I tried to run the pandascan online, and it wouldn't work. i click the search computer and nothing happens.

Next I ran spybot and it removed some things...then when I logged back into regular mode, my internet explorer wouldn't work, so i had to restore the previous settings from spybot.

i have run spyware manytimes, it removes infections, but each time i run it there they are again.

sorry, my computer freaked out and posted when i hit my space bar. anyway, here is my hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 10:11:01 PM, on 10/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\rundll32.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\sys101353947576.exe
E:\WINDOWS\Duce6.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
E:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Karyn\Desktop\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe, E:\WINDOWS\system32\xqhno.exe
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,jlnraor.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [EM_EXEC] E:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SpyHunter] E:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [SpywareTerminator] "E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [sys101353947576] E:\WINDOWS\sys101353947576.exe
O4 - HKLM\..\Run: [TheMonitor] E:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [Creative Detector] E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = E:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - E:\Program Files\Batty2\Batty2.dll
O20 - Winlogon Notify: RunOnce - E:\WINDOWS\system32\lvr2099oe.dll (file missing)
O20 - Winlogon Notify: Themes - E:\WINDOWS\system32\irrul5991.dll
O20 - Winlogon Notify: WgaLogon - E:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Overlay Components - Unknown owner - E:\WINDOWS\ymmtfda.exe (file missing)

Hi txladykat and welcome to Safer Networking Forums :)

You got infections there....

Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.

Please post an uninstall list to here. Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad here on your next reply.

Then we'll continue :bigthumb:

Adobe Acrobat Reader 3.02
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Adobe® Photoshop® Album Starter Edition 3.0
CCScore
Creative MediaSource
Creative System Information
DeluxeCommunications
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Flock (Photobucket Edition) 0.7
HijackThis 1.99.1
HLPPDOCK
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
kgcbaby
kgcbase
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
KSU
Logitech MouseWare 9.10
Logitech User's Guide
Mozilla Firefox (1.5)
MSN Money Investment Toolbox
Notifier
OfotoXMI
OTtBP
OTtBPSDK
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SFR
SHASTA
SKIN0001
SKINXSDK
Sound Blaster Audigy
Spybot - Search & Destroy 1.4
SpyHunter
Spyware Terminator
staticcr
UBNet
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VPRINTOL
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Overlay Components
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WIRELESS
Yahoo! Messenger
Yahoo! Toolbar
YAMAHA AC-XG WDM
YAMAHA DS-XG WDM
Yazzle by OIN

Hi again :)

Please RIGHT-CLICK HERE (http://www.silentrunners.org/Silent%20Runners.vbs) and Save As (in IE it's "Save Target As") to download Silent Runners.
Save it to the desktop.
Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
Once you receive the prompt "All Done!", double-click the new text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Then we'll continue :bigthumb:

thanks! here ya go:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Creative Detector" = "E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"]
"MSMSGS" = ""E:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"dubdp" = "E:\WINDOWS\system32\hhpjoj.exe reg_run" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"EM_EXEC" = "E:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" ["Logitech Inc. "]
"QuickTime Task" = ""E:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"SunJavaUpdateSched" = "E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"iTunesHelper" = ""E:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"Adobe Photo Downloader" = ""E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"CTSysVol" = "E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]
"P17Helper" = "Rundll32 P17.dll,P17Helper" [MS]
"UpdReg" = "E:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"hxtboh" = "E:\WINDOWS\system32\hhpjoj.exe reg_run" [null data]
"SpyHunter" = "E:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" ["Enigma Software Group Inc."]
"SpywareTerminator" = ""E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"]
"sys101353947576" = "E:\WINDOWS\sys101353947576.exe" [null data]
"TheMonitor" = "E:\WINDOWS\Duce6.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

i was kind of confused by the question it asked about what kind of search i wanted, so i did both, here is the second one:

