trogan on my gfs computer........

[jcurrieirocz]

hi while i was downloading windows updates onto my gf computer today avg kept bring up every 2 seconds saying problem opening file:
c:/windows/winhelp.exe:xutbx
trogandownloader.agent.2.BM
and
c:/windows/explorer.exe:CAVSL
trogandownloader.agent.4.BJ

now AVG didnt tell me it could be or was deleated tho....and also after i was done updateing I ran a full scan (updated also) and it found nothing.....

now im trying trojanhunter now from your links and seeing what happens.....
does avg ever think that maybe the windows update is a virus or something??? or do you think i do infact have one?? Thanks if you can help

*****update opps i just read your other post..... after the scan is done ill get hijack this onto her comp and run it then....

[guestolo]

Post the log from TrojanHunter when your done
Make sure you update the Latest Ruleset before scanning

Also post a hijackthis log as I asked in your other post
From my signature below, download and save too a permanent folder of it's own onto your harddrive
Hijackthis 1.99.1
Open Hijackthis.exe

Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log  here... Don't try and fix anything yet----It is all important

[jcurrieirocz]

please dont let me del anything off here she wants or ill get my you know what cut off hahah

Logfile of HijackThis v1.99.1
Scan saved at 10:54:00 PM, on 10/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\TrojanHunter 4.5\TrojanHunter.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gracie\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.Email Removed.com/' target='_blank' rel='nofollow'>http://www.Email Removed.com/</a>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {D815DA67-27CB-1169-9B2A-ABA388C50AC4} - C:\WINDOWS\system32\apisf32.dll (file missing)
O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [hwmjV] C:\documents and settings\gracie\local settings\temp\hwmjV.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\RunServices: [ICQ Chat Service] icqjdhs.exe
O4 - HKLM\..\RunServices: [System Event Manager] secsvc.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AOL Instant Messenger (tm) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Juegos On Line - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\eurogamelandia\entrar.html (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/132p/html/gtdownlr.cab
O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} - http://www.tnc4u.com/MCInst.cab
O16 - DPF: {2A57772A-D963-4533-A999-A4D66B7EF424} (BHO.clsUrlSearch) - http://sexprovider.com/video/exit/install.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - <a href='http://by1fd.bay1.Email Removed.msn.com/resources/MsnPUpld.cab' target='_blank' rel='nofollow'>http://by1fd.bay1.Email Removed.msn.com/resources/MsnPUpld.cab</a>
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/295f252ce5b9626a8b05/...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139493100372
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1ca.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45CBC499-2889-4007-965A-51B728BC40AE}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet:  (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[guestolo]

Did you fully update TrojanHunter and run a full system scan?
After the scan is done, save the log from TH
Allow TrojanHunter to fix everything it finds
Reboot the computer afterwards

If you haven't finished the scan with TrojanHunter yet
Let it finish
Post it's log along with a fresh hijackthis log

[jcurrieirocz]

ok after that log trogan hunter finished and only needed to do this...

Removed registry key HKEY_LOCAL_MACHINE\SOFTWARE\msbb

k its rebooting now..... il post a new hjt log in a sec
and yes i updated TH before the scan...i used the update button as the instructions for manual update arent on his site anymore

ok heres new log

Logfile of HijackThis v1.99.1
Scan saved at 11:03:05 PM, on 10/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gracie\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {D815DA67-27CB-1169-9B2A-ABA388C50AC4} - C:\WINDOWS\system32\apisf32.dll (file missing)
O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [hwmjV] C:\documents and settings\gracie\local settings\temp\hwmjV.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\RunServices: [ICQ Chat Service] icqjdhs.exe
O4 - HKLM\..\RunServices: [System Event Manager] secsvc.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AOL Instant Messenger (tm) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Juegos On Line - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\eurogamelandia\entrar.html (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/132p/html/gtdownlr.cab
O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} - http://www.tnc4u.com/MCInst.cab
O16 - DPF: {2A57772A-D963-4533-A999-A4D66B7EF424} (BHO.clsUrlSearch) - http://sexprovider.com/video/exit/install.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by1fd.bay1.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/295f252ce5b9626a8b05/...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139493100372
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1ca.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45CBC499-2889-4007-965A-51B728BC40AE}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet:  (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[guestolo]

OK, before you post the new hijackthis log
TrojanHunter should of cleaned maybe more, but that's ok
Can I have you uninstall TrojanHunter please
It may get in the way of other fixes

Reboot the computer again
Post a fresh hijackthis log

Let me know the following,
Do you have Ad-Aware Se Personal 1.06 or Spybot 1.4 installed on this computer?

