AntiVermin etc..

"slim" - 07-01-24 15:57:32 Service Pack 2
ComboFix 07-01-23.2 - Running from: "C:\Documents and Settings\slim\My Documents\download"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\WINDOWS\ICROSO~1
C:\qoobox\purity\WINDOWS\system32\DOBE~1
C:\qoobox\purity\WINDOWS\system32\FNTS~1
C:\qoobox\purity\Program Files\SMBOLS~1
C:\qoobox\purity\Program Files\Common Files\MCROSO~1.NET
C:\qoobox\purity\Program Files\Common Files\YSTEM~1
C:\qoobox\purity\DOCUME~1\slim
C:\qoobox\purity\DOCUME~1\slim\Application Data
C:\qoobox\purity\DOCUME~1\slim\My Documents
C:\qoobox\purity\DOCUME~1\slim\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\slim\Application Data\DOBE~1
C:\qoobox\purity\DOCUME~1\slim\Application Data\ICROSO~1
C:\qoobox\purity\DOCUME~1\slim\Application Data\WNSXS~1
C:\qoobox\purity\DOCUME~1\slim\Application Data\STEM32~1
C:\qoobox\purity\DOCUME~1\slim\Application Data\WNSXS~1\W?nSxS
C:\qoobox\purity\DOCUME~1\slim\Application Data\WNSXS~1\W?nSxS\!update-4300.0000
C:\qoobox\purity\DOCUME~1\slim\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\slim\My Documents\SMBOLS~1
C:\qoobox\purity\DOCUME~1\slim\My Documents\FNTS~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-24 to 2007-01-24 ))))))))))))))))))))))))))))))))))


2007-01-23 22:47 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-01-23 22:47 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-01-23 22:47 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-01-23 22:47 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-01-23 22:47 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-01-23 22:47 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-01-22 18:42 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-22 17:50 7,830 --a------ C:\WINDOWS\system32\tmp.reg
2007-01-22 14:54 <DIR> d-------- C:\DOCUME~1\slim\SmitfraudFix
2007-01-22 01:15 3,120 --a------ C:\WINDOWS\system32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
2007-01-22 01:13 <DIR> d-------- C:\Program Files\AARONS CLIKER
2007-01-22 00:12 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-01-21 21:34 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-01-21 21:32 <DIR> d-------- C:\WINDOWS\Internet Logs
2007-01-21 20:59 <DIR> d-------- C:\Program Files\HOSTS Secure
2007-01-21 20:50 21,312 --a------ C:\WINDOWS\choice.exe
2007-01-21 20:43 <DIR> d-------- C:\ie-spyad2
2007-01-21 20:35 <DIR> d-------- C:\Program Files\SpywareGuard
2007-01-21 20:30 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-01-21 19:28 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-21 14:43 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-01-21 11:36 <DIR> d-------- C:\Program Files\Registry Defender
2007-01-20 14:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
2007-01-20 14:25 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-01-20 14:23 <DIR> d-------- C:\DOCUME~1\slim\.housecall6.6
2007-01-17 15:52 <DIR> d-------- C:\DOCUME~1\slim\Application Data\AVG7
2007-01-17 15:50 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-17 03:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-01-11 17:35 <DIR> d-------- C:\DOCUME~1\slim\Application Data\ZangoToolbar
2007-01-11 17:34 39,936 --a------ C:\npclntax.dll
2007-01-11 13:50 <DIR> d-------- C:\DOCUME~1\slim\Application Data\Viewpoint
2007-01-10 03:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-07 22:55 28,672 --a------ C:\WINDOWS\system32\f3PSSavr.scr


