My scan takes around 10 hours. It hangs when it is scanning for CoolWWWSearch.Feat2DLL. It also cannot remove all of the problems it finds (CWS stuff).

Attached is my HijackThis log.

(Please note that when I tried to save my HJT log, Norton AntiVirus stopped me from saving it because it said it found a virus in it. This happened 2 or 3 times. Finally I disabled NAV and saved the log and then re-enabled NAV. Also when I first tried to attach the log to this post, NAV deleted it. I had to disable NAV and do it again. NAV says it is finding the virus MHTMLredir.Exploit (or similar name) in the file. Any idea why this happened?)

Finally, I am also attaching my last S&D Report.

I also posted in the thread dedicated to this problem, at http://forums.spybot.info/showthread.php?t=1469

Thank you for your time.

I see the HJT file still did not upload. I'm trying again.

Nope. -- The Manage Attachments window tells me it is an invalid file.

Can someone help me on this? I can't even get my HJT file over to you :(

Thank you.

Copy it to the clipboard and paste it to a post.

Thanks for the advice -- here it is.

Logfile of HijackThis v1.99.1
Scan saved at 11:02:24 AM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Matti Marcus\Desktop\hijackthis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6BCDE398-C8C8-7128-9CA9-82F81B85402E} - C:\WINDOWS\system32\d3vb32.dll
O2 - BHO: (no name) - {A27CDECD-100E-4D81-C7F0-7E2D9F1C3BE0} - C:\WINDOWS\system32\mskt.dll
O2 - BHO: (no name) - {A35C3A46-8DF5-C51B-E965-4BD3DD00597D} - C:\WINDOWS\system32\d3hf.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E426BCED-DD32-904C-AC71-CE36B0634506} - C:\WINDOWS\d3by32.dll
O2 - BHO: (no name) - {F0085FF2-DF20-4E05-E911-8A69C50843F1} - C:\WINDOWS\msjg32.dll
O2 - BHO: (no name) - {F0D81A42-6809-2DA7-9649-78825C8E9FB0} - C:\WINDOWS\netgv32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QBCD Autorun] D:\autorun.exe restart TIMER_SEQUENCE first
O4 - HKLM\..\Run: [2CF.tmp] C:\DOCUME~1\MATTIM~1\LOCALS~1\Temp\2CF.tmp.exe 0 28129
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p LPT1: -pn "" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [Windows Time] winmgr.exe
O4 - HKLM\..\Run: [Mircrosoft Svchost32] svchost32.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunServices: [Windows Time] winmgr.exe
O4 - HKLM\..\RunServices: [Mircrosoft Svchost32] svchost32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mouo] C:\PROGRA~1\COMMON~1\mouo\mouom.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSxdm59386US
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C:one.MHT!http://www.t058.com//inst//x.chm::/open.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Hi

Download then extract about buster to your desktop
http://www.downloads.subratam.org/AboutBuster.zip
then run the program.

Start Hijackthis and place a check next to these items If there.
Close all browser windows and shut down all other programs that show in the taskbar.(even Folders)
O2 - BHO: (no name) - {6BCDE398-C8C8-7128-9CA9-82F81B85402E} - C:\WINDOWS\system32\d3vb32.dll
O2 - BHO: (no name) - {A27CDECD-100E-4D81-C7F0-7E2D9F1C3BE0} - C:\WINDOWS\system32\mskt.dll
O2 - BHO: (no name) - {A35C3A46-8DF5-C51B-E965-4BD3DD00597D} - C:\WINDOWS\system32\d3hf.dll
O2 - BHO: (no name) - {E426BCED-DD32-904C-AC71-CE36B0634506} - C:\WINDOWS\d3by32.dll
O2 - BHO: (no name) - {F0085FF2-DF20-4E05-E911-8A69C50843F1} - C:\WINDOWS\msjg32.dll
O2 - BHO: (no name) - {F0D81A42-6809-2DA7-9649-78825C8E9FB0} - C:\WINDOWS\netgv32.dll
O4 - HKLM\..\Run: [2CF.tmp] C:\DOCUME~1\MATTIM~1\LOCALS~1\Temp\2CF.tmp.exe 0 28129
O4 - HKLM\..\Run: [Windows Time] winmgr.exe
O4 - HKLM\..\Run: [Mircrosoft Svchost32] svchost32.exe
O4 - HKLM\..\RunServices: [Windows Time] winmgr.exe
O4 - HKLM\..\RunServices: [Mircrosoft Svchost32] svchost32.exe
O4 - HKCU\..\Run: [mouo] C:\PROGRA~1\COMMON~1\mouo\mouom.exe

