# Solved: security--mouse and task manager



## mdmom (Jul 4, 2005)

Hi. I believe I have a virus or Trojan, but I cannot find it.
I am using Windows XP pro. I have been having multiple problems with hanging and or freezing. I, have tried Norton and macafee and have had a computer person use a couple of other programs. I have also run spybot and ad-aware. The computer will work fine for a variable period of time from a few minutes to hours; then the mouse cursor will start moving around on it's own. I have only a little control and can sometimes manage to click something--before everything hangs or freezes. Through trial and error, I have discovered that if I log off and then shut down and reboot; the computer acts normal again---for minutes or hours or days. If I just reboot without logging off, it hangs again and the mouse cursor starts moving wildly on its own again. 

When this occurs Task manager usually will come up with ctl-alt-delete. I tried shutting down programs using the most memory or labeled "not responding" before I learned the above. That sometimes worked for a bit, but then the cursor movement would begin again almost immediately.
Sometimes the task manager doesn't come up and the screen just shows the windows intro screen, making me wonder if task manager is involved as well. 

Can anyone help me exorcise my computer?


----------



## khazars (Feb 15, 2004)

hi, welcome to TSG.

Download hijack this from the link below.Please do this. Click here:

http://www.thespykiller.co.uk/files/hijackthis_sfx.exe

to download HijackThis. Click scan and save a logfile, then post it here so 
we can take a look at it for you. Don't click fix on anything in hijack this 
as most of the files are legitimate.


----------



## mdmom (Jul 4, 2005)

Well you are correct; I don't have much knowledge in this area. I see a lot of duplicates I think.........Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 10:19:27 AM, on 8/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\BeTwinServiceXP.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\E_S00RP2.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\locator.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\snmptrap.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
C:\Program Files\BeTwin\BeTwinAssistant.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec\Web Tools\CKA.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S00IC2.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
C:\Creative art tools\WallpaperToy\Wallpapertoy.Exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S00MT2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S00RN2.EXE
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://site.lisco.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShopSafe Browser Helper Object - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\WINDOWS\System32\BhoSSafe.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHelper Class - {F8A53FBE-5846-11D2-A022-006097D2400E} - C:\Program Files\Mindmaker\Common Files\Windows NT\IElink.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShopSafe] C:\Program Files\ShopSafe\ShopSafe.exe /dontopenmycards
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [BeTwinAssistant] "C:\Program Files\BeTwin\BeTwinAssistant.exe"
O4 - HKLM\..\Run: [BeTwinMessages] "C:\Program Files\BeTwin\BeTwinMessages.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 3
O4 - HKCU\..\Run: [SymKeepAlive] C:\Program Files\Symantec\Web Tools\CKA.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MDMOM EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S00IC2.EXE /A "C:\WINDOWS\system32\E_S70.tmp"
O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Creative art tools\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Microsoft Office.lnk = Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4054/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9E133E16-B8CD-419C-B414-4F9C29534ED3} (SLScheck Control) - http://www.thinsoftinc.com/BeTwin2000Registration/controls/SLScheck.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {F4E59691-8BC1-446B-9F89-B4C8621D2079} (RegisterBeTwin2000 Control) - http://www.thinsoftinc.com/BeTwin2000Registration/controls/RegisterBeTwin2000.ocx
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP2.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BeTwin Terminal Services (TermService) - ThinSoft Inc. - C:\WINDOWS\System32\BeTwinServiceXP.exe


----------



## khazars (Feb 15, 2004)

do you know what this programme is?

BeTwin

go to this site and download these tools and once you get both
adaware Se 1.6 and spybot, update both of them.

Set adaware to do a full system scan and deselect, "search for neglible risk 
entries". Click next to start the scan. Delete everything adaware finds.

Delete what spybot finds marked in red. After updating spybot hit the 
immunize button.

reboot again

With CWshredder close all browsers and programmes and select the FIX button.

update and run microsoft's antispyware.

Go here and download Microsoft Antispyware Beta. First in the top menu click 
File then Check for updates to download the definitons updates.

After updating look in the right side of the main window under "Run Quick 
Scan Now" and click Spyware scan options. In that window put a tick by Run a
full system scan and then put a check by all three options below that then 
click Run Scan now.

When the scan is finished, let it fix anything that it finds (have it 
quarantine the items that have that option rather than delete just in case. 
It is a beta program and there may be false positives)

Restart your computer.

All tools can be downloaded at the link below and found on that page!