"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Creative Detector" = "E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"]
"MSMSGS" = ""E:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"dubdp" = "E:\WINDOWS\system32\hhpjoj.exe reg_run" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"EM_EXEC" = "E:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" ["Logitech Inc. "]
"QuickTime Task" = ""E:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"SunJavaUpdateSched" = "E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"iTunesHelper" = ""E:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"Adobe Photo Downloader" = ""E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"CTSysVol" = "E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r" ["Creative Technology Ltd"]
"P17Helper" = "Rundll32 P17.dll,P17Helper" [MS]
"UpdReg" = "E:\WINDOWS\UpdReg.EXE" ["Creative Technology Ltd."]
"hxtboh" = "E:\WINDOWS\system32\hhpjoj.exe reg_run" [null data]
"SpyHunter" = "E:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe" ["Enigma Software Group Inc."]
"SpywareTerminator" = ""E:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"]
"sys101353947576" = "E:\WINDOWS\sys101353947576.exe" [null data]
"TheMonitor" = "E:\WINDOWS\Duce6.exe" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "E:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "E:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{D35DAD00-94B0-4AD6-9577-337D2339680F}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\kodmaori.dll" [file not found]
"{92E99454-668D-42B1-AFD8-EC55C726C980}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\rIsmxs.dll" [file not found]
"{1E05D064-D542-4742-B575-2186F5E3CCAE}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\djdmoprp.dll" [file not found]
"{3DD0078B-4968-404C-9D1D-FF5B7AEC49AF}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\guard.tmp" [null data]
"{EC7550EE-8865-49AA-A3EC-4A0D58F5B4E0}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\guard.tmp" [null data]
"{B50638C4-FA2E-4D62-A0E3-0FEDEE785715}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\guard.tmp" [null data]
"{DD4A0DCB-3A68-495E-A107-53210FD458EE}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\uktheme.dll" [null data]
"{7B7010CE-1565-493C-BBF7-A9B085283114}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\kmdru1.dll" [null data]
"{DF47EF47-776D-428A-A3FA-5661FF949783}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\dFtaclen.dll" [null data]
"{96FC970A-E73A-49FE-A15C-6733E8500E9F}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "E:\WINDOWS\system32\drskmon.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
<<!>> "Shell" = "Explorer.exe, E:\WINDOWS\system32\xqhno.exe" [MS], [null data]
<<!>> "Userinit" = "E:\WINDOWS\system32\userinit.exe,jlnraor.exe" [MS], [null data]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"| [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> RunOnce\DLLName = "E:\WINDOWS\system32\lvr2099oe.dll" [file not found]
<<!>> SharedDlls\DLLName = "E:\WINDOWS\system32\enjql1151.dll" [null data]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/html\CLSID = "{994D478A-45D0-4DB4-AE27-738B1E346F99}"
-> {HKLM...CLSID} = "PortHope Decoder"
\InProcServer32\(Default) = "E:\Program Files\Batty2\Batty2.dll" [file not found]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "E:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "E:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "E:\Documents and Settings\Karyn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "E:\WINDOWS\System32\logon.scr" [MS]


DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
E:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5\01A7GPQN\DESKTOP.INI -- cannot be opened!


Startup items in "Karyn" & "All Users" startup folders:
-------------------------------------------------------

E:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Kodak EasyShare software" -> shortcut to: "E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx" [null data]
"KODAK Software Updater" -> shortcut to: "E:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
E:\Program Files\webHancer\Programs\webhdll.dll ["webHancer Corporation"], 01 - 02, 16
%SystemRoot%\system32\mswsock.dll [MS], 03 - 05, 08 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 06 - 07


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "E:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\
"ButtonText" = "Yahoo! Messenger"
"MenuText" = "Yahoo! Messenger"
"Exec" = "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" ["Yahoo! Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "E:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Creative Service for CDROM Access, Creative Service for CDROM Access, "E:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
iPodService, iPodService, "E:\Program Files\iPod\bin\iPodService.exe" ["Apple Computer, Inc."]
Windows User Mode Driver Framework, UMWdf, "E:\WINDOWS\system32\wdfmgr.exe" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 355 seconds.
---------- (total run time: 487 seconds)

Hi again and sorry for the delay, I had a busy day :)

The logs were the rigth ones, good work.

You seem to have SpyHunter and Spyware Terminator installed. Both of these programs have a suspicious reputation and I don't recommend using those. There are free and better ones available. I recommend that you remove both SpyHunter and Spyware Terminator via Control Panel, Add/Remove Programs. More info about these two programs here (http://www.spywarewarrior.com/rogue_anti-spyware.htm).

You should print these instructions or save these to a text file. Follow these instructions carefully.

Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.

Open Control Panel -> Add/Remove programs -> Remove all the of the following programs if found:

DeluxeCommunications
Yazzle by OIN

Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed (http://www.outerinfo.com/howto.html)

Download Lspfix (http://www.cexx.org/lspfix.zip). Extract(unzip) it to its own folder. Disconnect from the internet, and close all browser windows. Run LSPFix. Click the "I know what I'm doing" button. In the left hand pane, hilite all instances of webhdll.dll (and nothing else), move them to the "Remove" pane and by clicking the >> button. Click Finish. Reboot to complete the process.