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-19 01:30 2 --a------ C:\WINDOWS\system32\wapisvit.exe
2006-12-15 22:08 -------- d-------- C:\Program Files\windows live toolbar
2006-12-07 17:11 -------- d-------- C:\Program Files\yahoo!
2006-11-23 15:59 131072 --a------ C:\WINDOWS\system32\spoonuninstall.exe
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --a------ C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --a------ C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --a------ C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --a------ C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Rguzmxn"="C:\\Documents and Settings\\slim\\Application Data\\?dobe\\r?ndll.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"windowinside"="C:\\DOCUME~1\\slim\\APPLIC~1\\FOURPL~1\\DebugStop.exe"
"tbon"="C:\\Program Files\\TBONBin\\tbon.exe /r"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"PhotoShow Deluxe Media Manager"="C:\\PROGRA~1\\SIMPLE~1\\PHOTOS~1\\data\\Xtras\\mssysmgr.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Ltho"="\"C:\\DOCUME~1\\slim\\APPLIC~1\\WNSXS~1\\arpa.exe\" -vt tzt"
"ErrorSafeFree"="\"C:\\Program Files\\ErrorSafe Free\\uers.exe\" /min"
"ErrorSafe"="C:\\Program Files\\Error Safe\\ERS.exe /min"
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"AdwareProtector"="C:\\Program Files\\Error Safe\\AdwareProtector.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"My Web Search Bar Search Scope Monitor"="\"C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\m3SrchMn.exe\" /m=0"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"zango"="\"c:\\program files\\zango\\zango.exe\""
"WinDVR SchSvr"="\"C:\\Program Files\\Common Files\\InterVideo\\SchSvr\\SchSvr.exe\""
"wcmdmgr"="C:\\WINDOWS\\wt\\updater\\wcmdmgrl.exe -launch"
"was_check"="C:\\Program Files\\ErrorSafe Free\\PASmon.exe"
"VTTimer"="VTTimer.exe"
"VC5Player"="C:\\Program Files\\HHVcdV5Sys\\VC5Play.exe"
"UERScw"="C:\\Program Files\\ErrorSafe Free\\UERScw.exe -c"
"Typehidetonsace"="C:\\Documents and Settings\\All Users\\Application Data\\Movecreativetypehide\\kind 32.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"SSBkgdUpdate"="\"C:\\Program Files\\Common Files\\Scansoft Shared\\SSBkgdUpdate\\SSBkgdupdate.exe\" -Embedding -boot"
"SoundMan"="SOUNDMAN.EXE"
"shicoxp"="C:\\WINDOWS\\shicoxp.exe"
"SetDefPrt"="C:\\Program Files\\Brother\\Brmfl04b\\BrStDvPt.exe"
"SemanticInsight"="C:\\Program Files\\RXToolBar\\Semantic Insight\\SemanticInsight.exe"
"regskindmeallite"="C:\\Documents and Settings\\All Users\\Application Data\\itch new regs kind\\PeakSlow.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"QuickFinder Scheduler"="\"C:\\Program Files\\WordPerfect Office 11\\Programs\\QFSCHD110.EXE\""
"PowerS"="C:\\WINDOWSPowerS.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"PaperPort PTD"="C:\\Program Files\\ScanSoft\\PaperPort\\pptd40nt.exe"
"NetPumper"="\"C:\\Program Files\\NetPumper\\NetPumperIEProxy.exe\""
"Logitech Utility"="Logi_MwX.Exe"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"KAZAA"="C:\\Program Files\\Kazaa\\kazaa.exe /SYSTRAY"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"IndexSearch"="C:\\Program Files\\ScanSoft\\PaperPort\\IndexSearch.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1141366775\\ee\\AOLSoftware.exe"
"FLMK08KB"="C:\\Program Files\\Muiltmedia keyboard utility\\1.1\\MMKEYBD.EXE"
"ControlCenter2.0"="C:\\Program Files\\Brother\\ControlCenter2\\brctrcen.exe /autorun"
"bpk"="c:\\program files\\internet explorer\\bpk.exe"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"AltnetPointsManager"="c:\\program files\\altnet\\points manager\\points manager.exe -s"
"AIMPro"="\"C:\\Program Files\\AIM\\AIM Pro\\aimpro.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NCUpdateSvc"=dword:00000002
"AOL ACS"=dword:00000002
"AVGEMS"=dword:00000002
"tmproxy"=dword:00000002
"Tmntsrv"=dword:00000002
"PcCtlCom"=dword:00000002
"SPBBCSvc"=dword:00000002
"Avg7UpdSvc"=dword:00000002
"Avg7Alrt"=dword:00000002
"iPodService"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"="OE Shell Hook"
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none"="C:\\Program Files\\Video ActiveX Object\\pmsngr.exe"
"isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\20571B429E30F2BA.job
C:\WINDOWS\tasks\A0B27DE1918DFCAD.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Completion time: 07-01-24 16:00:17
C:\ComboFix2.txt ... 07-01-23 22:43
 