. AdAware SE

http://www.majorgeeks.com/downloads31.html

. CWShredder

http://www.soft32.com/download_19014.html

* Download the trial version of Ewido Security Suite here

http://www.ewido.net/en/

* Install ewido.
* During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido
* It will prompt you to update click the OK button and it will go to the main screen
* On the left side of the main screen click update
* Click on Start and let it update.
* DO NOT run a scan yet. You will do that later in safe mode.

*Download Cleanup from Here

http://www.stevengould.org/software/cleanup/download.html

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* DO NOT RUN IT YET

* Click here for info on how to boot to safe mode if you don't already know 
how.

How to boot to safe mode

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

* Now copy these instructions to notepad and save them to your desktop. You 
will need them to refer to in safe mode.

* Restart your computer into safe mode now. Perform the following steps in 
safe mode:

* Run Ewido:

* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

* Run Cleanup:

* Click on the "Cleanup" button and let it run.
* Once its done, close the program.

Run ActiveScan online virus scan here

http://www.pandasoftware.com/activescan/

When the scan is finished, anything that it cannot clean have it delete it. 
Make a note of the file location of anything that cannot be deleted so you 
can delete it yourself.
- Save the results from the scan!

post another hijack this log, the ewido and active scan logs


----------



## mdmom (Jul 4, 2005)

Be twin was listed as a program that allowed you to see the other computers on your network. I thought maybe this would be a way to get around the "you don't have permission to access" problem. I haven't done much with it. But the original problem was happening before I installed it.

Thanks for your, umm 23 step  solution advice. I am going to review my steps so you can double check what I did. Part of this was so far over my head that I was snorkeling through it!
Talk about homework!---and school hasn't even started yet.
Here Goes:

I had adaware and spybot already, but I updated each and ran the scans as you indicated.
I found the CW shredder and followed directions. 
I already had Beta microsoft's spyware running every night @ 4 am, but I ran it again on full system scan.
I rebooted and installed ewido. It scared me. So I stopped and backed up all my photos again.
I then rebooted into safe mode, and realized that I hadn't found clean up. I have one, but not sure if from same company so I rebooted out of safe mode and obtained clean up and rebooted into safe mode, this time with internet access and ran each of these in succession. Then went to pandaware and ran the virus scan. I wasn't sure whether I was to re-run hijack in safe mode or not. When I rebooted, I noted 3 seconds of mouse out of control,  but then it disappeared. [usually it just gets worse.)

