Kaspersky found this dammit!

http://www.viruslist.com/en/viruses/encyclopedia?virusid=139198

Help!!

Hi, Welcome to Spybot!

Click HERE (http://ralphcaddell.com/Uploads/HjThis.exe) to download a self-extracting version of Hijackthis. Double click on the file, by default it will extract itself to C:\Hijackthis

Next, double click on Hijackthis.exe. Click "Scan System and Save a Logfile." A Notepad will appear in your screen, copy and paste the contents of the notepad to your next reply.

Hi Angel and thanks in advance!:bigthumb:

Logfile of HijackThis v1.99.1
Scan saved at 19:20:55, on 31/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6060920
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6060920
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.11/cfweb_activex.camfrogweb.com-advanced-2.0.1.11_instmodule.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159511014968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Hi,

I see you are running 2 antivirus applications at the same time. Please uninstall your other antivirus and only keep 1. Not only will 2 or more AV's slow down your pc's performance but it reduces your overall system security at the same time. Use Add/Remove Programs in the Control Panel to uninstall the Antivirus that you don't want to keep.

Reboot after uninstalling

If you will uninstall Norton, you might want to try this tool HERE (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039?Open&src=&docid=2001092114452606&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=) if the uninstall isn't successful.

WARNING: If you'll use the tool above, you will also lose Norton Ghost.

_________________________

Do you still have the kaspersky scan log there? If you still have it, please post the log in your next post if not, please scan with it again after you run AVG Antispyware.

*A few optionals that I would recommend be uninstalled.

LimeWire
BitTorrent

These programs are very likely the reason your system is infested with malware. Even when a programs like these are not infected themselves, it will still bring malware into your system because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. I recommend that you remove these programs from your system.

Absolute Poker

I recommend that you don't play poker on that site anymore. These sites tend to bring malware to your system. If you want a safe site to play poker, you can try this: www.pokerstars.net

*Click Start > Control Panel > Add or Remove Programs and uninstall the items I listed in bold if found.

*Reboot and delete these folders if you uninstalled the programs.

C:\program files\limewire
C:\program files\bittorrent

_________________________

*Run AVG Anti-Spyware
From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Exit AVG Anti-Spyware. DO NOT scan yet.

*Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune

DO NOT USE IT YET!!

*You need To disable Windows Defender temporarily, it can stop our fix. Please Re-enable it after your system is clean.

Open Microsoft Windows Defender. Click Start > Programs > Windows Defender
Click on Tools > General Settings
Under Real-time Protection options, unselect the turn on real-time protection check box.
Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Fix the following if you uninstalled limewire:

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

Fix the following if you uninstalled Absolute poker:

O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

Close your browsers and all open windows except for HijackThis, then click "Fix checked".

Close HijackThis.

__________________________________

You may want to print these instructions here or save them in notepad since you'll work offline.

Reboot into Safe Mode.

To enter Safe Mode..

Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose:Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click
No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE:If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Please run AVG AntiSpyware, and run a full scan as follow:

IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning process.

Launch AVG AntiSpyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save Report As" button in the lower left hand of the screen and save it to a text file on your system. (Make sure to remember where you saved that file, this is important).
Close AVG AntiSpyware.
Reboot to normal mode.

On your next reply, please include the log from AVG Antispyware, a fresh Hijackthis log and the kaspersky scan log.

Ok, before i do anything i only see 1 antivirus on my system, Mcaphee, which ran out.

Today i downloaded and installed AVG free antiV.

I could renew my Mcaphee if you thought that would be the best option for pc security, or delete it and go with AVG freeware, which i got from download.com

What's your advice, then i'll follow the above after.

Did you have Norton Antivirus once in your machine? If so, please follow the instructions on running the Norton removal tool in my previous post. Take note that the removal tool will also remove Norton Ghost.

It is all up to you if you want to renew McAfee or not. If you can't afford to pay for McAfee, AVG Free is also good. Just remember that you must uninstall the other Antivirus that you have there and keep the one you chose to use.