Optional fix's >
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZSxdm59386US
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download this file to your desktop
http://www.mvps.org/winhelp2002/DelDomains.inf
Close all browsers, right-click and select: Install
It realy doesnt install, just clears all sites in the domains and Ranges keys.
Afterward's you will need to immunize again in SpyBot and re-protect again with SpywareBlaster
or re-install iespyadds if its installed, then the file itself can be deleted (DelDomains.inf)

Post a fresh hijackthis log please, be sure to mention any current problems.

Hi Lonny and thanks for your time.

I ran AboutBuster twice, it showed a lot of files removed and cleaned.

Then I ran HijackThis and told it to fix the problems you indicated. That part seemed to work fine; however, when I tried to save a log file I received a notice from NAV that it has "detected and removed a virus" from my computer. The virus name given is MHTMLRedir.Exploit. This happened last time I originally tried to save the log, and I turned off NAV for a few minutes in order to save the log and post it to this thread. However, I'm wondering if it might be a better idea to get to the bottom of this MHTMLRedir.Exploit virus. So I will wait and see what you suggest.

Please advise what I should do next.

Thanks once again.

Nav is over reacting, ignore it and post that hjt log

Logfile of HijackThis v1.99.1
Scan saved at 11:22:59 AM, on 1/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Matti Marcus\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QBCD Autorun] D:\autorun.exe restart TIMER_SEQUENCE first
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p LPT1: -pn "" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.124.130 (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C:one.MHT!http://www.t058.com//inst//x.chm::/open.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Start Hijackthis and place a check next to these items If there.
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://C:one.MHT!http://www.t058.com//inst//x.chm::/open.exe
====================================
Hit fix checked and close Hijackthis.

This still needs to be done :)

Download this file to your desktop
http://www.mvps.org/winhelp2002/DelDomains.inf (http://www.mvps.org/winhelp2002/DelDomains.inf)
Close all browsers, right-click and select: Install
It realy doesnt install, just clears all sites in the domains and Ranges keys.
Afterward's you will need to immunize again in SpyBot and re-protect again with SpywareBlaster
or re-install iespyadds if its installed, then the file itself can be deleted (DelDomains.inf)

Post a fresh hijackthis log please, be sure to mention any current problems.

Whoops! Sorry I hadn't noticed the rest of your instructions, I kinda ignored all the text after the ~~~~~~~ thinking it was a sig.

Now I did everything, and I am pasting my HJT log below. Note that this time when I saved my HJT log, NAV did not find the MHTMLRedir.Exploit virus. :bigthumb:

Also please note that I tried to run Spybot S&D but it is still extremely slow (slows down when searching for CoolWWWSearch.Feat2DLL). I don't know if this is the appropriate thread for that problem.

Anyway, here's the log:

Logfile of HijackThis v1.99.1
Scan saved at 12:49:54 PM, on 1/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Matti Marcus\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [QBCD Autorun] D:\autorun.exe restart TIMER_SEQUENCE first
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\SetConfig.exe -c Direct -p LPT1: -pn "" -n 1 -l 1033 -sl 120000
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Hi

Post thew report from this free online scan
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Save the report and post it back here please if there are any that it is unable to deal with.