Logfile of HijackThis v1.99.1
Scan saved at 4:11:54 PM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\HHVcdV5Sys\VC5Play.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\shicoxp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\AOL\1141366775\ee\AOLSoftware.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\Program Files\Virtual CD v5\System\VC5Tray.exe
C:\Program Files\TV Station\PlayTV MPEG2\PVRemote.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hijackthis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - {F9A8E80B-52E9-5946-9B69-7FE55C1F1792} - C:\WINDOWS\system32\rkpmn.dll (file missing)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.shopnbc.com"); (C:\Documents and Settings\slim\Application Data\Mozilla\Profiles\default\raq4smzi.slt\prefs.js)
O2 - BHO: (no name) - {0715DA17-50E1-6C32-820B-7C09AB902983} - C:\DOCUME~1\dee\APPLIC~1\STUPID~1\Poke Gram.exe (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {756C6024-725F-B361-DBA2-673273EDCD38} - C:\DOCUME~1\slim\APPLIC~1\STUPID~1\Poke Gram.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll
O2 - BHO: (no name) - {F9A8E80B-52E9-5946-9B69-7FE55C1F1792} - C:\WINDOWS\system32\rkpmn.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [was_check] C:\Program Files\ErrorSafe Free\PASmon.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VC5Player] C:\Program Files\HHVcdV5Sys\VC5Play.exe
O4 - HKLM\..\Run: [UERScw] C:\Program Files\ErrorSafe Free\UERScw.exe -c
O4 - HKLM\..\Run: [Typehidetonsace] C:\Documents and Settings\All Users\Application Data\Movecreativetypehide\kind 32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [regskindmeallite] C:\Documents and Settings\All Users\Application Data\itch new regs kind\PeakSlow.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [PowerS] C:\WINDOWSPowerS.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141366775\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [bpk] c:\program files\internet explorer\bpk.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rguzmxn] C:\Documents and Settings\slim\Application Data\?dobe\r?ndll.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [windowinside] C:\DOCUME~1\slim\APPLIC~1\FOURPL~1\DebugStop.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ltho] "C:\DOCUME~1\slim\APPLIC~1\WNSXS~1\arpa.exe" -vt tzt
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [ErrorSafe] C:\Program Files\Error Safe\ERS.exe /min
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AdwareProtector] C:\Program Files\Error Safe\AdwareProtector.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Remote.lnk = C:\Program Files\TV Station\PlayTV MPEG2\PVRemote.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\slim\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095850444328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162429477000
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E4FB635-06D6-4C91-9883-61EE971506C4}: NameServer = 192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
 
1) Download NoLop to your Desktop from here:
http://www.spywareedge.net/nolop/NoLop.exe
First close any other programs you have running as this will require a reboot
Double click NoLop.exe to run it.
Now click the button labelled "Search and Destroy"
<<your computer will now be scanned for infected files>>
When scanning is finished you will be prompted to reboot only if infected, Click OK
Now click the "REBOOT" Button.
A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log

(Hold those logs until we finish)

If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program.
http://www.boletrice.com/downloads/mscomctl.ocx

2) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm. Click OK.
You may reverse this for safety when we are finished.

3) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

4) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

5) SpywareGuard: Right click the running icon of Spywareguard in the system tray to open the program. Then go to Menu, File, and choose Exit. It will automatically restart at next boot.

This item >> O4 - HKLM\..\Run: [bpk] c:\program files\internet explorer\bpk.exe looks like a keylogger. If you installed it on purpose you can leave it.
http://www.castlecops.com/startuplist-449.html <<< see that information

6) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R3 - URLSearchHook: (no name) - {F9A8E80B-52E9-5946-9B69-7FE55C1F1792} - C:\WINDOWS\system32\rkpmn.dll (file missing)
O2 - BHO: (no name) - {0715DA17-50E1-6C32-820B-7C09AB902983} - C:\DOCUME~1\dee\APPLIC~1\STUPID~1\Poke Gram.exe (file missing)
O2 - BHO: (no name) - {756C6024-725F-B361-DBA2-673273EDCD38} - C:\DOCUME~1\slim\APPLIC~1\STUPID~1\Poke Gram.exe (file missing)
O2 - BHO: (no name) - {F9A8E80B-52E9-5946-9B69-7FE55C1F1792} - C:\WINDOWS\system32\rkpmn.dll (file missing)
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [was_check] C:\Program Files\ErrorSafe Free\PASmon.exe
O4 - HKLM\..\Run: [UERScw] C:\Program Files\ErrorSafe Free\UERScw.exe -c
O4 - HKLM\..\Run: [Typehidetonsace] C:\Documents and Settings\All Users\Application Data\Movecreativetypehide\kind 32.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [regskindmeallite] C:\Documents and Settings\All Users\Application Data\itch new regs kind\PeakSlow.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [bpk] c:\program files\internet explorer\bpk.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKCU\..\Run: [Rguzmxn] C:\Documents and Settings\slim\Application Data\?dobe\r?ndll.exe
O4 - HKCU\..\Run: [windowinside] C:\DOCUME~1\slim\APPLIC~1\FOURPL~1\DebugStop.exe
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [Ltho] "C:\DOCUME~1\slim\APPLIC~1\WNSXS~1\arpa.exe" -vt tzt
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min G
O4 - HKCU\..\Run: [ErrorSafe] C:\Program Files\Error Safe\ERS.exe /min
O4 - HKCU\..\Run: [AdwareProtector] C:\Program Files\Error Safe\AdwareProtector.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -

Close all programs but HJT and all browser windows, then click on "Fix Checked"

7) RIGHT Click on Start then click on Explore. Locate and delete these items:

c:\program files\internet explorer\bpk.exe <<< delete that file

C:\Program Files\TBONBin\ <<< delete that folder

c:\program files\altnet\ <<< delete that folder

C:\Program Files\Kazaa\ <<< delete that folder

C:\Program Files\RXToolBar\ <<< delete that folder

C:\PROGRAM FILES~1\MYWEBSEARCH~1\ <<< delete that folder

C:\Program Files\Error Safe\ <<< delete that folder

C:\Program Files\ErrorSafe Free\ <<< delete that folder

c:\program files\zango\ <<< delete that folder

C:\Documents and Settings\All Users\Application Data\Movecreativetypehide\ <<< delete that folder

C:\Documents and Settings\All Users\Application Data\itch new regs kind\ <<< delete that folder

C:\Documents and Settings\slim\Application Data\?dobe\ <<< delete that folder

C:\DOCUMENTS AND SETTINGS~1\slim\APPLIC~1\FOURPL~1\ <<< delete that folder

C:\DOCUMEENTS AND SETTINGS~1\slim\APPLIC~1\WNSXS~1\ <<< delete that folder

8) Follow the instructions in this link, update and run AVG Anti-Spyware making sure you delete or at least quarantine anything it locates. Save the scan report, I must see it.
http://forums.security-central.us/showthread.php?t=3165

9) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post the contents of C:\NoLop.log, the AVG Anti-Spyware scan results and a new HJT log.

Thanks
 
Pass over that for now, when you finish and post the logs I requested, post any comments you have you think will help. If we have an issue with that item, we will tackle it at that point.

Thanks
 
I was not able to find the (1) following directories and (2) delete these files/folders.

1)
C:\PROGRAM FILES~1
C:\DOCUMENTS AND SETTINGS~1\slim\APPLIC~1

2)
c:\program files\internet explorer\bpk.exe <<< delete that file

C:\Program Files\TBONBin\ <<< delete that folder

c:\program files\altnet\ <<< delete that folder

C:\Program Files\RXToolBar\ <<< delete that folder

C:\PROGRAM FILES~1\MYWEBSEARCH~1\ <<< delete that folder

C:\Program Files\Error Safe\
C:\Program Files\ErrorSafe Free\

c:\program files\zango\

C:\Documents and Settings\slim\Application Data\?dobe\

C:\DOCUMENTS AND SETTINGS~1\slim\APPLIC~1\FOURPL~1\

C:\DOCUMENTS AND SETTINGS~1\slim\APPLIC~1\WNSXS~1\

3)
I did delete C:\Documents and Settings\slim\Application Data\Error Safe
 
If you followed the instructions in number 2 to show all hidden files and folders, you will see them if they are there. If you did not follow the instructions you may not see them. I suggest you look at the instructions carefully, because if they are still in the next log, you will have to search for each file/folder using search companion until you find them. If they are on the computer that must go before you will have a clean computer.