Norton binned.

Removing Mcafee and keeping avg.

Here's the kaspersky log as requested, i'm moving onto the other stages above.

Thursday, October 26, 2006 9:03:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/10/2006
Kaspersky Anti-Virus database records: 235083


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 61944
Number of viruses found 4
Number of infected objects 11 / 0
Number of suspicious objects 0
Duration of the scan process 00:36:48

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masdata.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masevents.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\Bec\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

C:\Documents and Settings\Bec\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped

C:\Documents and Settings\Bec\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped

C:\Documents and Settings\Bec\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Bec\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Bec\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Bec\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Bec\Local Settings\History\History.IE5\MSHist012006102620061027\index.dat Object is locked skipped

C:\Documents and Settings\Bec\Local Settings\Temp\Perflib_Perfdata_1310.dat Object is locked skipped

C:\Documents and Settings\Bec\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Bec\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Bec\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\David\.housecall6.6\Quarantine\two.exe.bac_a05692 Infected: Trojan-Dropper.Win32.PurityScan.ah skipped

C:\Documents and Settings\David\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\AUPNP.log Object is locked skipped

C:\Documents and Settings\David\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped

C:\Documents and Settings\David\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped

C:\Documents and Settings\David\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cert8.db Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\googlesafebrowsing.db Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\history.dat Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\key3.db Object is locked skipped

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\parent.lock Object is locked skipped

C:\Documents and Settings\David\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\David\Desktop\drsmartload1135a.exe Infected: Trojan-Downloader.Win32.Adload.hd skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\David\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\History\History.IE5\MSHist012006102620061027\index.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\hsperfdata_David\3272 Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\Perflib_Perfdata_a0c.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temp\Perflib_Perfdata_ecc.dat Object is locked skipped

C:\Documents and Settings\David\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\David\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\David\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Dell Network Assistant\Logs\ezi_hnm.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0004530.exe Infected: Trojan-Downloader.Win32.Adload.hd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0004533.exe Infected: Trojan-Downloader.Win32.Adload.hd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0004545.exe Infected: Trojan-Downloader.Win32.Adload.hd skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0004639.rbf Infected: Backdoor.Win32.MSNMaker.w skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0005930.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0005930.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0005931.exe Infected: Trojan-Dropper.Win32.PurityScan.ah skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0005932.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0005932.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{35BD42BC-F64D-4D65-A2BC-35F578A329DD}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped

C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_12c.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_710.dat Object is locked skipped

C:\WINDOWS\Temp\sqlite_bNBXXEYXVl0dVwI Object is locked skipped

C:\WINDOWS\Temp\sqlite_dr7eAJcYal5ScQ2 Object is locked skipped

C:\WINDOWS\Temp\sqlite_hAxgL9IVnid934i Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\change.log

All done.

Limewire and APoker left on system, i'll be careful!

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 15:32:53, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6060920
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6060920
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.11/cfweb_activex.camfrogweb.com-advanced-2.0.1.11_instmodule.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159511014968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

AVG log:


+ Created at: 03:04:59 27/10/2006

+ Scan result:



C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0005930.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0005932.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP29\A0004639.rbf -> Backdoor.MSNMaker.w : No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0004530.exe -> Downloader.Adload.hd : No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0004533.exe -> Downloader.Adload.hd : No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP28\A0004545.exe -> Downloader.Adload.hd : No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP34\A0005972.exe -> Downloader.Adload.hd : No action taken.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP33\A0005931.exe -> Dropper.PurityScan.ah : No action taken.
:mozilla.25:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.26:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.27:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.28:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.29:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.30:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.31:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.60:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.17:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.44:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.91:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.75:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.18:C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\e5ccbun7.default\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end

The purity scan listed there is actually ok because it is only a backup in case you'll use system restore. The infection will only be active if you have used system restore. The other one was quarantined by a housecall scan you probably initiated. However, there are some minor junk in your log..