And a hijackthis ads scan log
start hijackthis click config >msic tools > open ads spy (leave the settings where they are) click scan then if anything shows save log and post that

I ran the Panda scan and attached is the report. After I ran the scan I downloaded the trial version of software to fix the problem, it found and disinfected 110 files (spyware?). (As an aside, the scan took over 12 hours to run.)

I then ran the HijackThis Ads Spy and it found nothing.

Thanks.

Ok , good idea.

BUT now uninstall one of those antivirus programs,(preferably Norton) never a good idea to have two or more installed much less running at the same time.

Let us know the file names/locations if any baddies are found if they cannot delete or cure them.

In my ActiveScan report (posted in my last post) there were more than 110 problems found, but when I ran the Panda downloaded software (titanshuk.exe) it found and fixed 110. Is there anything more I need to do?

I just ran a NAV scan and it found no problems.

My Spybot S&D still hangs when it starts searching for CoolWWWSearch.Feat2DLL, although I am not sure if that is due to malware or some other issue.

I currently have Norton Internet Security and NAV enabled, also Spyware Blaster enabled. Is there a conflict there?

I appreciate all your help, please let me know if there is anything further I need to do or if my computer seems to be clean. (If my computer does seem to be clean, what steps can I take to keep it that way?)

Thanks.

Hi
Did you uninstall one of the antivirus programs ?

Its always possible there is a conflict but never disable the antivirus protection unless your unpluged from the internet and even then just to see if a conlict exists.

Open Taskmanager > go to the perfomance tab and tell us how many graphs are there ? two or three ?

Did not uninstall anything yet. I would like to keep the NAV as it is paid for and the other one is only a one-month trial version. Please let me know what you think (or is there some other free anti-virus that is better than NAV).

Performance tab shows a CPU Usage graph (and CPU Usage History), and a PF Usage graph (and PF Usage History). So, either 2 or 4 :).

Hi

Is SpyBot still detecting feat2 ? or just slow at that area of the scans ?

Does your task manager look like the one here ?
http://www.intel.com/support/processors/pentium4/sb/CS-017371.htm#3
Im trying to find out if your pc has HTT "Hyper-Threading Technology"

Uninstall panda and preferably norton when its substription runs out,
I recommend either avg free, avast4 or antivir over it any day, but if you have a choice and can pay for one get Nod32 , Kaspersky or avgs profesional version, its entirly up to you though.

Hi.

Spybot is slowing down at that point. I haven't run it through the entire scan since I was just checking to see if it is still slow or fast (as soon as I saw it still hangs, I stopped the scan), so I don't know if it will detect it or not. (It takes overnight to scan. Let me know if you want me to run it tonight.)

I know that I have HTT on my computer just don't know if it is enabled... my task manager does NOT look like the one in the link you provided. I have only one CPU Usage History graph.

I uninstalled Panda. Will keep your recommendations in mind for when NAV expires.

Thanks.

Hi

Are there any symtoms or problems other than ssd is slow now ?


Reboot into safe mode Click here if needed (http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/boot_failsafe.mspx) For instructions.

Get a startup list from hijackthis
Start Hijackthis click config misc tools >
plcase a check in [X] list also minor sections
and [X] list empty sections, then click gernerate startuplist log.

While still in safe mode scan with your antivirus program then SpyBot

restart back to normal and post that startup list, its large you might need to attach or post half at a time

No symptoms other than that my computer is slow at times... it might be NAV?

I followed your instructions except for running antivirus while in safe mode which I was unable to do as NAV cannot run in safe mode.

Spybot ran as usual, slowed at CoolWWWSearch.Feat2DLL, I ran it overnight and then it found 4 problems (no CWS problems) and was able to fix all four.

Here is the startuplist log.

Thank you very, very much.

Thanks

I dont see anything out of line, except that Panda even if not running should be uninstalled.
we can see as
Panda Process Protection Driver: \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (autostart)
Panda Process Protection Service: "C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe" (autostart)
Its best to never have more that one av program installed much less running at the same time

Updates were out friday have you checked for problems since then ?

In my control panel, add/remove programs, it does not show any Panda program. How would I go about uninstalling it, or should I just delete the files/folder from C:/Program Files?