I hope that I did everything correctly. Here are the logs.
_______
CleanUp! started on 08/17/05 03:54:35.
...
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat - deleted
C:\Documents and Settings\Alda\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Alda\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Alda\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Alda\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Alda\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf - deleted
C:\WINDOWS\Prefetch\ADOBE GAMMA LOADER.EXE-1DBD7BA3.pf - deleted
C:\WINDOWS\Prefetch\ADVCHK.EXE-35E75794.pf - deleted
C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf - deleted
C:\WINDOWS\Prefetch\AUPDATE.EXE-2253CB60.pf - deleted
C:\WINDOWS\Prefetch\BETWINASSISTANT.EXE-15705DCF.pf - deleted
C:\WINDOWS\Prefetch\BETWINMESSAGES.EXE-25450BB4.pf - deleted
C:\WINDOWS\Prefetch\BTTRAY.EXE-02B509CD.pf - deleted
C:\WINDOWS\Prefetch\CCAPP.EXE-1207B2A5.pf - deleted
C:\WINDOWS\Prefetch\CIDAEMON.EXE-27AE97A4.pf - deleted
C:\WINDOWS\Prefetch\CKA.EXE-15666780.pf - deleted
C:\WINDOWS\Prefetch\CONVERT.EXE-08EEDB90.pf - deleted
C:\WINDOWS\Prefetch\DEVICEOP.EXE-38ECF0C3.pf - deleted
C:\WINDOWS\Prefetch\DLLHOST.EXE-1ECB6754.pf - deleted
C:\WINDOWS\Prefetch\DLLHOST.EXE-40214EA4.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf - deleted
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf - deleted
C:\WINDOWS\Prefetch\EPIBSR20.EXE-1A02E55D.pf - deleted
C:\WINDOWS\Prefetch\EPSON10066.EXE-014DD27F.pf - deleted
C:\WINDOWS\Prefetch\EPSON10067.EXE-387DBBC1.pf - deleted
C:\WINDOWS\Prefetch\EPSON10067[1].EXE-19851F9C.pf - deleted
C:\WINDOWS\Prefetch\EPSON10067[2].EXE-33B53EBD.pf - deleted
C:\WINDOWS\Prefetch\EPSON11226[1].EXE-15230132.pf - deleted
C:\WINDOWS\Prefetch\EXCEL.EXE-1C75F8D6.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf - deleted
C:\WINDOWS\Prefetch\E_DMSG00.EXE-0917CCD5.pf - deleted
C:\WINDOWS\Prefetch\E_DPPE03.EXE-14897805.pf - deleted
C:\WINDOWS\Prefetch\E_S00IC2.EXE-1B273E6E.pf - deleted
C:\WINDOWS\Prefetch\E_S00MT2.EXE-0DF19D90.pf - deleted
C:\WINDOWS\Prefetch\E_S00RN2.EXE-3821C577.pf - deleted
C:\WINDOWS\Prefetch\E_SCHK02.EXE-169BDF9D.pf - deleted
C:\WINDOWS\Prefetch\E_SRCV02.EXE-38296430.pf - deleted
C:\WINDOWS\Prefetch\FXSSVC.EXE-3B8F7819.pf - deleted
C:\WINDOWS\Prefetch\GCASDTSERV.EXE-04B13CAF.pf - deleted
C:\WINDOWS\Prefetch\GCASSERV.EXE-3660CD4E.pf - deleted
C:\WINDOWS\Prefetch\GCASSERVALERT.EXE-23FC31BB.pf - deleted
C:\WINDOWS\Prefetch\GCASSWUPDATER.EXE-06378256.pf - deleted
C:\WINDOWS\Prefetch\GIANTANTISPYWAREUPDATER.EXE-01DFD337.pf - deleted
C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf - deleted
C:\WINDOWS\Prefetch\HELPHOST.EXE-247D2792.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf - deleted
C:\WINDOWS\Prefetch\IKERNEL.EXE-078AA887.pf - deleted
C:\WINDOWS\Prefetch\INCD.EXE-0A3D304D.pf - deleted
C:\WINDOWS\Prefetch\INDEXSEARCH.EXE-1C3940E7.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LISTPROALARMS.EXE-368B660E.pf - deleted
C:\WINDOWS\Prefetch\LOCATOR.EXE-2C8326B1.pf - deleted
C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf - deleted
C:\WINDOWS\Prefetch\LWBWHEEL.EXE-07C112AB.pf - deleted
C:\WINDOWS\Prefetch\MQSVC.EXE-08588470.pf - deleted
C:\WINDOWS\Prefetch\MSACCESS.EXE-1191B6B2.pf - deleted
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf - deleted
C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf - deleted
C:\WINDOWS\Prefetch\MSNMSGR.EXE-366A1A81.pf - deleted
C:\WINDOWS\Prefetch\NAVW32.EXE-23FC330F.pf - deleted
C:\WINDOWS\Prefetch\NDETECT.EXE-16E64095.pf - deleted
C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf - deleted
C:\WINDOWS\Prefetch\NIELSENONLINE.EXE-29ACEBC9.pf - deleted
C:\WINDOWS\Prefetch\NISEMSVR.EXE-2D477869.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf - deleted
C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf - deleted
C:\WINDOWS\Prefetch\OEMINF.EXE-0BA0483A.pf - deleted
C:\WINDOWS\Prefetch\OPSCAN.EXE-2BAEB334.pf - deleted
C:\WINDOWS\Prefetch\OSA9.EXE-27CD7DB8.pf - deleted
C:\WINDOWS\Prefetch\OUTLOOK.EXE-179DEC04.pf - deleted
C:\WINDOWS\Prefetch\PHOTOSHOPELEMENTSEDITOR.EXE-10B4C635.pf - deleted
C:\WINDOWS\Prefetch\PPTD40NT.EXE-1E4A0D52.pf - deleted
C:\WINDOWS\Prefetch\READER_SL.EXE-3614FA6E.pf - deleted
C:\WINDOWS\Prefetch\REGISTRYREPAIRPRO.EXE-25A89D76.pf - deleted
C:\WINDOWS\Prefetch\RESCAN.EXE-23CADE01.pf - deleted
C:\WINDOWS\Prefetch\RSVP.EXE-04E70CF3.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-16429147.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-18ACD379.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1A40A6FA.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1B652D2F.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-247FE6B9.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-27842684.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-308DE435.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3300AF56.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-37B7C8C0.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-38909239.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-488B3EE7.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B45E5CA.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4C25F3E0.pf - deleted
C:\WINDOWS\Prefetch\SAVSCAN.EXE-39E05349.pf - deleted
C:\WINDOWS\Prefetch\SBSERV.EXE-32089713.pf - deleted
C:\WINDOWS\Prefetch\SESSMGR.EXE-25E7D5E1.pf - deleted
C:\WINDOWS\Prefetch\SETTING.DAT-3B50F098.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-38B416A7.pf - deleted
C:\WINDOWS\Prefetch\SHOPSAFE.EXE-2071DEBD.pf - deleted
C:\WINDOWS\Prefetch\SMARTUI.EXE-2F7AF0AF.pf - deleted
C:\WINDOWS\Prefetch\SMLOGSVC.EXE-054B1E6C.pf - deleted
C:\WINDOWS\Prefetch\SNAPDETECT.EXE-25BC5378.pf - deleted
C:\WINDOWS\Prefetch\SNDMON.EXE-0A6C21A2.pf - deleted
C:\WINDOWS\Prefetch\SNDSRVC.EXE-12E86B11.pf - deleted
C:\WINDOWS\Prefetch\SNMP.EXE-0E0E1166.pf - deleted
C:\WINDOWS\Prefetch\SNMPTRAP.EXE-289BD7C8.pf - deleted
C:\WINDOWS\Prefetch\SSMYPICS.SCR-01C62024.pf - deleted
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf - deleted
C:\WINDOWS\Prefetch\SYMLCSVC.EXE-0DE3B05C.pf - deleted
C:\WINDOWS\Prefetch\SYMWSC.EXE-321AAE19.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf - deleted
C:\WINDOWS\Prefetch\TLNTSVR.EXE-08E5FA8F.pf - deleted
C:\WINDOWS\Prefetch\URLLSTCK.EXE-0CDBA23D.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf - deleted
C:\WINDOWS\Prefetch\WALLPAPERTOY.EXE-35971D73.pf - deleted
C:\WINDOWS\Prefetch\WCESCOMM.EXE-062FDF7F.pf - deleted