[jcurrieirocz]

yes both are installed dont know last time she ran it tho
ill unistall that now...brb

ok done and heres new(edit**now old log read below)
Logfile of HijackThis v1.99.1
Scan saved at 11:13:07 PM, on 10/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gracie\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <a href='http://www.Email Removed.com/' target='_blank' rel='nofollow'>http://www.Email Removed.com/</a>
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {D815DA67-27CB-1169-9B2A-ABA388C50AC4} - C:\WINDOWS\system32\apisf32.dll (file missing)
O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [hwmjV] C:\documents and settings\gracie\local settings\temp\hwmjV.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunServices: [ICQ Chat Service] icqjdhs.exe
O4 - HKLM\..\RunServices: [System Event Manager] secsvc.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AOL Instant Messenger (tm) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Juegos On Line - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\eurogamelandia\entrar.html (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/132p/html/gtdownlr.cab
O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} - http://www.tnc4u.com/MCInst.cab
O16 - DPF: {2A57772A-D963-4533-A999-A4D66B7EF424} (BHO.clsUrlSearch) - http://sexprovider.com/video/exit/install.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - <a href='http://by1fd.bay1.Email Removed.msn.com/resources/MsnPUpld.cab' target='_blank' rel='nofollow'>http://by1fd.bay1.Email Removed.msn.com/resources/MsnPUpld.cab</a>
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/295f252ce5b9626a8b05/...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139493100372
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1ca.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45CBC499-2889-4007-965A-51B728BC40AE}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet:  (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[jcurrieirocz]

k... i c your not here now so im going to run a adaware scan and spybot and fix what i can then reboot and post a new hjt log then go to bed thanks for your help so far!!! she needs to keep on top of this stuff more.

[guestolo]

Download and install Windows CleanUp! 4.5.1
Don't run it yet

==Download CWShredder.exe and save to your desktop, don't run yet

Download AboutBuster.zip  and unzip the files to a folder on your Desktop
We'll need this later

==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" Uncheck
 "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Save the rest of these instructions to a Notepad file saved to your desktop or Print them out for use in safe mode

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu

Run Cwshredder.exe
Click on the FIX button,(Make sure to run the FIX and not the Scan, the scan won't do nothing)
 let it run and fix whatever it finds
When it's done
Exit
Don't reboot yet

Double click to run AboutBuster and click Begin Removal button. Once that's scan is done, Hit OK Click Exit once you are done. Click the OK button and it should exit.

Remain in safe mode
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Open Ewido Anti-Malware
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

O2 - BHO: (no name) - {D815DA67-27CB-1169-9B2A-ABA388C50AC4} - C:\WINDOWS\system32\apisf32.dll (file missing)
O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe
O4 - HKLM\..\Run: [hwmjV] C:\documents and settings\gracie\local settings\temp\hwmjV.exe

O4 - HKLM\..\RunServices: [ICQ Chat Service] icqjdhs.exe
O4 - HKLM\..\RunServices: [System Event Manager] secsvc.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Juegos On Line - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\eurogamelandia\entrar.html (file missing)

O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/132p/html/gtdownlr.cab
O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} - http://www.tnc4u.com/MCInst.cab
O16 - DPF: {2A57772A-D963-4533-A999-A4D66B7EF424} (BHO.clsUrlSearch) - http://sexprovider.com/video/exit/install.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/295f252ce5b9626a8b05/...ip/RdxIE601.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O19 - User stylesheet: (file missing)

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot back to Normal mode

Post back all the following please
1. Post back a fresh hijackthis log
2. Post the Whole report from Ewidos' you saved earlier too desktop
3. AboutBuster would of created a log called 'Ab LogFile.txt'
Can you post it please