When the computer has been restarted: Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/combofix.exe)
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

I don't know what to do. I am unable to get to the internet from my home computer now. I am writing this from my office computer. What should I do?

ok, i got my internet working by reinstalling windows over the current version. i ran the combofix, but when it rebooted my computer it didn't give me a log. However, I searched my hard drive and found this, hope this is the correct log:

Karyn - 06-10-23 21:05:26.62 Service Pack 2
ComboFix 06.10.19 - Running from: "E:\Documents and Settings\Karyn\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{D35DAD00-94B0-4AD6-9577-337D2339680F}]
@=""

[HKEY_CLASSES_ROOT\clsid\{D35DAD00-94B0-4AD6-9577-337D2339680F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{D35DAD00-94B0-4AD6-9577-337D2339680F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{D35DAD00-94B0-4AD6-9577-337D2339680F}\InprocServer32]
@="E:\\WINDOWS\\system32\\kodmaori.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{92E99454-668D-42B1-AFD8-EC55C726C980}]
@=""

[HKEY_CLASSES_ROOT\clsid\{92E99454-668D-42B1-AFD8-EC55C726C980}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{92E99454-668D-42B1-AFD8-EC55C726C980}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{92E99454-668D-42B1-AFD8-EC55C726C980}\InprocServer32]
@="E:\\WINDOWS\\system32\\rIsmxs.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{1E05D064-D542-4742-B575-2186F5E3CCAE}]
@=""

[HKEY_CLASSES_ROOT\clsid\{1E05D064-D542-4742-B575-2186F5E3CCAE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{1E05D064-D542-4742-B575-2186F5E3CCAE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{1E05D064-D542-4742-B575-2186F5E3CCAE}\InprocServer32]
@="E:\\WINDOWS\\system32\\djdmoprp.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{3DD0078B-4968-404C-9D1D-FF5B7AEC49AF}]
@=""

[HKEY_CLASSES_ROOT\clsid\{3DD0078B-4968-404C-9D1D-FF5B7AEC49AF}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{3DD0078B-4968-404C-9D1D-FF5B7AEC49AF}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{3DD0078B-4968-404C-9D1D-FF5B7AEC49AF}\InprocServer32]
@="E:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{EC7550EE-8865-49AA-A3EC-4A0D58F5B4E0}]
@=""

[HKEY_CLASSES_ROOT\clsid\{EC7550EE-8865-49AA-A3EC-4A0D58F5B4E0}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{EC7550EE-8865-49AA-A3EC-4A0D58F5B4E0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{EC7550EE-8865-49AA-A3EC-4A0D58F5B4E0}\InprocServer32]
@="E:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{B50638C4-FA2E-4D62-A0E3-0FEDEE785715}]
@=""

[HKEY_CLASSES_ROOT\clsid\{B50638C4-FA2E-4D62-A0E3-0FEDEE785715}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{B50638C4-FA2E-4D62-A0E3-0FEDEE785715}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{B50638C4-FA2E-4D62-A0E3-0FEDEE785715}\InprocServer32]
@="E:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{DD4A0DCB-3A68-495E-A107-53210FD458EE}]
@=""

[HKEY_CLASSES_ROOT\clsid\{DD4A0DCB-3A68-495E-A107-53210FD458EE}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{DD4A0DCB-3A68-495E-A107-53210FD458EE}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{DD4A0DCB-3A68-495E-A107-53210FD458EE}\InprocServer32]
@="E:\\WINDOWS\\system32\\itakui.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{7B7010CE-1565-493C-BBF7-A9B085283114}]
@=""

[HKEY_CLASSES_ROOT\clsid\{7B7010CE-1565-493C-BBF7-A9B085283114}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{7B7010CE-1565-493C-BBF7-A9B085283114}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{7B7010CE-1565-493C-BBF7-A9B085283114}\InprocServer32]
@="E:\\WINDOWS\\system32\\kmdru1.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{DF47EF47-776D-428A-A3FA-5661FF949783}]
@=""

[HKEY_CLASSES_ROOT\clsid\{DF47EF47-776D-428A-A3FA-5661FF949783}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{DF47EF47-776D-428A-A3FA-5661FF949783}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{DF47EF47-776D-428A-A3FA-5661FF949783}\InprocServer32]
@="E:\\WINDOWS\\system32\\mgxml4.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{06EB7A38-8D19-4287-B387-D01D991DB6D1}]
@=""