Using Windows Explorer, find and delete these files:

C:\Documents and Settings\David\.housecall6.6
C:\Documents and Settings\David\Desktop\drsmartload1135a.exe

Empty your recycle bin.

_________________________

There is still one Symantec entry that was left..

*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Close your browsers and all open windows except for HijackThis, then click "Fix checked".

*Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type delservices.bat in the File name and save it to your desktop.


@echo off
sc stop "Symantec Core LC"
sc delete "Symantec Core LC"


Locate delservices.bat on your Desktop and double-click on it.

__________________________

Your Java is out of date....
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
Click Start > Control Panel
Click Add/Remove Programs
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove button.
Repeat as many times as necessary to remove all versions of Java.
Reboot your computer once all Java components are removed.
Then download Java Runtime Environment 6 (http://java.sun.com/javase/downloads/index.jsp), and install it to your computer.

Reboot and post a final hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 18:30:21, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6060920
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ap.dell.com/content/default.aspx?c=au&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=6060920
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.11/cfweb_activex.camfrogweb.com-advanced-2.0.1.11_instmodule.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1159511014968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


I couldn't find this, i was using the search function and cut n pating it in exactly. Don't know how else to find it

C:\Documents and Settings\David\Desktop\drsmartload1135a.exe

I couldn't find this, i was using the search function and cut n pating it in exactly. Don't know how else to find it

That's alright. It was probably deleted sometime before..

I forgot to ask you delete this folder before. It's a leftover from Norton.

C:\Program Files\Common Files\Symantec Shared

Empty your recycle bin.


__________________________

Congratulations your log looks clean! :bigthumb:

This is a good time to clear your existing system restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore

Select Create a restore point, and Ok it.

Next, go to Start > Run and type in cleanmgr

Select the More options tab

Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.
______________________
Here are some free programs I recommend that could help you improve your pc's security.

Firewall Application - Although Windows Xp comes with a firewall, you should not rely on it because the Windows Firewall can only filter incoming data; outgoing traffic is not controlled, meaning that malware/viruses that are present in your computer can access the internet with no restrictions. There are several other Firewall that can protect you better by filtering incoming and outgoing data. Make sure you get only one of these.

» ZoneAlarm (http://www.zonelabs.com)
» Kerio (http://http//www.sunbelt-software.com/Kerio-Download.cfm)

Adaware
~You can download it from here (http://www.lavasoft.de)
~There is a tutorial on how to use Adaware properly here (http://forums.spywareinfo.com/index.php?showtopic=11150)

Install SpyWare Blaster
~You can download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
~You can read the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

Install WinPatrol
~You can download it from here (http://www.winpatrol.com/download.html)
~You can get some information about how WinPatrol works here (http://www.winpatrol.com/features.html)

Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

Please check out Tony Klein's article "How did I get infected in the first place?" (http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html)

Happy safe surfing!

cleanmgr

Only offers me c drive or d drive, i dont get the More options tab??

And while i remember, the reason i scanned in the first place was a freeware antispy told me i had a keylooger/screenshotcapture program o the pc.

I forget which one it was.

It showed when i ran the freeware scan, but not on any of the better scans such as Kaspersky.

I assume this was a fake finding to get me to register?

I removed the freeware prior to posting here.

I downloaded adwatchse personal, but realise i have pro on my system. which should i keep?

I downloaded adwatchse personal, but realise i have pro on my system. which should i keep?

Keep pro if your subscription still hasn't ended.


I assume this was a fake finding to get me to register?

Most likely it was. Are you still getting problems with that? let's check just to be sure.

Here is a screen shot of cleanmgr..

http://img108.imageshack.us/img108/1421/cleanmgrwv3.jpg


Open HijackThis > Click "Misc Tools Section"
Click "Open Uninstall Manager".
Click "Save List".
Save it to your Desktop.
Copy the contents of the file to your next reply.