C:\WINDOWS\Prefetch\WEATHER.EXE-0104EC7D.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-10D55173.pf - deleted
C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf - deleted
C:\WINDOWS\Prefetch\WSCRIPT.EXE-32960AB9.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf - deleted
C:\WINDOWS\Prefetch\WZQKPICK.EXE-350A392A.pf - deleted
C:\temp\Reboot.reg - deleted
C:\~$exaskirkwood pay.doc - deleted
C:\~$nsiderations for the board.doc - deleted
C:\EZPHOTO1.TMP - deleted
C:\Documents and Settings\Alda\Application Data\Adobe\FileBrowser\PhotoshopElements3\index.dat - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Office\fbc327.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Office\Recent\~3$Normal.LNK - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Office\Recent\~WRO0038.LNK - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Office\Recent\~WRO0943.LNK - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Office\Recent\~WRO1673.LNK - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Office\Recent\~WRO2689.LNK - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Office\Recent\~WRO4098.LNK - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Office\Recent\index.dat - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~$tter for clinic.dot - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~3$Normal.dot - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL0040.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL0064.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL0097.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL0180.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL0324.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL0648.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL0738.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL0764.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL0780.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL0876.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL1596.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL1696.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL1894.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL1937.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL2143.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL2152.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL2169.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL2185.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL2220.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL2247.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL2530.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL2588.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL2637.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL2655.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL2742.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL2803.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL3024.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL3077.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL3095.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL3115.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL3216.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL3275.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL3340.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL3397.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL3614.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL3808.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL3913.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Templates\~WRL4086.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA0000.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA0001.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA0002.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA0003.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA0004.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA0240.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA0554.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA1027.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA1106.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA1153.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA1390.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA1416.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA1549.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA1910.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA2092.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA2170.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA2464.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA2511.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA2579.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA2589.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA3110.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA3866.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA3930.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA3958.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRA4005.wbk - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRD0948.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL0004.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL0169.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL0354.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL0386.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL0420.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL0483.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL0488.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL0723.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL0780.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL0824.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL1594.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL1605.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL1706.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL1919.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL2276.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL2426.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL2907.tmp - deleted
C:\Documents and Settings\Alda\Application Data\Microsoft\Word\~WRL3035.tmp - deleted
C:\Documents and Settings\Alda\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Alda\Local Settings\Application Data\Microsoft\FORMS\IPM.Contact.SBE\FS36.tmp - deleted
C:\Documents and Settings\Alda\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Alda\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Alda\My Documents\~$ YOU BELIEVE IN GOD.doc - deleted
