and try to make another one and see if you can name it.


I tried that several times and I can set or remove a restore point but cannot name it. When the computer started, before anything loaded is a system restore page came and and said that my new system restore point had been made.


----------



## NWDaydreamer (Oct 29, 2003)

All I can do is make one and delete one then make a new one. I also tried what Cookiegal said with start, run command and it doesn't make a difference.


----------



## Cookiegal (Aug 27, 2003)

After you select the radio dial to "create a new restore point" do you click on "Next"?


----------



## Mosaic1 (Aug 17, 2001)

Excuse the interruption, please.

There is a possibility of a registry restriction being in place. I am about to sign off, but if you open regedit and drill down to this key (if it exists)
*HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore*

Looking in the right pane after clicking on SystemRestore in the left pane, what do you see?

I am sure either Cookiegal or AcaCAndy will be able to guide you in inspecting your registry. I am not sure the forum software will show the key's name properly for you to look.

I have to leave but wanted to quickly post to save time.

Mosaic1


----------



## ~Candy~ (Jan 27, 2001)

Hi Mosaic! :up: You're ALWAYS welcome


----------



## Cookiegal (Aug 27, 2003)

Thanks Katie. :up:


----------



## NWDaydreamer (Oct 29, 2003)

Mosaic1 said:


> Excuse the interruption, please.
> 
> There is a possibility of a registry restriction being in place. I am about to sign off, but if you open regedit and drill down to this key (if it exists)
> *HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore*
> ...


I am able to open regedit but don't know where to go to get to that key after I open it.


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> After you select the radio dial to "create a new restore point" do you click on "Next"?


Yes I do click next and it goes right to restore, no choice to name. It just does it and restarts the computer. When it boots up it says it was restored.


----------



## Cookiegal (Aug 27, 2003)

Wait a minute. It doesn't sound like we're talking about the same thing here. If it reboots and says the system was restored then you actually did a restore to an earlier restore point. Are you selecting a date from the calendar when doing that?


----------



## NWDaydreamer (Oct 29, 2003)

I can't choose a restore date from before the last restore. When I delete the restore point, turn system restore on, restart the computer and set a new restore, it does restore it to that time in which I am doing it. There is no other option. It just won't let me name the new restore point.. No option to name the new restore point shows. Am I making sense?


----------



## Cookiegal (Aug 27, 2003)

You aren't supposed to actually be doing a system restore.

Can you post screenshots of the steps you're doing please?


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> You aren't supposed to actually be doing a system restore.
> 
> Can you post screenshots of the steps you're doing please?


I guess there is no need, I would have to do that by taking digital pictures of every step. Anyway, I went back and started all over again. This time I was able to set a system restore point not do a system restore.

:up:


----------



## Cookiegal (Aug 27, 2003)

OK, that's good. Now I wonder how far back you restored the system to. Do you remember? If only the day before you may have uninstalled the hotfix. I'm not sure at this point if the system restore done can be undone since we've tried to reinstall it since then so please check the Event Viewer again but just for System errors that have occurred in the last 24 hours.

I'll repost the instructions on how to do that so you don't have to go back and look for them.

Please go to *Start *- *Run *- type in *eventvwr.msc* to open the event viewer. Look under "System" for recent errors (shown in red) and if found, do this for each one.

Double-click the error to open it up and then click on the icon that looks like two pieces of paper. This will copy the full error. Then "paste" the error into Notepad. Do this for each one until you have them all listed in Notepad and then copy and paste the list in a reply here please.


----------



## ~Candy~ (Jan 27, 2001)

I'm guessing that she really did clear the restore points, then make one successfully, and then restored to that one. So, I'm guessing she may be ok....but, let's make sure for sure


----------



## Cookiegal (Aug 27, 2003)

I think that's the case as well but want to be absolutely sure.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> I'm guessing that she really did clear the restore points, then make one successfully, and then restored to that one. So, I'm guessing she may be ok....but, let's make sure for sure


Yes, that is what I did.