1Click DVD Copy 4.2
924PLC32
ABBYY FineReader 6.0 Sprint
Absolute Poker
Ad-Aware SE Professional
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
Apple Software Update
AVG Anti-Spyware 7.5
AVG Free Edition
BitTorrent 5.0.3
CamfrogWEB Advanced ActiveX Plugin (remove only)
CCleaner (remove only)
CinepPlayer 30 Update
Conexant D850 56K V.9x DFVc Modem
Dell CinePlayer
Dell Media Experience
Dell Network Assistant
Dell Photo AIO Printer 924
Dell Support 3.2
Digital Line Detect
DivX Codec
DivX Player
DVD43 v3.9.0
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
Hotfix for Windows XP (KB929120)
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iPod for Windows 2006-01-10
iTunes
Java(TM) SE Runtime Environment 6
Judge Dredd Pinball
Kaspersky Online Scanner
LimeWire 4.12.6
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Professional Edition 2003
Microsoft Works
Modem Helper
Mozilla Firefox (1.5.0.9)
MSN Messenger 7.5
MSXML 4.0 SP2 (KB927978)
NetWaiting
Panda ActiveScan
PC Camera
psa128max
QuickTime
RealPlayer Basic
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
SpywareGuard v2.2
Star Wars Battlefront
TomTom HOME
Uniblue Registry Booster
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
URL Assistant
Viewpoint Media Player (Remove Only)
WinAce Archiver 2.0
Windows Defender
Windows Installer Clean Up
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinPatrol
ZoneAlarm

When i type cleanmgr into the 'run' box it brings up a tiny box with the option to clean c drive or d drive, no other option of any kind, no big windows box like you showed.

I noticed just then when i opened adawarese (which reminded why i haven't been using it) that a pop up came up saying something along the lines of "an attempt to change your ie homepage has been blocked, hot key 32 blah blah blah, restore old value or keep new value.

Which is why my definitions are 83 days old!

I couldnt get rid of the window without clicking on one of the options so i kept the old value, and my homepage is the same as ever.

I got this adaware from a mate on disc.

The time code on the pop up was the exact time i opened adaware, which makes me wonder if adware itself was attempting to change my homepage.

This happened the last time i opened it (83 days ago) as well.

Should i remove it and download a version?

Hi...You probably noticed that I'm online and I do not wish you to be waiting..Currently I'm doing homework specifically Geometry..Big pain in the brain..I'll have something for you tomorrow is that alright?

By the way, are you running Windows XP Home or Pro?

Home.

And no worries, enjoy the homework!

It is probably different in home. I'm running pro...There are other ways to clean the system restore anyway..Let's hold that off as of now.

Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". In 2006, this may change, read Viewpoint to Plunge Into Adware (http://www.clickz.com/showPage.html?page=3561546). I recommend that you remove it.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:

Viewpoint Media Player

Reboot..

______________________________________

That Adaware scenario is quite odd..

First, I suggest that you ask your "mate" where he got Adaware Pro. Then when you know that it came from a trusted source like download.com or from the main lavasoft site, update the definitions then run a full system scan. If you are unsure of where your "mate" got it, post back here. If he tells you that the software was "cracked" or something similar, uninstall your currrent version of Adaware pro then download and install the personal edition from the site that I have posted earlier, run a full system scan then post back here and tell me the results

I removed VMP.

And adaware pro just in case.

D.Lded adawarese personal and ran it, found nothing.

Delete this folder if still there:

C:\Program Files\Viewpoint

Empty your Recycle bin.

_____________________

Are you still experiencing any problems with adaware? If not, I want you to clear your system restore by doing this:

Turn off System Restore.

Right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore on all Drives.
Click Apply, and then click OK.

Reboot your System

Turn ON System Restore.

Right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore on all Drives.
Click Apply, and then click OK.

* Go to Start > Accessories > System Tools > System Restore > Create a New Restore Point
You can name the restore point anything you like, something that you can remember.

Done:bigthumb:

Make sure you read all my recommendations in my previous posts.

I'd have to say we're done:bigthumb:

Thanks Angel, ta for all your help.

It was my pleasure.

Take Care:D:

Glad we could help, as the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Anyone else with similar problems please start a new topic.