Thanks
 
NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\slim
[1/24/2007]
[5:36:09 PM]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\20571B429E30F2BA.job
C:\WINDOWS\tasks\A0B27DE1918DFCAD.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\7100series
C:\Documents and Settings\Default User\Application Data\Ulead Systems
C:\Documents and Settings\Default User\Application Data\Intervideo
C:\Documents and Settings\Default User\Application Data\Leadertech
C:\Documents and Settings\Default User\Application Data\Simple Star
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Intertrust
C:\Documents and Settings\Default User\Application Data\Expensable
C:\Documents and Settings\Default User\Application Data\Macromedia
C:\Documents and Settings\Default User\Application Data\Intuit
C:\Documents and Settings\Default User\Application Data\Aol -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Default User\Application Data\Mozilla
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Aol
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Pure Networks
C:\Documents and Settings\All Users\Application Data\Netscape Internet Service -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Intuit
C:\Documents and Settings\All Users\Application Data\Individual Software
C:\Documents and Settings\All Users\Application Data\Broderbund Software
C:\Documents and Settings\All Users\Application Data\Broderbund Llc
C:\Documents and Settings\All Users\Application Data\Intervideo
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Brother
C:\Documents and Settings\All Users\Application Data\Scansoft
C:\Documents and Settings\All Users\Application Data\Aol Downloads
C:\Documents and Settings\All Users\Application Data\Itch New Regs Kind
C:\Documents and Settings\All Users\Application Data\Vmware
C:\Documents and Settings\All Users\Application Data\Sectaskman
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Movecreativetypehide
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Yahoo!
C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and Settings\All Users\Application Data\Aol Ocp
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Vmware -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Slim\Application Data\Identities
C:\Documents and Settings\Slim\Application Data\Mozilla
C:\Documents and Settings\Slim\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Slim\Application Data\Aol -- EMPTY Directory
C:\Documents and Settings\Slim\Application Data\Intuit
C:\Documents and Settings\Slim\Application Data\Macromedia
C:\Documents and Settings\Slim\Application Data\Expensable
C:\Documents and Settings\Slim\Application Data\Intertrust
C:\Documents and Settings\Slim\Application Data\Adobe
C:\Documents and Settings\Slim\Application Data\Simple Star
C:\Documents and Settings\Slim\Application Data\Leadertech
C:\Documents and Settings\Slim\Application Data\Intervideo
C:\Documents and Settings\Slim\Application Data\Ulead Systems
C:\Documents and Settings\Slim\Application Data\7100series
C:\Documents and Settings\Slim\Application Data\Microsoft
C:\Documents and Settings\Slim\Application Data\Aladdin Systems
C:\Documents and Settings\Slim\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Slim\Application Data\Acccore
C:\Documents and Settings\Slim\Application Data\Kazaa Lite
C:\Documents and Settings\Slim\Application Data\Brother
C:\Documents and Settings\Slim\Application Data\Fourplatformbait
C:\Documents and Settings\Slim\Application Data\Real
C:\Documents and Settings\Slim\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Slim\Application Data\Sun
C:\Documents and Settings\Slim\Application Data\Aim
C:\Documents and Settings\Slim\Application Data\Stupidremotefind -- EMPTY Directory
C:\Documents and Settings\Slim\Application Data\Corel
C:\Documents and Settings\Slim\Application Data\Imvu
C:\Documents and Settings\Slim\Application Data\Apple Computer
C:\Documents and Settings\Slim\Application Data\Skype
C:\Documents and Settings\Slim\Application Data\Divx
C:\Documents and Settings\Slim\Application Data\Error Safe
C:\Documents and Settings\Slim\Application Data\Viewpoint
C:\Documents and Settings\Slim\Application Data\Zangotoolbar
C:\Documents and Settings\Slim\Application Data\Avg7
C:\Documents and Settings\Owner\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Moo\Application Data\Identities
C:\Documents and Settings\Moo\Application Data\Mozilla
C:\Documents and Settings\Moo\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Moo\Application Data\Aol -- EMPTY Directory
C:\Documents and Settings\Moo\Application Data\Intuit
C:\Documents and Settings\Moo\Application Data\Macromedia
C:\Documents and Settings\Moo\Application Data\Expensable
C:\Documents and Settings\Moo\Application Data\Intertrust
C:\Documents and Settings\Moo\Application Data\Adobe
C:\Documents and Settings\Moo\Application Data\Simple Star
C:\Documents and Settings\Moo\Application Data\Leadertech
C:\Documents and Settings\Moo\Application Data\Intervideo
C:\Documents and Settings\Moo\Application Data\Ulead Systems
C:\Documents and Settings\Moo\Application Data\7100series
C:\Documents and Settings\Moo\Application Data\Microsoft
C:\Documents and Settings\Moo\Application Data\Aladdin Systems
C:\Documents and Settings\Moo\Application Data\Zylom
C:\Documents and Settings\Moo\Application Data\Brother
C:\Documents and Settings\Moo\Application Data\Real
C:\Documents and Settings\Moo\Application Data\Vmware
C:\Documents and Settings\Moo\Application Data\Help
C:\Documents and Settings\Moo\Application Data\Fourplatformbait
C:\Documents and Settings\Moo\Application Data\Sun
C:\Documents and Settings\Moo\Application Data\Paradoxlost
C:\Documents and Settings\Moo\Application Data\Novatix
C:\Documents and Settings\Moo\Application Data\Lavasoft
C:\Documents and Settings\Moo\Application Data\Aim
C:\Documents and Settings\Moo\Application Data\Folder Guard
C:\Documents and Settings\Dee\Application Data\Identities
C:\Documents and Settings\Dee\Application Data\Mozilla
C:\Documents and Settings\Dee\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Dee\Application Data\Aol -- EMPTY Directory
C:\Documents and Settings\Dee\Application Data\Intuit
C:\Documents and Settings\Dee\Application Data\Macromedia
C:\Documents and Settings\Dee\Application Data\Expensable
C:\Documents and Settings\Dee\Application Data\Intertrust
C:\Documents and Settings\Dee\Application Data\Adobe
C:\Documents and Settings\Dee\Application Data\Simple Star
C:\Documents and Settings\Dee\Application Data\Leadertech
C:\Documents and Settings\Dee\Application Data\Intervideo
C:\Documents and Settings\Dee\Application Data\Ulead Systems
C:\Documents and Settings\Dee\Application Data\7100series
C:\Documents and Settings\Dee\Application Data\Microsoft
C:\Documents and Settings\Dee\Application Data\Real
C:\Documents and Settings\Dee\Application Data\Aim
C:\Documents and Settings\Dee\Application Data\Acccore
C:\Documents and Settings\Dee\Application Data\Fourplatformbait
C:\Documents and Settings\Dee\Application Data\Stupidremotefind -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Mozilla
C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
C:\Documents and Settings\Administrator\Application Data\Aol -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Intuit
C:\Documents and Settings\Administrator\Application Data\Macromedia
C:\Documents and Settings\Administrator\Application Data\Expensable
C:\Documents and Settings\Administrator\Application Data\Intertrust
C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Simple Star
C:\Documents and Settings\Administrator\Application Data\Leadertech
C:\Documents and Settings\Administrator\Application Data\Intervideo
C:\Documents and Settings\Administrator\Application Data\Ulead Systems
C:\Documents and Settings\Administrator\Application Data\7100series
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Real
C:\Documents and Settings\Administrator\Application Data\Sun