[HKEY_CLASSES_ROOT\clsid\{06EB7A38-8D19-4287-B387-D01D991DB6D1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{06EB7A38-8D19-4287-B387-D01D991DB6D1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{06EB7A38-8D19-4287-B387-D01D991DB6D1}\InprocServer32]
@="E:\\WINDOWS\\system32\\aqwav.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

E:\WINDOWS\system32\aqwav.dll
E:\WINDOWS\system32\dn8201loe.dll
E:\WINDOWS\system32\en06l1ds1.dll
E:\WINDOWS\system32\en46l1hs1.dll
E:\WINDOWS\system32\irn2l55o1.dll
E:\WINDOWS\system32\itakui.dll
E:\WINDOWS\system32\k8pmli7118.dll
E:\WINDOWS\system32\kmdru1.dll
E:\WINDOWS\system32\l8r00i9me8.dll
E:\WINDOWS\system32\lv4s09h7e.dll
E:\WINDOWS\system32\m6ls0g37e6.dll
E:\WINDOWS\system32\p68qlgl516q.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


O4 - HKCU\...\Run E:\WINDOWS\system32\hhpjoj.exe
O4 - HKLM\...\Run E:\WINDOWS\system32\hhpjoj.exe
F2 -REG:system.ini: Shell E:\WINDOWS\system32\xqhno.exe
F2 -REG:system.ini: UserInit E:\WINDOWS\system32\jlnraor.exe


* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *


E:\WINDOWS\system32\hhpjoj.exe
E:\WINDOWS\system32\nopjgrd.dll
E:\WINDOWS\system32\jlnraor.exe
E:\Documents and Settings\All Users\Start Menu\Programs\Startup\aockv.exe
E:\WINDOWS\gcwqg.dll
E:\WINDOWS\system32\nefmb.dat
E:\WINDOWS\system32\xqhno.exe


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


06-10-15 10:15 127488 hhpjoj.exe.qoo
06-10-21 09:30 127488 nefmb.dat.qoo
06-10-15 10:15 127488 aockv.exe.qoo
06-10-17 06:56 51712 nopjgrd.dll.qoo
06-10-15 10:15 28672 xqhno.exe.qoo
06-10-15 10:15 23552 jlnraor.exe.qoo
06-10-15 10:15 53 vnlnep.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


E:\Documents and Settings\Adam\Application Data\Dxcknwrd.dll
E:\Documents and Settings\Adam\Application Data\Dxcuknwrd.dll
E:\Documents and Settings\Karyn\Application Data\Dxccwrd.dll
E:\Documents and Settings\Karyn\Application Data\Dxcknwrd.dll
E:\Documents and Settings\Karyn\Application Data\Dxcuknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


E:\WINDOWS\Duce6.exe
E:\WINDOWS\offun.exe
E:\WINDOWS\system32\bszip.dll
E:\WINDOWS\system32\cmd.com
E:\WINDOWS\system32\netstat.com
E:\WINDOWS\system32\ping.com
E:\WINDOWS\system32\regedit.com
E:\WINDOWS\system32\taskkill.com
E:\WINDOWS\system32\tasklist.com
E:\WINDOWS\system32\tracert.com
E:\Documents and Settings\LocalService\Application Data\NetMon
E:\Program Files\batty2
E:\Program Files\cmfibula
E:\Program Files\Deskbar
E:\Program Files\network monitor
E:\Program Files\outlook
E:\Program Files\Common Files\{18BA091C-064E-1033-1029-010004100001}
E:\Program Files\Common Files\{38BA091C-064E-1033-1029-010004100001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

E:\QooBox\Purity\Program Files\Common Files\RACLE~1
E:\QooBox\Purity\Program Files\Common Files\RACLE~1\??rss.exe
E:\QooBox\Purity\WINDOWS\RACLE~1
E:\QooBox\Purity\WINDOWS\RACLE~1\smss.exe
E:\QooBox\Purity\WINDOWS\RACLE~1\?racle
E:\QooBox\Purity\WINDOWS\system32\MBOLS~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-23 to 2006-10-23 ))))))))))))))))))))))))))))))))))


