When i click on my documents and computer I get a "windows explorer has encountered a problem" message and sometimes windows explorer shuts down and restarts. I think I might be infected.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:32 PM, on 01/27/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: BhoApp Class - {08804AF8-7D13-B6A8-52F0-5286F0CAF48A} - C:\Program Files\altcmd\altcmd32.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: SpyPsy - {C420CF9F-D9D6-421F-958F-AA59906C2B12} - C:\WINDOWS\System32\gopfa.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222017318852
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7425566-F5C3-4172-BAC7-D56EC7080EF9}: NameServer = 85.255.116.126,85.255.112.215

--
End of file - 4708 bytes


Service pack still missing while instructed to update in previous topic (http://forums.spybot.info/showthread.php?t=34780&page=2)

Hi Nicholas Assue

Your log indicates that your system is seriously lacking in security updates. That issue needs to be addressed prior to cleaning your system. If you are for any reason unable to install security updates, it will not be possible to secure your system to any degree as it will just keep getting reinfected.

Accordingly, please do the following:


Download a diagnostic tool (MGADiag.exe) from >here< (http://go.microsoft.com/fwlink/?linkid=56062) and save the tool to your Desktop.
Double-click on MGADiag.exe.
Select "Continue."
Next, the Windows tab should open with a report in it. Select the "Copy" button.
Open Notepad and paste the contents of the clipboard into a Notepad text file and save it to your Desktop.
Paste the contents of that text file into a reply in this topic.

I've tried downloading the software you mentioned using the link you sent me but every time I click on it, I keep getting a loading error page.:scratch:what should I do?

Hi Nicholas Assue

You will need to validate your copy of Windows, please use Internet Explorer for the next step


Click here (http://www.microsoft.com/genuine/) to visit Microsoft website.
Click on the Validate Windows button on the top right hand corner to validate your Windows.
Click on Continue.
You will be prompted to install an ActiveX. Please install it.
Please copy and paste the results of the validation in your next reply.


Thanks peku006

I've done the first two steps you suggested, but I don't see a continue button like your third step mentioned. Instead the link below comes up so I try following that first but there's a problem. Their instructions were to right click the info bar in order to install the Active X Control you wanted me to install in the first place, but on my computer I'm not getting an info bar like in their example picture. I'm using Microsoft Internet Explorer like you said even to send you this message.








http://www.microsoft.com/genuine/validate/?displaylang=en&sGuid=769fc02d-fc99-4c96-a174-9f233716addd

Hi Nicholas Assue

Please do the following...

Download and install Windows XP Service Pack 1a (http://www.microsoft.com/downloads/details.aspx?FamilyID=0136e5f8-1684-4202-b2d0-c6a43430f12a&displaylang=en)

Please reply with

a fresh HijackThis log

Hey. Sorry for the constant inconvenience, but something is still wrong. I clicked on the link to download the software and the page came up fine. But when I clicked on the download button I got that error page again. I tried several times at different times of the day. I even tried on Internet Explorer and there the page just comes up blank. What could be causing these continuous interferences?:sad:

Hi Nicholas Assue

1. You can´t run MGADiag.exe.

2. You can´t Validate Windows.

3. You can´t download Windows XP Service Pack 1a

Sounds as though you may not have a legal copy of Windows.

It's not an illegal copy, it came with the computer.

Plus, I don't know nothing about computers. I am not savvy enough to know what an illegal copy is, let alone use one.

Hi Nicholas Assue

Where did you bought your computer
Any reason why your windows isn't up to date?

You don't have even ServicePack1 installed! Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems.
Before we continue, please do this (please use Internet Explorer)
visit windowsupdate (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us)

It's still not working but this may be why.

I once had to reinstall the operating system because of a previous problem using the back up disks available. My computer was inresponsive to attempted internet connections. Plus my entire desktop had dissappeared from the screen, including the start bar. All my files and information were still on the computer but the shortcuts were not.