Addtionally, an entry or 2 in your hijackthis log may need alternate methods for removal
From below can you download and unzip too your desktop Run_Keys.zip
Double click on Run_Keys.bat
A text file will open, copy and paste back the whole contents please

And last, but not least
Let's make sure Spybot and Ad-Aware are up to date
Open Spybot>>click on HELP>>About
Let me know spybot version and latest updates detection date

open Ad-Aware>>Click on Details under Initialization status
Let me know reference no. and Internal build please

[jcurrieirocz]

ok ill do all the above 1st chance i get but tonight i have to go...heres the latest hjt log after the spy bot and adaware done...but none of your last post is compleated. ill get back to you hopefully tomorow thanks...
JC

Logfile of HijackThis v1.99.1
Scan saved at 12:24:59 AM, on 11/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Documents and Settings\Gracie\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {D815DA67-27CB-1169-9B2A-ABA388C50AC4} - C:\WINDOWS\system32\apisf32.dll (file missing)
O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [hwmjV] C:\documents and settings\gracie\local settings\temp\hwmjV.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\RunServices: [ICQ Chat Service] icqjdhs.exe
O4 - HKLM\..\RunServices: [System Event Manager] secsvc.exe
O4 - HKCU\..\Run: [\IEService.exe] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IESERV~1\IEService.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AOL Instant Messenger (tm) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (file missing)
O9 - Extra button: Juegos On Line - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\eurogamelandia\entrar.html (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - http://inst.c-wss.com/132p/html/gtdownlr.cab
O16 - DPF: {26FD5192-A97C-4B48-A5D7-2420CFDCFDF2} - http://www.tnc4u.com/MCInst.cab
O16 - DPF: {2A57772A-D963-4533-A999-A4D66B7EF424} (BHO.clsUrlSearch) - http://sexprovider.com/video/exit/install.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by1fd.bay1.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/295f252ce5b9626a8b05/...ip/RdxIE601.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139493100372
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1ca.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45CBC499-2889-4007-965A-51B728BC40AE}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet:  (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

[guestolo]

Ok, I'll leave my last instructions posted
work thru them, they actually won't take that long to complete

Post back all the info I asked for later
Goodnight

[jcurrieirocz]

ok goter done of everything so far you requested..... here it is

Logfile of HijackThis v1.99.1
Scan saved at 6:38:15 PM, on 11/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Gracie\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.Email Removed.com/\' target=\'_blank\' rel=\'nofollow\'>http://www.Email Removed.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Corel Registration.lnk = C:\Program Files\Corel\WordPerfect Office 2000\Register\Remind32.exe
O4 - Global Startup: Desktop Application Director 9.LNK = C:\Program Files\Corel\WordPerfect Office 2000\programs\dad9.exe
O4 - Global Startup: Event Reminder.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by1fd.bay1.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1139493100372
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1ca.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45CBC499-2889-4007-965A-51B728BC40AE}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         6:20:47 PM, 11/04/2006
 + Report-Checksum:      6ACFF8A0

 + Scan result:

   HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning
   HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Error during cleaning
   HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Adware.Altnet : Error during cleaning
   HKLM\SOFTWARE\Classes\CLSID\{0119F278-475B-E5B8-00B6-C88D1EE40346} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{01510CDC-B6EA-A8D1-D316-AE91F33D01C4} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{04FC5C29-73C6-99FE-9568-2D6316E0DB4F} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{073C7FC6-8137-7BA8-FC4D-8518F53DD1BA} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{09042C0B-ADA3-569D-410C-F824C588F805} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{09352FEE-57D8-D24B-1C3A-C99062F9B4C8} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{0B28B10C-0852-4322-CD8D-98680E44C015} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{0BF8535F-2B56-1DD4-44A7-D4F95713C8EB} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{0DC9678A-0260-8CEB-0563-594D9FB02903} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{0FD2A8CA-086D-14C1-DA15-CA49D3F3B821} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{117089AA-D3C6-C679-D791-5088F7B82125} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{11B2E5EC-FEC2-6294-86A4-95682319ABD2} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{127B258A-8F8E-75B6-D538-4A7711988318} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{1430B49C-AF69-4F6D-F513-71EADE457EFD} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{166CDEFE-E88F-C410-5454-34602088172B} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{18C2B1ED-7635-92A8-5DB5-E71520573650} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{19A72A9E-9283-25A1-64C8-866A3A28A5F6} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{1D3E4E2E-E8BE-F392-C1A4-B33BB3205F18} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{1D626295-5E91-2B59-7E71-D5BE067A9719} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{1DCBFC66-4990-8A75-0B4D-74D7B850CC29} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{1EB1BC61-A9B6-80CA-CDCE-E2A960428849} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{1F7B837E-CC0C-8A77-DD3C-43144BEFEB4B} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{20970929-741B-E524-6A22-7A8BD24B33B9} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{21258EF1-13DE-0334-9DB4-2B3E344FFB37} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{21E654F5-CF30-4A95-C97F-98763D1324F9} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{24A21166-E0B9-9BB7-8A9C-DD4F05B5207A} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{24F52FD3-D9CD-C5B4-2108-1DBD812D6F79} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{25901F49-AB9D-2865-1DD3-8ECE5EAAD128} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{2627C43B-FB1D-F815-04DA-3D4D787AEB82} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{27622543-E879-3A47-D05A-97903406A96F} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{29CAABAC-A010-A9C2-B119-3F6044E0AF6D} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{2ABCBCF0-8C96-2872-D4B2-E7057D74D936} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{2DD82132-7F0B-C9AC-510E-D7AC82ADF83B} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{2FB2AF82-A6CB-27AE-14B6-70AF241F452D} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{31474984-8326-4EA8-44CF-B3365CB4B194} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{315397E1-2F75-F176-4C18-ED9C483D3FF6} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{322FB8F1-4225-C16E-7E8B-C92AF7A198BD} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{32FDEE89-3D00-0142-A0FE-63A0ED9E1F3C} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{353D04C8-A19B-A4F5-EF26-4ECE686C737F} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{36E15370-5FD0-D1EC-3368-C6A73C8F506F} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{38EE9684-D257-A538-1F82-16D8794C8BD7} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{39652FC9-57E8-9F1F-F728-8F55D9E5F49F} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{3C4AC4EC-FE88-B619-D551-78D33D1F43F7} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{3D3177E3-B283-0367-5485-9DB32FC7FD05} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{3EADA451-2E8E-BE2B-BDA9-7FF9E2AA68F8} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{3F1BB4CB-FD6D-A0D8-C38F-183CE033C2DA} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{4197FF54-5C18-A7E5-9CC3-32130092E2A4} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{41DF9B90-2AEA-7FE8-65F2-AC393F1D4CDE} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{424D322F-007D-619B-BC17-63F3201B9FED} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{44CC1828-0E3D-0A95-ABD6-EC5D9B87433C} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{45735144-763F-14AF-585D-A8C411A2567D} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{46C94277-FCEA-AC4E-94E0-8DF786BF993A} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{47C74D0E-24B0-3C42-95D1-CF0F4E376A71} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{4AA3BB56-37CA-AC96-1BCE-57B02E6C007B} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{4B04F9FF-A8D2-CC97-F041-1BB1E9874193} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{4BBEC0FD-DA38-B544-F1BF-7C2CC424B596} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{4C928477-3A6D-F1DD-A78A-1F75F7C46F82} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{4DF5116B-0DFE-9D51-AA17-CE70AC5E652D} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{4F766EC4-211C-AC42-9FA4-99E5B875A4CF} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{52BF7431-38AF-F288-81A9-E5DD23CF1ECF} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{52CA19C1-11C8-4272-E11C-3426F72C0AB9} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{538D316B-A3A2-1200-EE47-1BEF8BCDD755} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{54595623-DD6E-DF6D-5647-D57D6B2CFEEB} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{55BE37F8-1985-13E8-CD9B-5D824C0086C6} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{55C8C6D7-0FC7-6CAC-AA38-69CB63141D4E} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{57C0C13E-E95C-411D-BCD9-A537E6B2AA24} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5899D6C8-2875-45AF-8736-13BE0C3BA5EC} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5A3D985D-E7F0-92FD-318F-8930CFEB6D7E} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5AD1C8F8-A89B-7AC1-A165-9D86BEDAA202} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5AD33BA6-7ADF-0FBE-C0F0-7C18C405DE9E} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5BCC6952-A400-DA5E-2572-D68C74339A1B} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5C19DA3A-627A-8F16-BA65-30D8566CB9E4} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5C41979E-0C08-52D9-D1AE-1F0F1035ABB0} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5D05DF96-D875-77AB-A229-43E7371F233E} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5D8249B4-E958-6B03-D2C1-6480C0BABA6A} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5E880ABF-397E-7169-9342-D26277AB758A} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5ED0322D-E61A-0915-184A-5DEFC6990411} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{61D24A14-3A46-AD55-E435-902793177389} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6259AAB6-979D-83C5-B2DB-ABC95EA1C8B2} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{64093E2C-B6EF-B1DE-9C87-E7AD64BF980D} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{64B4C959-F47C-E57E-A0E5-F99C903141A2} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6769CB49-248D-E08B-15E7-10A94D7C172A} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6824A711-0D9B-543C-AEA6-1F3DD4847F3E} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6982F8EB-30D8-8961-789D-1F285B499CAE} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6A2FC992-C464-7D8E-A831-1F567C681F79} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6A75C515-CC5F-6696-8035-27DB2757E092} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6C2A592C-2CEB-91F6-ABFC-8A6CAA196309} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6DF861D0-BA9B-A44C-C0CF-FBF8C53F788C} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6E3BDCC0-A228-DCB8-7E88-ECF18F0D9B1C} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6F2F7312-647A-C992-D9BF-8F4A5CC18F6E} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6F463FF9-350F-E2E5-5AC7-B1F7644B24D7} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6F61BA9A-5EA1-7903-5454-DCA081431490} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{70A958A9-264F-9AC5-C44F-6C683E36E06F} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{73374308-91E6-5E66-411F-8EDBA399652C} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{75F61DED-E153-F229-9AB9-8E94124F8BCC} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7712FA8E-35A0-B2CF-ECDA-F2AEB55869AB} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{79070860-7C41-91F7-846B-070A0E3A7557} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7AEF1698-E8CD-4535-C196-EAEADE211A17} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7B566BE2-5C20-280B-C5D8-C38CBA964C00} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7C167707-1A73-2D53-6A0D-3C3EB55BCAAE} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7FDF80D6-8DD1-87AC-455C-99F26D3210FB} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{800DD44A-1A43-4B30-5E8B-4B4290DD31A1} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{805B5372-5E8D-06EA-8F76-4E177E2F0426} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{80E8CD34-35DC-961E-EADE-11A17381D170} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{818958EB-27DC-138B-73BD-F81BDF2118D3} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{82335B62-7DEF-0FF6-3C5F-94007ED6C7B3} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{825929FA-938D-0933-A4AB-393513D1CAF5} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{83962868-6A3A-9ABE-3EAD-6C841963E70A} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{86B28142-55BB-375C-F195-2B2B4F78D3CE} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{87993483-A3AD-794F-F265-DD005BD9116B} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{88D6255D-0E68-0875-2FBD-70E7E2C92CE7} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{8BCC463E-389A-AC36-B7B5-0B7AF0E04FD4} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{8C941C3A-6DF7-213B-1EDC-846016EB