2006-10-23 20:40 20,992 --a------ E:\WINDOWS\system32\drivers\RTL8139.sys
2006-10-23 20:35 24,661 --a------ E:\WINDOWS\system32\spxcoins.dll
2006-10-23 20:35 13,312 --a------ E:\WINDOWS\system32\irclass.dll
2006-10-23 19:52 24,296 --a------ E:\WINDOWS\icont.exe
2006-10-21 13:04 426,382 --a------ E:\WINDOWS\ms0757613539472006.exe
2006-10-21 10:54 131,072 --a------ E:\WINDOWS\system32\coznv.dll
2006-10-18 12:38 163,840 --a------ E:\WINDOWS\sys101353947576.exe
2006-10-15 10:15 919 --a------ E:\WINDOWS\system32\winpfg32.sys
2006-10-15 10:15 436 --a------ E:\WINDOWS\gcwqg.dll
2006-10-15 10:15 183,478 --a------ E:\WINDOWS\srvmmexlyo.exe
2006-10-15 10:15 1,259 --a------ E:\WINDOWS\system32\pryd6bb6.sys
2006-10-15 10:14 217,276 --a------ E:\WINDOWS\srvhucwjki.exe
2006-10-06 19:37 64,512 --a------ E:\WINDOWS\system32\PTPITCP.dll
2006-10-06 19:37 307,200 --a------ E:\WINDOWS\system32\KPDPM.dll
2006-10-06 19:37 229,376 --a------ E:\WINDOWS\system32\KPDPMUI.dll
2006-10-06 19:23 5,632 --a------ E:\WINDOWS\system32\ptpusb.dll
2006-10-06 19:23 159,232 --a------ E:\WINDOWS\system32\ptpusd.dll
2006-10-06 19:23 15,104 --a------ E:\WINDOWS\system32\drivers\usbscan.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-23 21:09 -------- d-------- E:\Program Files\Common Files
2006-10-23 20:44 -------- d-------- E:\Program Files\Windows Media Player
2006-10-23 20:44 -------- d-------- E:\Program Files\Outlook Express
2006-10-23 20:44 -------- d-------- E:\Program Files\Internet Explorer
2006-10-23 20:44 -------- d-------- E:\Program Files\Common Files\System
2006-10-23 19:36 -------- d-------- E:\Program Files\Spyware Terminator
2006-10-23 19:36 -------- d-------- E:\Program Files\PSDream
2006-10-23 19:36 -------- d-------- E:\Program Files\PSCastor
2006-10-23 19:35 -------- d-------- E:\Program Files\whInstall
2006-10-23 19:35 -------- d-------- E:\Program Files\Mozilla Firefox
2006-10-23 19:34 -------- d-------- E:\Program Files\Flock
2006-10-23 18:41 -------- d-------- E:\Program Files\Enigma Software Group
2006-10-19 21:52 -------- d-------- E:\Program Files\webHancer
2006-10-18 12:39 93664 --ahs---- E:\Program Files\Common Files\Y1324OU.exe
2006-10-16 21:46 -------- d-------- E:\Program Files\ComPlus Applications
2006-10-16 19:51 -------- d-------- E:\Program Files\Messenger
2006-10-15 20:10 -------- d-------- E:\Program Files\Common Files\krwr
2006-10-15 17:45 -------- d-------- E:\Program Files\LimeWire
2006-10-15 17:37 -------- d-------- E:\Documents and Settings\Karyn\Application Data\Help
2006-10-15 17:24 -------- d-------- E:\Program Files\Google
2006-10-15 17:07 -------- d--h----- E:\Program Files\InstallShield Installation Information
2006-10-06 19:37 -------- d-------- E:\Program Files\Kodak
2006-10-06 19:35 -------- d-------- E:\Program Files\Common Files\Kodak
2006-10-06 19:29 -------- d-------- E:\Documents and Settings\Karyn\Application Data\Leadertech
2006-10-06 19:28 -------- d-------- E:\Documents and Settings\Karyn\Application Data\Adobe
2006-09-22 09:38 53248 --a------ E:\WINDOWS\109uninst.exe
2006-09-22 09:36 53248 --a------ E:\WINDOWS\uni_7eh.exe
2006-09-21 07:03 -------- d-------- E:\Documents and Settings\Karyn\Application Data\Google
2006-09-15 16:16 53248 --a------ E:\WINDOWS\uni_e6h.exe
2006-09-06 05:47 -------- d---s---- E:\Documents and Settings\Karyn\Application Data\Microsoft


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Creative Detector"="E:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"MSMSGS"="\"E:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"EM_EXEC"="E:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"QuickTime Task"="\"E:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="E:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"iTunesHelper"="\"E:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Adobe Photo Downloader"="\"E:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"CTSysVol"="E:\\Program Files\\Creative\\SBAudigy\\Surround Mixer\\CTSysVol.exe /r"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"UpdReg"="E:\\WINDOWS\\UpdReg.EXE"
"sys101353947576"="E:\\WINDOWS\\sys101353947576.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 06-10-23 21:12:36.59
E:\ComboFix.txt ... 06-10-23 21:12

here is my hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 9:21:26 PM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\Rundll32.exe
E:\WINDOWS\sys101353947576.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
E:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\WINDOWS\Duce6.exe
E:\Documents and Settings\Karyn\Desktop\HijackThis.exe