I ran Spybot on Friday but NOT after updating (as I ran from safe mode and couldn't update from there). I would love to have the slow scan issue resolved so that scanning should not be such a big deal for me anymore, should I post to the thread dedicated to that, as you don't seem to think there are any more malware issues on my pc?

Hi

I sugggest you install it again then uninstall the program.
keep us informed

This topic will now be archived to prevent others with similar issues posting in it.
If you need it re-opened please send me or Lonny a pm.

Glad we could help.

Re-opend on request

Thanks for re-opening, Lonny. (AND thanks for all your help.)

My remaining issues are:

1. (minor issue) I cannot un-install Panda, it is not showing in my control panel and when I re-downloaded it to re-install it, it did not let me install unless I first un-install NAV (which I prefer not to do).

2. (larger issue) My computer freezes up pretty often, I would say average once a day -- sometimes even a few times a day -- freezes to the point where I have to turn the whole thing off manually by switching the surge protector off (shutting down doesn't even work). The program varies, sometimes it is Outlook which will freeze, other times Word, Firefox, Visual Studio -- I can't tell a pattern.

3. (large issue) My Spybot S&D scans still take forever.

Thanks!

Hi

If you have to uninstall Norton (temporaraly) to install then uninstall panda do so.

Nina98765: Please completely uninstall Panda first as Lonny suggested above, since that may fix the problem with Spybot too. But if it doesn't, see the rest of my post.

LonnyRJones & Nina98765: Regarding the slow Spybot scans, I'd like to try something that sounds a bit radical, but I'm aware of one case that this has worked.

Please make a copy of the entire Spybot - Search & Destroy folder somewhere else, such as on the desktop or even on a flash drive or writeable CD if you have one. The folder is typically less then 25MB, including all sub-folders.

Do not move the folder, leave the original where it is, make certain it's a copy. Using Windows Explorer to right-click and drag the folder from C:\Program Files\ to the new location and drop it, then selecting 'Copy Here' is the easiest method.

Once the entire set of Spybot folders have copied, browse to that new folder, find SpybotSD.exe and double-click it to run the new copy of Spybot. Try a scan as you normally would and tell us what happens.

Please don't destroy the original Spybot - Search and Destroy folder if this works, since we may want you to get us some information about it. Again, I know it sounds strange, but this entire problem is both rare and strange, so it's worth a try based on what I've heard.

Thanks for taking time to try it and give us feedback.
Bitman

Lonny: I successfully un-installed Panda.

Bitman: I tried what you suggested... copied my C:\Program Files\Spybot - Search & Destroy folder to the desktop, and ran the program from there... it did not help -- same problem. I can pinpoint the spot where the program slows, if that helps... it is at #7255... I can hear my CPU start to grind away when it gets to that spot; it seems to be working very hard.

Where do I go next?

Hi

Download and run cwshredder, let us know if it detected and removed anything
http://www.trendmicro.com/cwshredder

Run Hijackthis click config > misc tools > open ads spy
uncheck all three box's near the top, click scan and save the log , post it please.

Hi, and thank you.

CWShredder found nothing.

Here is my HJT log

Hi Nina

Do another Hijackthis ADS spy scan, place a check next to these
C:\WINDOWS\$NtServicePackUninstall$\twain_32.dll : ehjamu (11592 bytes)
C:\WINDOWS\$NtServicePackUninstall$\winhlp32.exe : fqubm (10752 bytes)
C:\WINDOWS\$NtUninstallKB896358_0$\hh.exe : cfbfi (3347 bytes)
C:\WINDOWS\$NtUninstallKB896358_0$\hh.exe : fdfsgu (11592 bytes)
C:\WINDOWS\$NtUninstallKB896358_0$\hh.exe : fgneos (10752 bytes)
C:\WINDOWS\$NtUninstallKB896358_0$\hh.exe : myobej (11592 bytes)
C:\WINDOWS\$NtUninstallKB896358_0$\hh.exe : wmdoe (29696 bytes)
C:\WINDOWS\pss\system.ini.backup : jwrhq (10752 bytes)
C:\WINDOWS\pss\system.ini.backup : xdjle (99626 bytes)
C:\WINDOWS\SYSTEM32\msjet40.dll : SummaryInformation (88 bytes)
C:\WINDOWS\SYSTEM32\msjet40.dll : {4c8cc155-6c1e-11d1-8e41-00c04fb9386d} (0 bytes)
=====================
click remove selected