3E57} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{8D4FBE2D-404E-877D-0359-34F79402CC75} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{90BABD6B-DA3D-2814-4B15-345BCAAC2F67} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{933D30C5-9078-8EAC-2095-31F02FC90427} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9349E2D9-9792-5461-B625-11C9885773A4} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{939C3BB0-A463-713D-07C5-9DB1C8D60D81} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{95A3F09B-4262-4283-DBCC-7F94A44A9BA9} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9819E734-ABC7-8536-E943-A461C8EBAC8C} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{99F991F4-B99D-9CF6-C0E1-008449A5E64C} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9A8194E4-E89A-F96E-41AC-3B95DC66C7C0} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9D392CE1-0E98-05C3-BB34-7FC5B9D8D07E} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9D3DCB85-C38C-2CD8-1768-75E8BDB64A72} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9D569E8E-19DD-0917-0E06-21143150B6DF} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9DBEE8BB-183E-C5DF-4EAC-83ACE1F34A8B} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9DDAA18F-013F-A1BB-68F3-A676F7B91F7A} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9E1E9346-97E8-9911-1F00-BFA2313C50AD} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{A010C180-853B-BE16-1DD3-344A479E1151} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{A18C57E8-D993-69E3-56A8-F81A17FC9316} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{A2E2EDE4-E2D3-F3DF-1F23-8C3BEE10E0AA} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{A3DBF987-3149-B4CE-378C-729E03F10374} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{A4881825-4CC9-B4CE-6290-C430E5E901F8} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{A49D52A9-DE08-47DE-6764-86D278A7683C} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{A509FBA3-878A-C3A5-877D-BD1BD48538C9} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{A6BCE966-302E-BD8D-25BA-12F8C7148266} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{A9B63F00-46F6-794A-3935-C204BC7E0785} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{AA8263C2-BEC0-1A3A-53EC-210BF773BE14} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{AAEAF0EF-4CCD-6801-830D-30AC3AB7C39B} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{ABD7967C-3F51-655C-C22D-34A94C9679EE} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B0344A45-2782-64C9-5C43-8BD794FBF041} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B0367C2E-B56C-E211-63D0-EFD035F6EADF} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B1C06315-99CB-109E-436B-FB8F3258519B} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B1C677B3-B411-DB4C-5060-4FBCDCDEE682} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B27E8BCF-1A21-257E-958D-00B94008A3E8} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B825595B-2058-BCA4-1A37-31A9B58CD033} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B85FFBF7-B2D8-D30A-8289-46564A899064} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{BB2E6852-7961-1E70-E3C8-8433F21B7649} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{BBEC1B2A-AC72-57D9-D55D-F4CC11608C95} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{BEC227BD-6A8F-E5C9-B843-3F5517456552} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{BEE5AE94-A804-E8A2-F6F9-E353C5F4CD12} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{BFB065A2-4F3C-61BB-4A5B-FA6D452D3EAC} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C0853BFB-0434-401E-E2E0-2034267C5FC8} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C0C0E675-BCA8-D1EC-49B2-D7620FCDD5BE} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C0CDA43E-E64A-0E70-6EE5-255BDA98213E} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C216F9B0-0E1F-744C-D26F-31960E39901F} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C2D3D802-55DE-AF83-8D28-DCB9E085F258} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C448539A-1A24-DCB9-3152-D2DCA94E1831} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C4790940-96EC-3F25-4A2F-F6BF035B6FD5} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C5844CBD-D015-394D-8C9A-B52CFEA94E45} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C88C5868-A520-9D6E-B1C4-AA3EABDBF5E4} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C92A7209-D878-CDBA-715F-0ADF6FD6C738} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{CA536228-5961-D1A0-FEFF-CF26224A6BFA} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{CAF4D771-8A18-BC86-F551-A768543394E9} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{CDEF49C0-C459-D011-A77F-C683BBFBF72B} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{CE425367-668C-A46D-6F50-DC8B2B4033BA} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{CE911D1A-DD83-51E5-4A5F-1BD9DDAA421D} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{CF295B84-1F3D-A13C-944E-90632373707E} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D02E3516-4F75-FF8B-5AFE-ABA68C35CDCE} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D0F03457-32E5-5715-6CDD-72C94F05ABBE} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D0FA4573-5875-8801