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [EM_EXEC] E:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [sys101353947576] E:\WINDOWS\sys101353947576.exe
O4 - HKLM\..\Run: [TheMonitor] E:\WINDOWS\Duce6.exe
O4 - HKCU\..\Run: [Creative Detector] E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = E:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Overlay Components - Unknown owner - E:\WINDOWS\ymmtfda.exe
(file missing)

Hi again, we'll continue :)

Hmm so you did a repair install...
That is the correct log, good work :)

You should print these instructions or save these to a text file. Follow these instructions carefully.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Do NOT run yet.

Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.

Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Please download the Killbox (http://www.downloads.subratam.org/KillBox.zip).
Unzip it to the desktop but do NOT run it yet.

Do not do anything with these yet!

Then, make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
==================

Stop the following processes using Task Manager (press ctrl+alt+del, select the Processes tab, highlight the first process in the list and click End Process). Continue through the list (one at a time) until all processes have been ended. If something isn't found, please continue with the next process in the list.

sys101353947576.exe
Duce6.exe

Disable a bad service Start
Run
Type services.msc to the field and press enter.
A window opens, scroll down to Windows Overlay Components
Rightclick it and choose Stop
Then choose Properties
Set Startup to Disabled
Click Apply and OK.

Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - E:\WINDOWS\cfg32s.dll (file missing)
O4 - HKLM\..\Run: [sys101353947576] E:\WINDOWS\sys101353947576.exe
O4 - HKLM\..\Run: [TheMonitor] E:\WINDOWS\Duce6.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freewar...eanerstart.cab
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - http://moneycentral.msn.com/cabs/pmupd806.exe
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346F99} - (no file)

Continue with HijackThis:
Config
Delete an NT service
Copy the following line to the box and press OK; Windows Overlay Components
Answer Yes
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following folders (if present):
E:\Program Files\Spyware Terminator
E:\Program Files\PSDream
E:\Program Files\PSCastor
E:\Program Files\whInstall
E:\Program Files\Enigma Software Group
E:\Program Files\webHancer
E:\Program Files\Common Files\krwr

Please run Killbox.

Select "Delete on Reboot".
Select "All Files".

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

E:\Program Files\Common Files\Y1324OU.exe
E:\WINDOWS\109uninst.exe
E:\WINDOWS\uni_7eh.exe
E:\WINDOWS\uni_e6h.exe
E:\WINDOWS\ymmtfda.exe
E:\WINDOWS\icont.exe
E:\WINDOWS\ms0757613539472006.exe
E:\WINDOWS\system32\coznv.dll
E:\WINDOWS\sys101353947576.exe
E:\WINDOWS\system32\winpfg32.sys
E:\WINDOWS\gcwqg.dll
E:\WINDOWS\srvmmexlyo.exe
E:\WINDOWS\system32\pryd6bb6.sys
E:\WINDOWS\srvhucwjki.exe
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "NO" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot into normal windows.

When in normal mode, please restart to the safe mode again.

Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

================

When you're ready, post the following logs to here:
- AVG's report
- a fresh HijackThis log

I started these steps this morning, but didn't get to complete them as I had to leave for work, and will complete them this evening. However, I did have a couple of questions on things that came up while doing the steps (I got as far as running ATF:

Questions:

Disable bad service (windows overlay). When I right clicked this it was not running so I could not choose "stop", but I did the next step of disabling.

Killbox: some of the files you listed are not there. I do not have a win32 directory. Oddly, when you try to run cmd (or other related commands), I get the error that I do not have win32 application. This is why my service provider couldn't help me get my internet up and running, hence the windows overlay install.

Killbox: in safe mode, it will not let me select multiple files at a time. Therefore, I ended up selecting the first one, then copying, then pasting, then selecting the next one, and so on. When you go this route, does it paste all of them and delete all of them?

ATF Cleaner: This is where I left off. It kept hanging (not responding) when I tried to delete the files. After the second try, I had to leave for work so I left it trying again.