C:\Documents and Settings\Alda\My Documents\~$2005 revised in processver2.doc - deleted
C:\Documents and Settings\Alda\My Documents\~$ALloyd Jessen2.doc - deleted
C:\Documents and Settings\Alda\My Documents\~$avel Plans.doc - deleted
C:\Documents and Settings\Alda\My Documents\~$mplaint letter.doc - deleted
C:\Documents and Settings\Alda\My Documents\~$otballDavid SandstrumFinallastver.doc - deleted
C:\Documents and Settings\Alda\My Documents\~WRL0518.tmp - deleted
C:\Documents and Settings\Alda\My Documents\~WRL1392.tmp - deleted
C:\Documents and Settings\Alda\My Documents\~WRL1742.tmp - deleted
C:\Documents and Settings\Alda\My Documents\~WRL2053.tmp - deleted
C:\Documents and Settings\Alda\My Documents\~WRL2090.tmp - deleted
C:\Documents and Settings\Alda\My Documents\~WRL2266.tmp - deleted
C:\Documents and Settings\Alda\My Documents\~WRL2436.tmp - deleted
C:\Documents and Settings\Alda\My Documents\Diet 4.0\Recipe03302004.bak - deleted
C:\Documents and Settings\Alda\My Documents\Diet 4.0\Recipe04292004.bak - deleted
C:\Documents and Settings\Alda\My Documents\Diet 4.0\Recipe05112004.bak - deleted
C:\Documents and Settings\Alda\My Documents\Diet 4.0\Recipe08062004.bak - deleted
C:\Documents and Settings\Alda\My Documents\Diet 4.0\Recipe12272004.bak - deleted
C:\Documents and Settings\Alda\UserData\index.dat - deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.bak - deleted
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.bak - deleted
C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\pdf.bak - deleted
C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Accessibility.bak - deleted
C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Acroform.bak - deleted
C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\eBook.bak - deleted
C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Escript.bak - deleted
C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\XFA.bak - deleted
C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Annotations\Annots.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll.700.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroPDF.dll.701.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\Acrord32.dll.700.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\Acrord32.dll.701.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\Acrord32.exe.700.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\Acrord32.exe.701.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe.700.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\esdupdate.dll.700.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\rt3d.dll.700.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm.api.700.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm.api.701.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\AcroForm.api.702.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\DigSig.api.700.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Escript.api.700.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\Escript.api.701.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\plug_ins\PPKLite.api.700.bak - deleted
C:\Program Files\Adobe\Acrobat 7.0\Reader\Updater\acroaum.exe.700.bak - deleted
C:\Program Files\Adobe\Photoshop Elements 3.0\Required\Help\category.tmpl - deleted
C:\Program Files\Blue Point Studio\Pocket Earth ARM\ini564.tmp - deleted
C:\Program Files\Blue Point Studio\Pocket Earth ARM Demo\ini47.tmp - deleted
C:\Program Files\Common Files\Symantec Shared\Firewall.BAK - deleted
C:\Program Files\Common Files\Symantec Shared\Persist.BAK - deleted
C:\Program Files\Common Files\Symantec Shared\IDS\IDSSettg.BAK - deleted
C:\Program Files\desktop\Aleda\~$ there any way you could make a banner for me today.doc - deleted
C:\Program Files\desktop\DietPower 4.0\Recipe03302004.bak - deleted
C:\Program Files\desktop\DietPower 4.0\Recipe04292004.bak - deleted
C:\Program Files\desktop\DietPower 4.0\Recipe05112004.bak - deleted
C:\Program Files\desktop\DietPower 4.0\Recipe08062004.bak - deleted
C:\Program Files\desktop\DietPower 4.0\Recipe12272004.bak - deleted
C:\Program Files\eWallet\Synchronized Wallets\4a7e7426\Changed Copy Of My Wallet.BAK - deleted
C:\Program Files\eWallet\Synchronized Wallets\4a7e7426\My Wallet.BAK - deleted
C:\Program Files\eWallet\Synchronized Wallets\535a4eae\Changed Copy Of My Wallet.BAK - deleted
C:\Program Files\eWallet\Synchronized Wallets\d5c3c6e\My Wallet.BAK - deleted
C:\Program Files\ewido\security suite\Quarantine\fil10.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil11.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil12.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil13.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil14.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil15.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil16.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil17.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil18.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil19.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil1A.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil1B.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil1C.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil1D.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil1E.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil1F.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\fil20.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\filB.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\filC.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\filD.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\filE.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\filF.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\reg4.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\reg5.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\reg6.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\reg7.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\reg8.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\reg9.tmp - deleted
C:\Program Files\ewido\security suite\Quarantine\regA.tmp - deleted
C:\Program Files\Microsoft Office\Office\TBM54E.tmp - deleted
C:\Program Files\Microsoft Office\Office\TBM573.tmp - deleted
C:\Program Files\Microsoft Office\Templates\Business Planner Templates\~$tter of Complaint to Landlord.dot - deleted
C:\Program Files\NewSoft\Presto! VideoWorks 4.5\Profile\~VW0005.PRO - deleted
C:\Program Files\NewSoft\Presto! VideoWorks 4.5\Profile\~VW0006.PRO - deleted
___________________________
Panda on line scan.
Incident Status Location