-7435-2625AB6EFC42} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D1B77085-930D-7845-2B1E-10B33DE519D9} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D248E877-9147-B61A-9906-B49B9375DB01} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D32FD27A-ECDB-EE56-1C5D-D4FA210397CB} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D4B62290-D1BC-E419-EF26-71766EF1A30E} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D55C13C3-AAF3-B1F4-0CB5-DD79312066D6} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D6EF05C6-13C4-35B7-58BF-46C5B6FB102B} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D815DA67-27CB-1169-9B2A-ABA388C50AC4} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D89FEB47-489B-5DB5-8F56-21233C5B92D4} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D9B2AA18-F956-E92A-6C65-405AF4880D98} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{DB1FA6AA-E2F1-B318-9DA7-634B64E13956} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{DBD3F02E-11A4-02EE-B06F-9E0E988D0090} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{DD83BAA4-41E8-EFEE-1476-E64CA18D26C6} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{DE2E18F3-E44D-115C-6A8C-1AE89883EC75} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{E12E07B7-2F78-59F6-02FA-A8BD15A926C8} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{E14C016F-0342-89AD-D475-D4092601854E} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{E1C3C5B8-DB64-9214-3152-74004E9FCB93} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{E207CDC7-CD26-369D-78B0-1A236861EDFA} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{E2FF7285-6F6F-9283-CBCD-D4E370856A52} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{E6226C29-4068-EB26-B869-9B4C7E50B3E9} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{EAB76292-5DD2-1DC9-D5FB-E69DE2ECC235} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{ED81D60C-C426-844A-2785-263DC930B5C4} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{ED9A9904-1A77-7088-1F23-D2794EDA2131} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{EDCB31B0-4821-FE62-875A-52D24E43E8CB} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F18B8F19-2940-0876-54D4-FBE52283D28C} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F1A4571F-46C9-C368-C70C-9911C42A8A18} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F1EC0573-E057-961B-FD45-78388DF47CE4} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F55D073A-8824-3A16-989A-7E60E10FA31B} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F5E678D4-39B4-DBD3-3D03-5CE4D3E7398A} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F63455E4-4D83-765A-A929-2344FCA150F1} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F6C8BCE2-FBA5-9DB6-B6F3-EBAA27151449} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F710B350-342B-CDD4-0BB3-EFD563F6AFF2} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F74BE206-1DFE-36CA-AD40-4E17A18DEFF4} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F99BF517-B3EA-27D7-0958-38A5124F9D87} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F9AD27F1-50B4-A52F-10E5-9CAEB34A9715} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{FA2FF9C4-E94D-FE79-BCE7-7E98CBB1DF15} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{FA5242E5-8006-01DA-9E12-778515EA0D80} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{FB2B91F2-20FB-CDCE-D34A-E50E5910E44F} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{FBE44A98-DCBF-9DB3-6DD2-44E146EF1C57} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{FD61BA98-941E-9405-ABB1-7E310AB2A6B1} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{FE0AAB93-86EB-567D-1206-035BABA516D5} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{FE94D56A-1AD9-11E0-34F7-8455FC4F3D27} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{FF394C8B-7899-97DB-8475-1BD5A14319C2} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Dsi -> Adware.Delfin : Cleaned with backup
   HKLM\SOFTWARE\MaxSpeed -> Adware.Maxspeed : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ISTbarISTbar -> Adware.HotBar : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D815DA67-27CB-1169-9B2A-ABA388C50AC4} -> Adware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup
   HKU\S-1-5-21-2681017343-4264649163-3499916212-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D815DA67-27CB-1169-9B2A-ABA388C50AC4} -> Adware.CoolWebSearch : Cleaned with backup
   C:\Program Files\MaxSpeed -> Adware.SideFind : Cleaned with backup
   C:\Program Files\PowerSearch -> Adware.404Search : Cleaned with backup
   C:\Program Files\PowerSearch\Toolbar -> Adware.404Search : Cleaned with backup
   C:\Program Files\PowerSearch\Toolbar\date.txt -> Adware.404Search : Cleaned with backup
   C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup
   C:\WINDOWS\hh.htt -> Trojan.Zapchast.a : Cleaned with backup
   C:\WINDOWS\jqjjf.dat:xpoqi -> Downloader.WinShow.ak : Cleaned with backup
   C:\WINDOWS\VTruck1.ini:zobna -> Downloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\winfw32.dll:kdxpz -> Downloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\winov32.dll:vwaiw -> Downloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\WMSysPrx.prx:oxejk -> Downloader.Agent.bq : Cleaned with backup