Hi again :)


Disable bad service (windows overlay). When I right clicked this it was not running so I could not choose "stop", but I did the next step of disabling.
That was the right thing to do, good work :)


Killbox: some of the files you listed are not there. I do not have a win32 directory. Oddly, when you try to run cmd (or other related commands), I get the error that I do not have win32 application. This is why my service provider couldn't help me get my internet up and running, hence the windows overlay install.
We'll get to that command problem soon, thanks for letting me know :)


Killbox: in safe mode, it will not let me select multiple files at a time. Therefore, I ended up selecting the first one, then copying, then pasting, then selecting the next one, and so on. When you go this route, does it paste all of them and delete all of them?
Hmm that's odd, you can those one at the time but you must click on the red-and-white "Delete File" button after every addition. Then click "NO" on every "Delete on Reboot" prompt.


ATF Cleaner: This is where I left off. It kept hanging (not responding) when I tried to delete the files. After the second try, I had to leave for work so I left it trying again.
If there is a large cleaning to do, ATF Cleaner may need some time.... If it doesn't respond after a short while, just close the program and skip to the following step...

When you're ready, please post the logs I requested :bigthumb:

just to confirm, do I need to go back and do the killbox steps again since it most likely only deleted one file?

Logfile of HijackThis v1.99.1
Scan saved at 7:39:08 PM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
E:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
E:\Documents and Settings\Karyn\Desktop\hijackthis 10-24\HijackThis.exe
E:\WINDOWS\system32\wuauclt.exe

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [EM_EXEC] E:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Guitar Tips Messenger] E:\WINDOWS\Guitar Tips Messenger.exe
O4 - HKCU\..\Run: [Creative Detector] E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = E:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:34:40 PM 10/24/2006

+ Scan result:



E:\!KillBox\icont.exe -> Adware.AdURL : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000170.exe -> Adware.AdURL : Cleaned with backup (quarantined).
HKU\S-1-5-21-343818398-1708537768-1957994488-500\Software\Microsoft\Windows\CurrentVersion\Run\\DeluxeCommunications -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
E:\RECYCLER\S-1-5-21-343818398-1708537768-1957994488-1004\De1283.exe -> Adware.DriveCleaner : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP0\A0000002.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000015.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000019.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000122.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000123.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000124.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000125.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000126.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000127.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000128.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000129.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000130.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000131.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000132.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000133.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CLSID -> Adware.PowerStrip : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CurVer -> Adware.PowerStrip : Cleaned with backup (quarantined).
E:\WINDOWS\system32\coznv.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000182.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000185.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000190.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000183.exe -> Adware.Webhancer.a : Cleaned with backup (quarantined).
E:\QooBox\aockv.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
E:\QooBox\hhpjoj.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
E:\QooBox\jlnraor.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
E:\QooBox\nefmb.dat.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
E:\QooBox\nopjgrd.dll.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
E:\QooBox\xqhno.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000093.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000094.dll -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000095.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000096.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000097.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000158.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000161.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
E:\WINDOWS\win32087613539475.exe -> Downloader.VB.anl : Cleaned with backup (quarantined).
E:\!KillBox\109uninst.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
E:\!KillBox\uni_7eh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000164.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000173.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
E:\System Volume Information\_restore{FA153A24-F020-489C-B4DB-00ED8B8FA3AD}\RP1\A0000174.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end

Hi again, it is looking good now :)
How is the computer running ?

Please rename HijackThis.exe to Scanner.exe

The Killbox worked because I can see that the files have been moved to the backup folder...

You don't seem to a firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) running, you must install one firewall.
NOTE: If you're using Windows XP firewall, I recommend that you install a better firewall. Windows firewall doesn't really provide enough protection.
Disable Windows firewall after installing a new firewall.

These are good (free) firewalls: Sunbelt-Kerio (http://www.sunbelt-software.com/Kerio.cfm)
ZoneAlarm (http://www.zonelabs.com/)
Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
Outpost (http://www.majorgeeks.com/download.php?det=1056)
You don't have an antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) on your computer, you must install one antivirus. Otherwise you'll get infected again.

These are good (free) antiviruses: AVG (http://free.grisoft.com)
Antivir (http://www.free-av.com)
Avast (http://www.avast.com)

Now you can clean AVG's Quarantine:
Open AVG Anti-Spyware
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program
You can remove KillBox, SilentRunners, ComboFix and LSPFix.

Then you should update your Java to the latest version (5.0 update 9) Start
Control Panel
Add/Remove Programs
Delete the old Java, J2SE Runtime Environment 5.0 Update 6
Then we'll get the latest version of Java -> LINK (https://java.sun.com/javase/downloads/index.jsp)
Scroll down to Java Runtime Environment (JRE) 5.0 Update 9
Download & install it

Now you can make your hidden files hidden again.
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Check "Hide protected operating system files"
Click Apply and then the OK and close My Computer.