Purge system restore
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Then Reboot. < Dont skip that step.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

=============================
Now let us know of any problems please

Hi,

I followed all the directions.

I then tested Spybot S&D -- it still takes forever (I aborted it). As to whether my computer will stop freezing, I guess only time will tell... so far, no other issues to report.

Thanks.

If your willing try this

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems
Copy the contents of the sentitems folder first then run Hijackthis ads spy and fix all item in that same folder

Hi,

I tried what you said and then tried to run Spybot S&D. It "hung" at the same place. I had noticed that the HJT also "found" all my backed-up files. So I burned them to a CD and deleted them entirely from my hard drive and tried Spybot again, I got excited 'cause it didn't hang in the same place... but it hung a little further down (still while searching for CoolWWWSearch.Feat2DLL).

Also when I tried to download updates for Spybot S&D, before running it, I got a bad checksum error. Just by the way.

Hi
Post another Hijackthis ADS spy scan, taken the same way as before
(uncheck all three box's)
Are there any other problems with the pc ? even if they do not seem related mention them

For the bad checksum error see this
http://www.safer-networking.org/en/faq/20.html

I ran HJT again, here is the log:

C:\CNHS\Misc Docs\317113 - HOW TO Automate Microsoft Access From Visual Basic _NET_files\Thumbs.db : encryptable (0 bytes)
C:\CNHS\vbnetnewnew\bin\graphics\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Matti Marcus\Local Settings\Temporary Internet Files\Content.IE5\WBPV6MV9\statement[1].qfx : Zone.Identifier (26 bytes)
C:\Documents and Settings\Matti Marcus\My Documents\My Pictures\LOW_RES\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Matti Marcus\My Documents\My Pictures\Microsoft Clip Organizer\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Matti Marcus\My Documents\My Pictures\New Folder\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Matti Marcus\My Documents\My Pictures\ProfessionalPicsAdar5765\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Matti Marcus\My Documents\My Pictures\purim\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Matti Marcus\My Documents\My Pictures\Summer05\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Matti Marcus\My Documents\My Pictures\Teves5765\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Matti Marcus\My Documents\My Pictures\Thumbs.db : encryptable (0 bytes)
C:\Documents and Settings\Matti Marcus\My Documents\My Pictures\tripWithAbba\Thumbs.db : encryptable (0 bytes)
C:\RECYCLER\S-1-5-21-381763778-2665951338-1883327859-1008\Dc924.exe : Zone.Identifier (26 bytes)

Should I just clean these out? None of them look important to me.

I can't think of any other problems besides for the slow scanning, and the computer freezing up and acting slow.

Thanks a lot.

Thanks

Yes Have hjackthis remove all except the two "Zone.Identifier (26 bytes)"

Then see if a SpyBot freezes
If there are still problems
Download and run ATF Cleaner:
http://www.atribune.org/forums/index.php?showtopic=1332

Hi,

I removed the stuff HJT found, I'm running Spybot now. I was just wondering, how long should a normal scan take?

At most about ten minutes

I ran Spybot after deleting all the stuff HJT found (except for the two) and aborted it after an hour or so. Then I downloaded and ran the ATF cleaner but Spybot is still slow (I aborted it after 20 minutes). Thank you.

Nina98765
I haven't forgotten you
I'm out of ideas for now, sorry.

I was wondering :) Thanks for all your help anyway.

This topic will now be archived to prevent others with similar issues posting in it.
If you need it re-opened please send me a pm and provide a link to the thread.

Thanks.