::Report End


AboutBuster 6.01
Scan started on [11/04/2006] at [4:57:42 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 5:00:37 PM


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb07.exe"
"HPHmon04"="C:\\WINDOWS\\System32\\hphmon04.exe"
"HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"Omnipage"="C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver3\\LVCOMS.EXE"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PopUpStopperFreeEdition"="\"C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe\""
"LDM"="\\Program\\BackWeb-8876480.exe"

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
@=""

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[guestolo]

That's looking good, but can you show me the following please
Open Hijackthis>>Open Misc tools sections
Open "Uninstall Manager"
Click the SAVE LIST button
Save this list to your desktop then copy and paste back here the whole contents please

Also, can you let me know the following

And last, but not least
Let's make sure Spybot and Ad-Aware are up to date
Open Spybot>>click on HELP>>About
Let me know spybot version and latest updates detection date

open Ad-Aware>>Click on Details under Initialization status
Let me know reference no. and Internal build please

How's everything running?

[jcurrieirocz]

k....

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
aspi
AVG Free Edition
Azureus
Canon CanoScan Toolbox 4.1
CCHelp
CCleaner (remove only)
CCScore
CleanUp!
Corel Applications
CR2
DBPix
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
ewido anti-malware
Google Earth
HijackThis 1.99.1
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Printer Series
ICQ Lite
IE Host
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05
Kodak EasyShare software
KSU
Legacy 5.0
LimeWire
LimeWire
LimeWire PRO 4.10.3
LiveUpdate 2.5 (Symantec Corporation)
Logitech Desktop Messenger
Logitech IM Video Companion
Logitech Print Service
Macromedia Flash Player 8
MaxSpeed
Micro WebCam Basic IC50C
Microsoft Data Access Components KB870669
Microsoft Web Publishing Wizard 1.52
Microsoft Works 7.0
MSN Messenger 7.5
Nero
Norton WMI Update
Notifier
OmniPage SE
OTtBP
PCDLNCH
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Pop-Up Stopper Free Edition
PrintMaster 12
QuickTax 2003 Standard
QuickTax 2004
QuickTime
RealPlayer
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SFR
SFR2
Shockwave
Spybot - Search & Destroy 1.3
SpywareBlaster v3.4
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VX2 Cleaner plug-in for Ad-Aware SE
Web Savings from Ebates
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Related
Windows XP Service Pack 2
WordPerfect Office 12
WordPerfect Office 12 Setup Files


ok
spy bot 1.3
2006-04-07

ad-aware se
ref. se1r103 10.04.2006
internal build 120


everything seems to be running fine now..like i said it was a mystery as it only showed she had a virus when she was downloading windows updates and even after when i ran the avg it found nothing...so i didnt know if i had one or not. I dont know everything what we did but the stuff i do know looks like we took alot of cr*p off this so thank you for your time and help im sure it worked wonders!!
Thanks again
Jeff

[guestolo]

We're not quite done yet, that's why I wanted to see an uninstall list

Can you do the following, again, it won't take much time

Some of your programs are outdated
Updating will increase security on this machine
Your have old versions of Java on this machine

Can you access this link
http://www.java.com/en/download/manual.jsp
I find the
Windows (Offline Installation) the most reliable although it's a bigger download
Save the offline installer to desktop
Don't install it yet

Your running an older version of SpywareBlaster
Can you access this link
http://www.javacoolsoftware.com/spywareblaster.html
Download and save the Installer to SpywareBlaster 3.5.1 to your desktop
Again, DO Not install it yet

Open the Windows Control Panel
Double click to open the Java Icon
Under the Cache tab>>Clear cache
Close Java

Access your Add/Remove programs and remove all the following please in the following order:
If one won't remove, carry on with the next one please
IE Host
MaxSpeed
Web Savings from Ebates

Next: Remove your old versions of Java
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_05

Next: Open the program SpywareBlaster 3.4
Click on the "Disable All Protection"
Let it finish then close SpywareBlaster
In add/remove programs Remove
SpywareBlaster v3.4

I need you to now uninstall your version of Spybot
We'll get you the latest version in a bit
Remove Spybot - Search & Destroy 1.3

Reboot the computer at this time

Back in Windows
Immediately do the following
*Install  SpywareBlaster 3.5.1 by JavaCool from the installer you saved too desktop
   

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

Double click on the Java installer to install the latest version of Java
Follow the prompts
After that is installed

Download and Install Spybot 1.4 from
HERE
 or HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer to finish any cleaning process

Back in Windows

Can you post one last hijackthis log to ensure it still looks good
and I'll post some final recommendations