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:32:41 PM 1/24/2007

+ Scan result:



C:\Documents and Settings\slim\My Documents\download\Setup.exe -> Adware.180Solutions : Cleaned.
HKU\S-1-5-21-2326369520-2387590086-153489426-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-2326369520-2387590086-153489426-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned.
C:\WINDOWS\system32\P2P Networking v126.cpl -> Adware.P2PNet : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{ABCD4567-76B5-4bc7-AAC5-396D70925B22} -> Adware.WinAntiSpyware : Cleaned.
HKLM\SOFTWARE\Classes\Interface\{ABCD4567-4D73-43E9-85E5-53A2DBD95422} -> Adware.WinAntiSpyware : Cleaned.
HKLM\SOFTWARE\Classes\TypeLib\{ABCD4567-7437-43EF-AB74-4AB1D3A37422} -> Adware.WinAntiSpyware : Cleaned.
HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier -> Adware.WinAntiSpyware : Cleaned.
HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier.1 -> Adware.WinAntiSpyware : Cleaned.
HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier.1\CLSID -> Adware.WinAntiSpyware : Cleaned.
HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier\CLSID -> Adware.WinAntiSpyware : Cleaned.
HKLM\SOFTWARE\Classes\wasfsd.CreationNotifier\CurVer -> Adware.WinAntiSpyware : Cleaned.
HKLM\SYSTEM\CurrentControlSet\Services\wasfsd -> Adware.WinAntiSpyware : Cleaned.
HKLM\SYSTEM\CurrentControlSet\Services\wasfsd\Enum -> Adware.WinAntiSpyware : Cleaned.
HKLM\SYSTEM\CurrentControlSet\Services\wasfsd\Security -> Adware.WinAntiSpyware : Cleaned.
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Cleaned.
C:\QooBox\Purity\DOCUME~1\slim\Application Data\WNSXS~1\WіnSxS\!update-4300.0000 -> Downloader.PurityScan.dx : Cleaned.
C:\WINDOWS\system32\wapisvit.exe -> Trojan.Small : Cleaned.