Anyway this is what I got this time when I clicked on your link.

http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us

Hi Nicholas Assue

1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:

Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - download and run RSIT

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

3 - Status Check
Please reply with

1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log

Thanks peku006

something finally worked:

MBAB-log:

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600

02/10/2009 6:19:39 PM
mbam-log-2009-02-10 (18-19-39).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 69457
Time elapsed: 16 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 14
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\lospn (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c420cf9f-d9d6-421f-958f-aa59906c2b12} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lsksaq.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{95c6f0d7-507c-41e3-9e07-a78e15433e2b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d71c4af2-9e0d-4eb3-98a6-f542e6f360d9} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvcl1.bhoapp (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvcl1.bhoapp.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhclp9j0e129 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{08804af8-7d13-b6a8-52f0-5286f0caf48a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08804af8-7d13-b6a8-52f0-5286f0caf48a} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhclp9j0e129 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdxob.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\userinit.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b7425566-f5c3-4172-bac7-d56ec7080ef9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.126,85.255.112.215 -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b7425566-f5c3-4172-bac7-d56ec7080ef9}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.126,85.255.112.215 -> Delete on reboot.

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\768890 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nicholas\Application Data\rhclp9j0e129\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\System32\kdxob.exe (Rootkit.DNSChanger.H) -> Delete on reboot.
C:\WINDOWS\system32\gopfa.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CDE44F99-D6C1-47C2-A0A8-FE56651260EB}\RP41\A0004104.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

RSIT-logs:

log.txt:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Nicholas at 2009-02-10 18:27:08
Microsoft Windows XP Home Edition
System drive C: has 70 GB (92%) free of 76 GB
Total RAM: 127 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:27:25 PM, on 02/10/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Nicholas\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Nicholas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222017318852

--
End of file - 4741 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2001-08-18 843804]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"=C:\Program Files\Microsoft Works\wkfud.exe [2001-10-05 24576]
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe [2001-08-23 331830]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2001-08-16 28738]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-10-19 286720]
"BVRPLiveUpdate"=C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH []
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2001-08-18 13312]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-02-20 356352]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-19 342848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk - C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2009-02-10 18:27:08 ----D---- C:\rsit
2009-02-10 17:43:02 ----D---- C:\Documents and Settings\Nicholas\Application Data\Malwarebytes
2009-02-10 17:42:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-10 17:42:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-23 17:53:20 ----D---- C:\Config.Msi
2009-01-23 17:52:19 ----D---- C:\Program Files\DNA
2009-01-23 17:52:19 ----D---- C:\Program Files\BitComet
2009-01-23 17:51:51 ----D---- C:\Program Files\LimeWire
2009-01-23 17:51:51 ----D---- C:\Program Files\Kazaa

======List of files/folders modified in the last 1 months======

2009-02-10 18:23:53 ----D---- C:\Program Files\Mozilla Firefox
2009-02-10 18:22:58 ----A---- C:\WINDOWS\RTacDbg.txt
2009-02-10 18:22:50 ----D---- C:\WINDOWS
2009-02-10 18:22:46 ----D---- C:\WINDOWS\Temp
2009-02-10 18:22:43 ----D---- C:\Documents and Settings\Nicholas\Application Data\DNA
2009-02-10 18:22:09 ----D---- C:\WINDOWS\Debug
2009-02-10 18:21:55 ----RD---- C:\Program Files
2009-02-10 18:21:55 ----D---- C:\WINDOWS\System32\drivers
2009-02-10 18:21:55 ----D---- C:\WINDOWS\system32
2009-02-10 18:21:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-10 18:19:32 ----D---- C:\WINDOWS\Prefetch
2009-02-04 18:11:23 ----D---- C:\Program Files\AskBarDis
2009-02-02 23:27:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-02 16:30:52 ----A---- C:\WINDOWS\wininit.ini
2009-01-29 18:56:52 ----A---- C:\WINDOWS\ModemLog_Generic SoftK56.txt
2009-01-23 17:53:48 ----D---- C:\WINDOWS\System32\config
2009-01-23 17:53:38 ----D---- C:\WINDOWS\System32\wbem
2009-01-23 17:53:37 ----D---- C:\WINDOWS\Registration
2009-01-23 17:53:25 ----SHD---- C:\WINDOWS\Installer
2009-01-23 17:53:06 ----D---- C:\WINDOWS\System32\DirectX
2009-01-23 17:52:49 ----D---- C:\WINDOWS\RegisteredPackages
2009-01-23 17:52:46 ----D---- C:\Program Files\Xvid
2009-01-23 17:52:45 ----D---- C:\Program Files\Windows Media Player
2009-01-23 17:50:07 ----D---- C:\WINDOWS\System32\Restore
2009-01-23 17:09:32 ----D---- C:\WINDOWS\System32\CatRoot2
2009-01-23 16:55:34 ----RSHDC---- C:\WINDOWS\System32\dllcache
2009-01-23 16:55:20 ----HD---- C:\WINDOWS\inf
2009-01-23 16:55:17 ----D---- C:\WINDOWS\System32\CatRoot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2002-01-01 21035]
R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\System32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
R2 Fallback;Fallback; C:\WINDOWS\System32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\System32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\System32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 SoftFax;SoftFax; C:\WINDOWS\System32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\System32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\System32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 ati2mtaa;ati2mtaa; C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [2002-04-08 295168]
R3 basic2;basic2; C:\WINDOWS\System32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 hsf_msft;hsf_msft; C:\WINDOWS\System32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 Rksample;Rksample; C:\WINDOWS\System32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
R3 rtl8185;Airlink101 802.11g Wireless Cardbus/PCI Adapter Driver; C:\WINDOWS\System32\DRIVERS\rtl8185.sys [2007-06-14 306560]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-04-04 459944]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2001-08-17 50688]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2001-08-17 18944]
S3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 ati2mpaa;ati2mpaa; C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-17 281856]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\C:\WINDOWS\System32\drivers\Ndisprot.sys []
S3 s916bus;Sony Ericsson Device 916 driver (WDM); C:\WINDOWS\System32\DRIVERS\s916bus.sys [2007-11-02 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter; C:\WINDOWS\System32\DRIVERS\s916mdfl.sys [2007-11-02 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver; C:\WINDOWS\System32\DRIVERS\s916mdm.sys [2007-11-02 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM); C:\WINDOWS\System32\DRIVERS\s916mgmt.sys [2007-11-02 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface; C:\WINDOWS\System32\DRIVERS\s916obex.sys [2007-11-02 100008]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2001-08-17 21760]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------

info.txt:

info.txt logfile of random's system information tool 1.05 2009-02-10 18:27:28

======Uninstall list======

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7E518B2-B174-11D3-9D4E-0060B0A4823E}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Airlink101 Cardbus & PCI Wireless Configuration Utility-->C:\Program Files\InstallShield Installation Information\{94FE8955-027B-41E0-8192-89F14A9E25F7}\SETUP.EXE -v"ISSCRIPTCMDLINE=\"-d -zREMOVE\"" -l0x0009 -removeonly
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Encarta Encyclopedia Standard 2002-->MsiExec.exe /I{01001202-823E-46CD-A70E-BEE818F97169}
Microsoft Picture It! Photo 2002-->MsiExec.exe /I{C769A271-7E1C-48F9-B331-474600DD4C06}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2002 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2002\Setup\Launcher.exe E:\
Microsoft Works 6.0-->MsiExec.exe /I{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{C3A439E4-7303-491F-A678-CEA36A87D517}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sony Ericsson PC Suite 3.209.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows XP Hotfix - KB823559-->C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329048 for more information]-->C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329390 for more information]-->C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329441 for more information]-->C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) [See Q329834 for more information]-->C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q810833-->C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
Windows XP Hotfix (SP1) Q815021-->C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See Q329115 for more information]-->C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe

=====HijackThis Backups=====

O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll (file missing)
O2 - BHO: (no name) - {CFEE97A3-4911-444D-8BE8-E243A23D3DE2} - C:\Program Files\Applications\iebt.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

System event log

Computer Name: NICHOLAS-DT9Z5H
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{B7425566-F5C3-4172-BAC7-D56EC7080EF9} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 16214
Source Name: Tcpip
Time Written: 20090129205917.000000-300
Event Type: information
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040F4F8A126. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 16213
Source Name: Dhcp
Time Written: 20090129205912.000000-300
Event Type: warning
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 4202
Message: The system detected that network adapter \DEVICE\TCPIP_{B7425566-F5C3-4172-BAC7-D56EC7080EF9} was disconnected from the network,
and the adapter's network configuration has been released. If the network
adapter was not disconnected, this may indicate that it has malfunctioned.
Please contact your vendor for updated drivers.

Record Number: 16212
Source Name: Tcpip
Time Written: 20090129205912.000000-300
Event Type: information
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 4201
Message: The system detected that network adapter \DEVICE\TCPIP_{B7425566-F5C3-4172-BAC7-D56EC7080EF9} was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 16211
Source Name: Tcpip
Time Written: 20090129205857.000000-300
Event Type: information
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0040F4F8A126. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 16210
Source Name: Dhcp
Time Written: 20090129205852.000000-300
Event Type: warning
User:

Application event log

Computer Name: NICHOLAS-DT9Z5H
Event Code: 1000
Message: Faulting application wmplayer.exe, version 8.0.0.4477, faulting module msvcrt.dll, version 7.0.2600.0, fault address 0x00034748.

Record Number: 84
Source Name: Application Error
Time Written:
Event Type: error
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 4097
Message: The application, C:\Program Files\Windows Media Player\wmplayer.exe, generated an application error
The error occurred on 01/01/2050 @ 18:17:02.108
The exception generated was c0000005 at address 77C44748 (MSVCRT!Gettnames)

Record Number: 83
Source Name: DrWatson
Time Written:
Event Type: information
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 1000
Message: Faulting application wmplayer.exe, version 8.0.0.4477, faulting module msvcrt.dll, version 7.0.2600.0, fault address 0x00034748.

Record Number: 82
Source Name: Application Error
Time Written:
Event Type: error
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 4097
Message: The application, C:\Program Files\Windows Media Player\wmplayer.exe, generated an application error
The error occurred on 01/01/2050 @ 18:15:29.468
The exception generated was c0000005 at address 77C44748 (MSVCRT!Gettnames)

Record Number: 81
Source Name: DrWatson
Time Written:
Event Type: information
User:

Computer Name: NICHOLAS-DT9Z5H
Event Code: 1000
Message: Faulting application wmplayer.exe, version 8.0.0.4477, faulting module msvcrt.dll, version 7.0.2600.0, fault address 0x00034748.

Record Number: 80
Source Name: Application Error
Time Written:
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

Hi Nicholas Assue

Your system is heavily infected with lots of crap. ...
(I do not understand how it is possible, you do not know how to update windows , but you know how to use P2P programs)

There are three things which you need to do before we continue (if you do not do so....I can´t help you more)
visit this website (http://www.microsoft.com/downloads/details.aspx?FamilyID=0136e5f8-1684-4202-b2d0-c6a43430f12a&displaylang=en) Download and install Windows XP Service Pack 1a

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

DNA
BitComet
LimeWire
Kazaa



I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

There is no sign of an antivirus installed on your system. There are several reasons for it. Either you have disabled your antivirus or there's no antivirus installed.

If you have disabled it, please re-enable it. If you have no antivirus installed, please get ONE antivirus and install it. Restart the computer for changes to take effect.

avast! 4 Home Edition (http://files.avast.com/iavs4pro/setupeng.exe)
AntiVir Free Edition (http://www.antivir-pe.com/freet/index.php?id=25&domain=free-av.com)

Please post back a new HijackThis log after installing the antivirus and Service Pack 1

I did what you said and I installed the "avast" antivirus. I have the "spybot search and destroy" antivirus system already, I don't know how come you didn't see it in my last log files, but then again I haven't been upgrading it like you said so maby that's why, so I just installed the one you suggested. Let me know if I should uninstall the spybot system. Also I'm not sure how come you saw those file sharing programs as well. I got rid of the kazaa a long time ago and the bit torrent and limewire a few months ago. The only one I saw left was DNA but I just uninstalled today like you said. I didn't run a scan with the avast antivirus but after I reboot my p.c. I tried going into it and it said that I needed a license key word or something, so I tried exiting right away but when I did that my computer started freezing alot. It was like that for a while but now it seems to be operating normally again now. Should that be of any concern.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:17 PM, on 02/11/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222017318852
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 5385 bytes

Hi Nicholas Assue


I did what you said and I installed the "avast" antivirus. I have the "spybot search and destroy" antivirus system already, I don't know how come you didn't see it in my last log files, but then again I haven't been upgrading it like you said so maby that's why, so I just installed the one you suggested. Let me know if I should uninstall the spybot system
spybot search and destroy is not a antivirus program...


Also I'm not sure how come you saw those file sharing programs as well. I got rid of the kazaa a long time ago and the bit torrent and limewire a few months ago. The only one I saw left was DNA but I just uninstalled today like you said.
from you rsit log:

======List of files/folders created in the last 1 months======
2009-01-23 17:52:19 ----D---- C:\Program Files\DNA
2009-01-23 17:52:19 ----D---- C:\Program Files\BitComet
2009-01-23 17:51:51 ----D---- C:\Program Files\LimeWire
2009-01-23 17:51:51 ----D---- C:\Program Files\Kazaa

how is this possible if you have removed them a few months ago


I needed a license key word or something
you need to register it....Registration of avast! 4 Home Edition (http://www.avast.com/eng/home-registration.php)

I also noticed you only have 127 MB of RAM.....127 is really too little memory for XP..........

1 - Scan With ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable Anti-virus (http://www.bleepingcomputer.com/forums/topic114351.html)

Please include the C:\ComboFix.txt in your next reply for further review.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log

Thanks peku006

hi. So should I leave the spybot search and destroy system? also my computer is still moving alot slower than usual. Can you help me with that, please?

ComboFix 09-02-12.03 - Nicholas 2009-02-12 17:04:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.127.8 [GMT -5:00]
Running from: c:\documents and settings\Nicholas\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://theupdatedownload.com
.
((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 )))))))))))))))))))))))))))))))
.

2078-01-01 19:57 . 2009-01-30 17:03 54,156 --ah----- c:\windows\QTFont.qfn
2078-01-01 19:57 . 2078-01-01 19:57 1,409 --a------ c:\windows\QTFont.for
2009-02-12 16:12 . 2009-02-12 16:12 <DIR> d-------- c:\windows\LastGood
2009-02-12 15:49 . 2005-02-24 22:35 22,752 --a------ c:\windows\system32\spupdsvc.exe
2009-02-12 15:47 . 2009-02-12 15:53 1,374 --a------ c:\windows\imsins.BAK
2009-02-12 15:41 . 2009-02-12 16:28 <DIR> d--h----- c:\windows\$hf_mig$
2009-02-11 23:21 . 2004-03-29 20:48 36,864 --a------ c:\windows\system32\mf3216.dll
2009-02-11 23:21 . 2004-03-29 20:48 36,864 --a--c--- c:\windows\system32\dllcache\mf3216.dll
2009-02-11 19:28 . 2009-02-11 19:28 <DIR> d-------- c:\program files\Alwil Software
2009-02-11 19:28 . 2003-03-18 15:20 1,060,864 --a------ c:\windows\system32\MFC71.dll
2009-02-11 19:28 . 2003-03-18 14:14 499,712 --a------ c:\windows\system32\MSVCP71.dll
2009-02-11 19:28 . 2003-02-20 22:42 348,160 --a------ c:\windows\system32\MSVCR71.dll
2009-02-11 18:36 . 2009-02-11 18:36 <DIR> d-------- c:\windows\ServicePackFiles
2009-02-11 18:36 . 2009-02-11 18:36 <DIR> d-------- c:\windows\ehome
2009-02-11 18:24 . 2002-08-29 05:41 3,494,303 --------- c:\windows\system32\nv4_disp.dll
2009-02-11 18:23 . 2005-05-04 14:45 2,890,240 --a------ c:\windows\system32\msi.dll
2009-02-11 18:21 . 2002-08-29 05:40 1,180,672 --a------ c:\windows\system32\d3d8.dll
2009-02-11 18:20 . 2002-08-29 05:41 578,560 --a------ c:\windows\system32\appwiz.cpl
2009-02-10 18:27 . 2009-02-10 18:27 <DIR> d-------- C:\rsit
2009-02-10 17:43 . 2009-02-10 17:43 <DIR> d-------- c:\documents and settings\Nicholas\Application Data\Malwarebytes
2009-02-10 17:42 . 2009-02-10 17:43 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-10 17:42 . 2009-02-10 17:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-10 17:42 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 17:42 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-23 17:52 . 2009-02-11 19:03 <DIR> d-------- c:\program files\DNA
2009-01-23 17:52 . 2009-01-23 17:52 <DIR> d-------- c:\program files\BitComet
2009-01-23 17:51 . 2009-01-23 17:51 <DIR> d-------- c:\program files\LimeWire
2009-01-23 17:51 . 2009-01-23 17:51 <DIR> d-------- c:\program files\Kazaa
2009-01-23 16:55 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-23 16:55 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2009-01-23 16:55 . 2001-08-17 14:02 9,600 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-23 16:55 . 2001-08-17 14:02 9,600 --a--c--- c:\windows\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 23:56 --------- d-----w c:\program files\MSN Messenger
2009-02-04 23:11 --------- d-----w c:\program files\AskBarDis
2009-02-03 04:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-23 22:52 --------- d-----w c:\program files\Xvid
2009-01-01 22:19 --------- d-----w c:\program files\Common Files\Adobe
2009-01-01 22:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-01 22:10 --------- d-----w c:\program files\Samsung
2008-12-23 02:08 --------- d-----w c:\program files\Java
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 17:24 325000 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2002-08-29 13312]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 356352]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-05 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-16 28738]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-19 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-08-29 13312]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk - c:\program files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe [2002-01-01 811008]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-08-07 24633]

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-11 114768]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2002-01-01 38144]
S3 ati2mpaa;ati2mpaa;c:\windows\system32\drivers\ati2mpaa.sys [2001-12-31 281856]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-17 27904]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2002-01-16 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2002-01-16 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2002-01-16 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [2002-01-16 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [2002-01-16 100008]

--- Other Services/Drivers In Memory ---

*Deregistered* - ALG
*Deregistered* - aswUpdSv
*Deregistered* - AudioSrv
*Deregistered* - avast! Antivirus
*Deregistered* - avast! Mail Scanner
*Deregistered* - avast! Web Scanner
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - CryptSvc
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - ImapiService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LmHosts
*Deregistered* - Messenger
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - uploadmgr
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmdmPmSp
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder

2009-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101764&l=dis
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nicholas\Application Data\Mozilla\Firefox\Profiles\d6u2id5x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-12 17:06:43
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(600)
c:\windows\System32\ODBC32.dll
c:\windows\SYSTEM32\RTL8185\RtlGina.DLL

- - - - - - - > 'lsass.exe'(656)
c:\windows\System32\dssenh.dll
.
Completion time: 2009-02-12 17:09:38
ComboFix-quarantined-files.txt 2009-02-12 22:09:34

Pre-Run: 70,982,455,296 bytes free
Post-Run: 70,979,346,432 bytes free

winxpsp1_en_hom_bf.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

194 --- E O F --- 2009-02-12 20:59:11



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:47 PM, on 02/12/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222017318852
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 5054 bytes

Hi Nicholas Assue

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

DNA
BitComet
LimeWire
Kazaa

I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).NOW


Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.


Thanks peku006

hi. I don't know how you keep seeing these file sharing programs but like I said last time, I already uninstalled them a long time ago. I go into the control panel and add or remove programs page but I don't see these programs anywhere. Plus my p.c. was freezing worse than before. This time it took me almost an hour to get into my internet.


Adobe Flash Player 10 Plugin
Airlink101 Cardbus & PCI Wireless Configuration Utility
Apple Software Update
Ask Toolbar
ATI Display Driver
Avanquest update
avast! Antivirus
CCleaner (remove only)
Dell ResourceCD
HijackThis 2.0.2
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Picture It! Photo 2002
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.0.6)
OpenOffice.org Installer 1.0
QuickTime
Security Update for Windows XP (KB912919)
Shockwave
Sony Ericsson PC Suite 3.209.00
SoundMAX
Spybot - Search & Destroy
Update for Windows XP (KB898461)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q815021
Windows XP Service Pack 1a

Hi Nicholas Assue

I don't know how you keep seeing these file sharing programs but like I said last time, I already uninstalled them a long time ago.
Because you said earlier : "I got rid of the kazaa a long time ago and the bit torrent and limewire a few months ago"
and all of the folders was created 2009-01-23, it is not a long time ago

Plus my p.c. was freezing worse than before. This time it took me almost an hour to get into my internet.
You did not have antivirus or service pack 1 installed on your system previously
Like I already said: you only have 127 MB of RAM, it is not enough...(you can never upgrade to service pack 2)
It is not possible keep your computer clean without an Antivirus and if windows are not updated
--------------------------------------------------------------------------------------------------------------------------------------
System Slow?
You may wish to try StartupLite. (http://www.malwarebytes.org/startuplite.php) Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware (http://www.bleepingcomputer.com/forums/index.php?showtopic=87058&view=findpost&p=487112)

1 - Update Java

Please download JavaRa (http://prm753.bchea.org/click/click.php?id=9) and unzip it to your desktop.

Double-click on JavaRa.exe to start the program.
Click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a log file has been produced. Click OK.
A log file will pop up. Please save it to a convenient location.

Download the latest version of Java Runtime Environment (JRE) 6 Update 12 (http://java.sun.com/javase/downloads/index.jsp).

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
Click on Continue.
Click on the link to download Windows Offline Installation and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on the download to install the newest version.

2 - Clean temp files

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.


Click Exit on the Main menu to close the program


3 - Kaspersky Online Scan

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

4 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

5 - Status Check
Please reply with


1. the Kaspersky online scanner report
2. a fresh HijackThis log

Thanks peku006

hi. I tried doing as you instructed but I got some familiar problems. I tried downloading the Java SE Runtime Environment but every time I click on download I keep getting this error message.

https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u12-oth-JPR@CDS-CDS_Developer

IN fact I get this message when I try going into my hotmail and Facebook account. This is a recent problem I've been having.

Other than that, whenever I try downloading the Kaspersky system, I reach the point where I must click run, and then this message comes up:

"Update has failed. Program has failed to start. Close the Kaspersky Online scanner 7.0 window and open it again to install the program.

You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner."

I try following that message the way I think I'm supposed to but I still keep getting this message. But everything else worked ok though and this is the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:29 AM, on 01/04/2002
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222017318852
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4817 bytes

Hi mightymike

Let´s try F-Secure....

1 - F-Secure Online Scan

Please go to F-Secure website (http://support.f-secure.com/ols3beta/start.html) to perform an online scan. Click on Start scanning at the bottom of the page.
You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
Click on Accept to accept the License Agreement.
Click on Custom Scan. Under Virus Scan Options, select the Scan whole system option.
Under Other Scan Options, select these options: Scan all files
Scan whole system for rootkits
Scan whole system for spyware
Scan inside archives
Use advanced heuristics Click Start.
It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
Click on I want decide item by item.
Under Actions, select None for all infections found.
Click Next.
Click on Show Report.
Please copy and paste this report in your next reply.
Click Finish.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the F-Secure online scanner report
2. a fresh HijackThis log

Thanks peku006

hey. More problems unfortunately. This time when I run this scanner I get this error report.

Runtime Error

Program:C/Program Files/ internet explorer/iexplore.exe


This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:57 PM, on 01/05/2002
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222017318852
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5316 bytes

Hi Nicholas Assue

I have not seen before that "error report"
Try this

Please download Sysclean Package (http://www.trendmicro.com/ftp/products/tsc/sysclean.com) by Trend Micro and save it to your desktop.
Download the latest Virus Pattern Files (http://www.trendmicro.com/download/viruspattern.asp) by Trend Micro and save it to your destkop. It is named lptXXX, where XXX are numbers.
Note: Do not download the Virus Pattern Files if you don't intend to do a scan. Only download it when you want to do a scan, as they are being updated daily.
Create a new folder on your desktop. Right click on your desktop.
Click on New > Folder.
Type in Trend Micro as the name of the folder. Select sysclean.com by clicking once. Press Ctrl + X simultaneously.
Open the Trend Micro folder you created earlier. Press Ctrl + V to paste sysclean.com into the folder.
Right click and select Extract All.
Click on Browse. Navigate to the Trend Micro folder and click OK.
Click Next, then Finish. Close all opened windows except the Trend Micro folder.
Double click on sysclean.com to run it.
Uncheck (untick) Automatically Clean Infected Files box.
Once the scanning is done, click Exit.
A sysclean.log is created in the Trend Micro folder.
Copy and paste that log in your next reply.

Thanks peku006

hi. I'm not finished yet. Whenever I click on sysclean.com I get a message saying "Required file "SSAPIPTN.DAS" is missing... Please download a copy from http://www.trendmicro.com." when I click ok to that message I get another saying "Required file "LPT$VPN." is missing.....etc." I don't know what they are talking about.