Adware:adware/alexa-toolbar No disinfected C:\WINDOWS\SYSTEM32\AlxTB1.dll 
Adware:adware/coupons No disinfected Windows Registry ____________________________

If there is a rule about post length, I am sure I broke it.
 As it turns out there is a rule. So I will post hijack report with next post.


----------



## mdmom (Jul 4, 2005)

In follow-up of my exorcism here is the 2nd Logfile of HijackThis v1.99.1

Scan saved at 4:48:51 AM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://site.lisco.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShopSafe Browser Helper Object - {333F6B96-3992-4D58-A499-145A10FE48C3} - C:\WINDOWS\System32\BhoSSafe.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEHelper Class - {F8A53FBE-5846-11D2-A022-006097D2400E} - C:\Program Files\Mindmaker\Common Files\Windows NT\IElink.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security Professional\UrlLstCk.exe
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ShopSafe] C:\Program Files\ShopSafe\ShopSafe.exe /dontopenmycards
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NetMeter] C:\Program Files\NetRatingsNetmeter\NetMeter\NielsenOnline.exe
O4 - HKLM\..\Run: [BeTwinAssistant] "C:\Program Files\BeTwin\BeTwinAssistant.exe"
O4 - HKLM\..\Run: [BeTwinMessages] "C:\Program Files\BeTwin\BeTwinMessages.exe"
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 3
O4 - HKCU\..\Run: [SymKeepAlive] C:\Program Files\Symantec\Web Tools\CKA.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MDMOM EPSON] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S00IC2.EXE /A "C:\WINDOWS\system32\E_S70.tmp"
O4 - Startup: ListProAlarms.lnk = C:\Program Files\Ilium Software\ListPro\ListProAlarms.exe
O4 - Startup: Wallpaper Changer.lnk = C:\Creative art tools\WallpaperToy\Wallpapertoy.Exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = C:\WINDOWS\twain_32\ca561a\SnapDetect.exe
O4 - Global Startup: Microsoft Office.lnk = Office\OSA9.EXE
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.60.38.0_MEGAPANEL_USA.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4054/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9E133E16-B8CD-419C-B414-4F9C29534ED3} (SLScheck Control) - http://www.thinsoftinc.com/BeTwin2000Registration/controls/SLScheck.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v5.cab
O16 - DPF: {F4E59691-8BC1-446B-9F89-B4C8621D2079} (RegisterBeTwin2000 Control) - http://www.thinsoftinc.com/BeTwin2000Registration/controls/RegisterBeTwin2000.ocx
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: EPSON V3 Service2(02) (EPSON_PM_RPCV2_02) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP2.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BeTwin Terminal Services (TermService) - ThinSoft Inc. - C:\WINDOWS\System32\BeTwinServiceXP.exe

I think I got lost on some of the things that I was to delete manually, because I couldn't exactly understand the scan reports. You will have to tell me one by one if you see something.
I will wait with bated breath about what I need to do now


----------



## mdmom (Jul 4, 2005)

PS---so far nothing bad --no alien country driving my mouse; No demon possessed task manager: No needing to log off and reboot repeatedly to get my "virtual life" back---all since I completed those simple instructions---thank you very much. 
Hope I didn't jinx myself. 
I will let you know what happens next.


----------



## mdmom (Jul 4, 2005)

Just wanted to let you know that I think this is a solved problem. No uncontrolled mouse or manager for 10 days. Thank You very Much.


----------