Cookiegal, I'm going now to check the Event Viewer again just for System errors that have occurred in the last 24 hours.


----------



## NWDaydreamer (Oct 29, 2003)

System errors attached.


----------



## Cookiegal (Aug 27, 2003)

OK, the only error pertains to SuperAntiSpyware. Do you still have that program on your system?


----------



## ~Candy~ (Jan 27, 2001)

Love the computer name


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> OK, the only error pertains to SuperAntiSpyware. Do you still have that program on your system?


I didn't know I ever had it. What is it? I didn't see it in my Add/Remove.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Love the computer name


Well yeah, it started out as my DH's puter. I let him thi.....


----------



## NWDaydreamer (Oct 29, 2003)

I did a search and there are SuperAntiSpyware files on my computer but I don't see the actual program. Can I delete them? They say they are data files.

Oops, looked again through some files, there are others including a couple of zip files.


----------



## Cookiegal (Aug 27, 2003)

NWDaydreamer said:


> Well yeah, it started out as my DH's puter. I let him thi.....


it should be BOSSLADY though.


----------



## Cookiegal (Aug 27, 2003)

First, please post a new HijackThis log.


----------



## NWDaydreamer (Oct 29, 2003)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:38 AM, on 9/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207382774359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9316 bytes


----------



## Cookiegal (Aug 27, 2003)

OK, let's tidy up and get rid of some orphaned entries. They are not malicious but have no files associated with them.

You will need to disable Spybot's TeaTimer again or it won't allow the registry changes:

To disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box.

Rescan with HijackThis, close all browser windows except HijackThis, put a check mark beside these entries and click *fix checked*.

*O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab*

It does look like SuperAntiSpyware was installed at one time but probably unistalled and there are some remnants, including the service that keeps trying to start up but can't find the file which is what is generating the error that shows in the Event Viewer.

You should have a folder:

C:\Program Files\*SuperAntiSpyware*

Can you tell me what the other files are you're finding and where they are located?


----------



## NWDaydreamer (Oct 29, 2003)

I followed your instructions to disable SpybotSD TeaTimer:

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
*Click Allow Change box.*

I cannot find the *Allow Change Box. * but I closed the program and went back and Teatimer is unchecked.



Adding the location of SUPERAntiSpyware files the one in C:\ is empty.:

SUPERAntiSpyware.com C:\Documents and Settings\All Users\Application Data

SUPERAntiSpyware.com C:\Documents and Settings\HP_Owner\Application Data *(16.3 MB)*SUPERAntiSpyware C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com* (empty*)

SUPERAntiSpywareSUPERAntiSpyware C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com *(16 MB)*

SUPERANTISPYWARE-5-13-2008( 15-40-30 ).LOG C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs *(8 Entries}*

file:///C:/Documents%20and%20Settings/HP_Owner/Application%20Data/SUPERAntiSpyware.com/SUPERAntiSpyware/Logs/SUPERAntiSpyware%20Scan%20Log%20-%2005-13-2008%20-%2021-02-37.log Recently visited *(2 entries My Computer)*


----------



## Cookiegal (Aug 27, 2003)

It may be a little different in new versions but you got the desired result.


----------



## ~Candy~ (Jan 27, 2001)

Are we all solved yet?


----------



## Cookiegal (Aug 27, 2003)

We're getting there.......I think.


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> It may be a little different in new versions but you got the desired result.


Thank you, going to remove those entries in HijackThis now.

*Done. Posting a new HijackThis log.*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:26 PM, on 9/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\FireTrust\MailWasher Pro\MailWasher.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SnipeIt! eSnipe - http://www.esnipe.com/SnipeIt/SnipeItOpen3.asp
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1207382774359
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8982 bytes


----------



## NWDaydreamer (Oct 29, 2003)

*I added this information and there were posts afterwards. I didn't know if you say it or missed it. Can I delete those files?*

SUPERAntiSpyware.com C:\Documents and Settings\All Users\Application Data

SUPERAntiSpyware.com C:\Documents and Settings\HP_Owner\Application Data *(16.3 MB)*SUPERAntiSpyware C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com* (empty*)

SUPERAntiSpywareSUPERAntiSpyware C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com *(16 MB)*

SUPERANTISPYWARE-5-13-2008( 15-40-30 ).LOG C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs *(8 Entries}*

file:///C:/Documents%20and%20Settings/HP_Owner/Application%20Data/SUPERAntiSpyware.com/SUPERAntiSpyware/Logs/SUPERAntiSpyware%20Scan%20Log%20-%2005-13-2008%20-%2021-02-37.log Recently visited *(2 entries My Computer)*[/QUOTE]

*Also, how can I start my DVD player?*


----------



## ~Candy~ (Jan 27, 2001)

Karen has called it a night, she'll return in the morning. Just thought I'd pop in and let you know. Just logged off with her on yahoo messenger earlier.


----------



## Cookiegal (Aug 27, 2003)

OK, please do the following. This will delete the SAS service that is trying to load a file that doesn't exist.

Go to *Start *- *Run * type in *cmd *then click OK. The MSDOS window will be displayed. At the prompt type the following:

*SC Delete SASKUTIL*

Then press Enter.

Then you just have to delete these parents folders as everything they contain will go with them:

C:\Documents and Settings\All Users\Application Data\*SUPERAntiSpyware.com*
C:\Documents and Settings\HP_Owner\Application Data\*SUPERAntiSpyware.com *

How's everything now?


----------



## NWDaydreamer (Oct 29, 2003)

Cookiegal said:


> OK, please do the following. This will delete the SAS service that is trying to load a file that doesn't exist.
> 
> Go to *Start *- *Run * type in *cmd *then click OK. The MSDOS window will be displayed. At the prompt type the following:
> 
> ...


Ok, I got it! I have a few other questions.

Should I turn TeaTimer back on?

The Hotfix zip file was saved to my desktop, can I delete it?

Can I safely install Windows EX Service pack Pack 3 if I do it from their website?

Also, how do I manually start a DVD to watch a movie?

I think that is all except for me to go back and read "tightening up your security".


----------



## ~Candy~ (Jan 27, 2001)

To manually start a dvd, you should only have to open my computer, then click on the dvd drive.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> To manually start a dvd, you should only have to open my computer, then click on the dvd drive.


Thank you. Got it.
:up:


----------



## Cookiegal (Aug 27, 2003)

> Should I turn TeaTimer back on?


You can turn it back on now if you wish to use it.


> The Hotfix zip file was saved to my desktop, can I delete it?


Yes, the errors are no longer showing in the Event Viewer so it has corrected that situation and you can delete it now.


> Can I safely install Windows EX Service pack Pack 3 if I do it from their website?


This is a tough one. Some people have had problems after installing it. I haven't downloaded it myself yet until all the bugs are worked out. Others haven't had any problems. You could give it a go but I suggest you set a new restore point just before doing it. If you have any problems after installing the SP3 you can uninstall it via the Control Panel - Add or Remove programs and if that gives you problems then go back to the last restore point you made.


----------



## NWDaydreamer (Oct 29, 2003)

Ok, I turned TeaTimer back on, deleted the hotfix, updated Windows and chose to wait on the Service Pack3. Now I am going to go back and read more on security. If I have any questions on any of that, I will post in the appropriate thread relating to such. I want to thank all of you for patiently helping me through this. I will donate again soon. I am grateful for everything. I will close this as soon as you give me the go ahead.


----------



## ~Candy~ (Jan 27, 2001)

Wasn't this closed 6 pages ago?


----------



## Cookiegal (Aug 27, 2003)

You're welcome. 

Now, let's be careful out there.


----------



## NWDaydreamer (Oct 29, 2003)

AcaCandy said:


> Wasn't this closed 6 pages ago?


Why no, I didn't want you to get bored. I was trying to keep you all busy.

 



Cookiegal said:


> You're welcome.
> 
> Now, let's be careful out there.


Will do my best, Cookiegal. Thanks again and now I'm closing this book.


----------