::Report end
 
Logfile of HijackThis v1.99.1
Scan saved at 7:47:57 PM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\HHVcdV5Sys\VC5SecS.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\HHVcdV5Sys\VC5Play.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\shicoxp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\AOL\1141366775\ee\AOLSoftware.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Muiltmedia keyboard utility\1.1\KbdAp32A.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\TV Station\PlayTV MPEG2\PVRemote.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Virtual CD v5\System\VC5Tray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.shopnbc.com"); (C:\Documents and Settings\slim\Application Data\Mozilla\Profiles\default\raq4smzi.slt\prefs.js)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VC5Player] C:\Program Files\HHVcdV5Sys\VC5Play.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [shicoxp] C:\WINDOWS\shicoxp.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [PowerS] C:\WINDOWSPowerS.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141366775\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AIMPro] "C:\Program Files\AIM\AIM Pro\aimpro.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Remote.lnk = C:\Program Files\TV Station\PlayTV MPEG2\PVRemote.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\slim\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/tgctlcm.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1095850444328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1162429477000
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {CEA3052D-65B9-44E2-A501-5E14024BC66F} (TricksterActiveX Control) - http://www.tricksteronline.com/control/tricksterActiveX.cab
O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://www.tricksteronline.com/control/KALogoutComponent.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E4FB635-06D6-4C91-9883-61EE971506C4}: NameServer = 192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Virtual CD v5 Security service (VC5SecS) - H+H Software GmbH - C:\Program Files\HHVcdV5Sys\VC5SecS.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
 
You may use HJT to remove this line if you wish:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
That's optional, it is not malware.

Your Java program is out of date and a security risk, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_06\ <<< out of date, download the newest version and uninstall all old versions in Add Remove programs.

I see you run SpywareGuard, here is a link to another excellant program from the same folks that I run, and tutorials for it and SG:
SpywareBlaster
http://www.bleepingcomputer.com/forums/tutorial49.html
SpywareGuard:
http://www.bleepingcomputer.com/forums/tutorial50.html

You may keep ATF-Cleaner if you wish, but please delete from your computer all other tools we used during the cleanup. The other exception is AVG Anti-Spyware and I will cover it in a moment.

This HJT log appears clean of malware, how is the computer running now? You had severe infections, we need to clean your System Restore files:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.
 
Thanks, everything is working much better now, running faster.

Two more things. Is Windows Defender active when I X it out?

I have two computers hooked up to share internet. I'm not sure if router has a firewall, We couldn't figure out how to set the firewalls we tried so that it was up without blocking net. Thanks
 
I do not see Windows Defender in the last HJT log you posted. You will need to read the information frem experts I posted and choose something before the AVG Anti-Spyware trial ends when it will no longer offer any realtime protection and should be turned off or uninstalled (I suggest you turn it off and keep the free scanner, updates are free and you can scan on demand) SpywareGuard will help but you need an a good spyware program. At least Windows Defender was free. Read the links I provided for expert opinions.

You will need to look at the specifications of your router to see if it has a firewall, some do and some don't depending on the price, here are some faq's: http://www.firewallguide.com/faq.htm If it does not, choose and install something, I personally do not believe the WindowsXP SP2 firewall is enough protection. This is just one opinion, Google for more if you need them: http://www.tech-recipes.com/rx/561/xp_sp2_firewall_zone_alarm

http://www.google.com/search?source...LG:en&q=configure+shared+connection+firewalls

Hope that helps
 
Glad we could help, as the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.

Cheers.
 
You must log in or register to reply here.
Back
Top