Hi Nicholas Assue

You can get the latest pattern file from HERE (http://www.trendmicro.com/ftp/products/pattern/lpt855.zip)
Put it in the same folder as the sysclean package.

What do I do next? When I click on the sysclean.com system I get the same messages as last time. They say that the scan will start disabled if I don't download what they suggested. Should I do the scan anyway?

Hi
Let´s try Kaspersky Offline Scanner

Please download Kaspersky Scaner (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) and save it to your desktop. Please do not download the scanner if you do not intend to run a scan as it's being updated regularly.
Double click on setup_7.0.0.290_XX.XX.XXXX_XX-XX.exe (where X are numbers) to install it.
When installation is done, it will start running.
Select Automatic Scan tab. Check (tick) all the boxes except the following: 3.5 Floppy
CD/DVD drive Next, click on the Settings link.
A new window will open.
Under Security Level, click on the Customize... button.
Another new window will open.
In the General tab, under Compound files, check (tick) this box: Parse email formats.
Next, select Heuristic analyzer tab.
Under Rootkits search, check (tick) this box: Enable deep rootkit search. Drag the slider to Medium and click OK to apply the settings.
Click OK again to get back to the main screen.
Click on Scan to start the scan.
When done, click on Reports... > Save to file....
Save this report to your desktop. Please post the Detected section of the report in your next reply.
Close Kaspersky scanner. You will be prompted to uninstall it when it's closed. Please do so.

Thanks peku006

hi. According to the scan it said there were no threats detected so I have no logs to show for it. This is a hijack this log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:31 PM, on 01/03/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Airlink101\AWLC3028 & AWLH3028\RtWLan.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nicholas\Desktop\Virus Removal Tool\is-UQTM2\is-UQTM2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101764&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-UQTM2.lnk = C:\Documents and Settings\Nicholas\Desktop\Virus Removal Tool\is-UQTM2\startup.exe
O4 - Global Startup: Airlink101 Cardbus & PCI Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222017318852
O16 - DPF: {664088B0-6AF3-4514-AF9D-A0DC3A3DF24A} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols3beta/fscax.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5474 bytes

Hi Nicholas Assue

According to the scan it said there were no threats detected
it is good but , I think that it would be a good idea to run an MBAM scan, just as a double-check.

1 - Run Malwarebytes' Anti-Malware


Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.


Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:

C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log
description of any problems you are having with your PC

Thanks peku006

hi. I tried the updates check and it said that my virtual memory was low and then this error came up "Error loading database. Line: #62440. (0)."

So then I did the scan anyway and like the last time, it did not detect any viruses. This is the log:

Malwarebytes' Anti-Malware 1.34
Database version: 1801
Windows 5.1.2600 Service Pack 2

01/05/2002 12:41:42 AM
mbam-log-2002-01-05 (00-41-42).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 117754
Time elapsed: 57 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hi Nicholas Assue

The truth is that this PC has too little RAM to properly run Windows XP. You will have problems with this PC especially after adding all the software you need just to protect yourself since they will require significant resources.

Logs looks clean to me, is problem away ?

Well I still have one a couple problems. Shortly after I started messaging you my msn chat room stopped working. Every time I try to sign in it always says not working and to try troubleshooting the problem, but even when I do that it still doesn't work. Also, whenever I try to log in to my hotmail or facebook account I always get this message:

https://login.live.com/ppsecure/post.srf?wa=wsignin1.0&rpsnv=10&ct=1235686383&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1033&id=64855&mkt=en-US&bk=1235686384

But that's only when I try it on Firefox. I can log on no problem with Internet Explorer but it doesn't work that well when I use that internet. Could it be related to the same problem you told me about with my RAM, and do you have any suggestions to help.

Hi Nicholas Assue

I am not an expert at this type of problem. I would suggest that you go to one of the forums below that specialize in more general computer problems. They have people that know more about this sort of problem because it does not seem to be a malware problem.

Good Hardware and Software Help Forums
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
or
VirtualDr here: http://discussions.virtualdr.com/forumdisplay.php?f=48
or
PCPitStop here : http://forums.pcpitstop.com/index.php?showforum=3

All may require you to register free before posting for help.

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.