Finally, please let me know how the computer is running :bigthumb:
Post also a one more HijackThis (scanner.exe) log

everything seems to be working great now! just a couple of cleanup questions.

in my program list in the control panel, windows overlay is listed as a program. is that supposed to be there?

all these avg products are on my desktop, do i keep them all there?
avgas-setup-7.5.0.50.exe
avg75free_428a818.exe
avgas-signatures-full-current.exe
ATF-Cleaner.exe

all the others you referenced, killbox, etc. didn't have an uninstall feature, and they aren't listed in my programs list, so i just deleted them from my desktop.

Is Creative Mediasource supposed to be in my program list?

I disabled the windows firewall, how do i get rid of the annoying message in my icon tray? it keeps popping up telling me i am not secure.

here is my latest hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 10:09:21 PM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\WINDOWS\system32\CTsvcCDA.EXE
E:\WINDOWS\system32\svchost.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
E:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
E:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Documents and Settings\Karyn\Desktop\hijackthis 10-24\scanner.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [EM_EXEC] E:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "E:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [Creative Detector] E:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = E:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = E:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://E:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - E:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

Hi again :)

You can delete the following backup folders:
E:\QooBox
E:\!KillBox

You can delete those AVG installers from your desktop.

Creative MediaSource is a legitimate program. You can uninstall it if you don't use it.

You have Outpost firewall installed and it seems that windows doesn't recognize it. You did reboot after the installation, rigth ? The security alert is about the lack of a firewall, rigth ?

In that case, here is a solution for the recognise problem -> microsoft.com (http://www.microsoft.com/windowsxp/using/security/internet/sp2_disablefwalerts.mspx)

=============

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.

Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.

Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.

Use Ewido (http://www.ewido.net/en/)
Update it and scan your computer regularly with it.

Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.

Install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster will prevent spyware from being installed.

Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.

Use Firefox browser (http://www.mozilla.org)
Firefox is faster, safer and better browser than Internet Explorer.

Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly.

Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

Read this article by TonyKlein (http://castlecops.com/postlite7736-.html)
So how did I get infected in the first place?

Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


Stay clean and be safe ;)

thanks, one last question. i notice some of the programs are dups, i.e. spybot and adaware. what programs should i have installed as far as:

anti-virus
firewall
anti-spyware

??

what others can I remove?

i dont want to have more than one program doing the same thing, as i noticed on one of those topics above it said not to have more than one.

You're welcome :)

You can have multiple scanners on your computer but only one active firewall and one active antivirus running.

Eg you can have Spybot, Avg-AntiSpyware and Ad-Aware on the same computer. If you don't have the realtime protections enabled, the programs won't slow your computer.

You're currently having AVG Antivirus as your antivirus and Outpost as your firewall.

I suggest that you can your computer regularly with AVG Antivirus, Spybot, Avg-AntiSpyware and Ad-Aware. :bigthumb:

hi, its me again. i am logged into windows under my son's account because when i log into my account on windows, i cant get on the internet. any idea why it would do this?

Hi again :)

Sounds a little strange... Is your account an administrative one ?
Have you rebooted the computer ?

Are you sure that you haven't blocked some legit component's internet access from Outpost ?

Hi again :)

Sounds a little strange... Is your account an administrative one ?
Have you rebooted the computer ?

Are you sure that you haven't blocked some legit component's internet access from Outpost ?

yes my son and I both have administrative privileges. If I blocked something, I don't know how because I hadn't been on the internet since I installed it. However, I uninstalled it last night and was able to get on. I haven't reinstalled it since I uninstalled it. So I am sure it was blocking me somehow, just don't know because when I tried to open the program under my name, it wouldn't even open for me. I did notice that it came up with some message when I first logged on saying another user was already running the program though. Does that mean it can't be used for more than one user on the same program?

I would really like to get some type of firewall in place so this doesn't happen again, but obvoiusly can't run a program that doesn't work for all users on the computer.

Hi again :)

Maybe you should try a different firewall, eg ZoneAlarm is very easy to use.

Donwload the free version of ZoneAlarm, http://www.zonelabs.com
Save the installer to your desktop.
Go to offline mode (unplug from the internet)
Remove Outpost
Install ZoneAlarm
Reboot
Go back online.

Check if the problem is gone :)

This topic has been closed to prevent others with similar issues posting in it.
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread.