Oh Boy do I need help!!!!

[Roxy]

OK, first I'm going to post my problem....which I posted on an aol site.  (It's a bit lengthy...sorry!)  I was told to go to "Merijn.org" to download hijack this, run it and send it to this person who said they'd help.  When I went to that site, near the top it mentions "wwwcoolwebsearch" and how you need to get rid of that before running the Hijack This.  Well, that was one of the things that I do remember seeing that it said I had.  Should I use that tool and remove that before I run Hijack This?  And then, I'd like to post my Hijack This log here....is anyone around who can help me for the next couple of hours?

Here's my post below (edited slightly from what I posted on aol) showing all of my problems!  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' />  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />
_________________________________________________________________

Hi-
I've gotten into quite a mess recently.

I got a new computer because my last one, which was only a couple of years old, just completely died.  (I mention that because I just don't know if I had gotten something then.)

Anyway, I have had problems with this computer since I got it.  I hate it but fell for the sales pitch by the guy (and I thought I was pretty smart!)  This guy was into computer games, so I should have talked with someone who would sell me something for me...but I bought the computer he recommended: It has an AMD Athlon 64 3400+ processor, Windows XP Media Edition (which I hate....and NEVER use and DON'T need!!)  It's supposed to have 512 MB of RAM, but there is never more than 300-something available.  The computer has been crashing since I got it....several times a day.  The page just goes white, or white with pretty stripes on it, and I have to turn the power-strip off and on again.  I thought it was just because there was so much crap loaded on it and I kept trying to play with it, and then I thought it was adware and kept running scans.  All this, while working and traveling...thinking I should just take it back....and then before I know it - 5 months had gone by.   So now I don't know if they'll even take it back.

OK.so...I had problems too, fromt the beginning with the AV (they had Norton preloaded) but then seemed to get that working.  Then all of a sudden it wouldn't update.  Then it wouldn't let me open the AV.  Then my trojan remover wouldn't work.  The story could be longer and longer, but here's the scoop now:
No AV, many things that won't open, when I try to run online scans it crashes, etc.  I downloaded this "SpeedUpMyPC" thing, which has a crash recovery on it and everytime I try to do something (like order online AV software) as soon as I start typing in my name the crash recovery starts running.  It's already done it twice since I've been typing this email.  (In other words, something wants to crash my computer so I can't fix it.)  I finally got to update my Adaware and ran it in safe-mode and it showed I had a keylogger.  I deleted that.  But I'm thinking it must still be there....or there are more keyloggers.

Then last night I bought Defender-Pro 15-in-1 (I had wanted to get rid of the resource hogging Norton/Symantec and didn't want McAffee again as I had problems with that years ago.)  I knew I needed to download and run it in safemode because something is disabling all my AV and sypware stuff when the computer is on.  But the damn thing won't let me complete the download in safe-mode.  The other components will, but the AV wants to access it's website for something, and in safe-mode I'm not connected!

So then I downloaded several things last night (I've been up ALL night) and ran them in safe mode.  Only 1 would actually take out the sypware it found....all the others (and each anti-spyware found different spyware/trojans) wanted to access their website, or said I'd have to purchase it first!!!  AARRGGHH!!!!!  So all of these things are still on my computer!

Now, remember, I cannot run any online scans!  I have no AV on my computer at all cuz I took out all the Norton to download the Defender (not that the Norton worked anymore anyway....because it didn't.  Whatever is on my computer disabled it and it couldn't open in safe-mode either....because it was "damaged" or something like that.)

One of the ones I downloaded was the "E-scan" and when run in safe-mode it said I have 8 viruses and 158 errors.  But I have to purchase it in order for it to remove them!!!  (Also remember that I can't do that because whatever is on my computer won't let me do that!)

OK, so I go to the Kaspersky site and it says I can download, and actually use, the software on a 30-day trial.  So I do that.  But it wants to email me the software.  When it asks for my name and email address....as soon as I start to put that in the computer tries to crash...everytime.  But then my "SpeedUpMyPC" saves it with crash-recovery (it just tried to crash again!) and then I finish entering my info.  I hit verify...it says it's emailed it to me...and then I get nothing.  I've done it 3 times.  Whatever is on my computer is not letting me get the email!

What can I do now?!  I need to be able to download an AV to my computer and then go into safe-mode where I can install it, run it, and fix whatever is wrong.

(It just tried to crash again!!)  Can someone PLEASE help me!  I will keep checking here if this virus, trojan or keylogger will let me (well, I guess there are several...I just don't know what they are!)  I'm getting a little freaked and paranoid by all of this!!!

By the way, I need my computer big-time for work tonight, so any immediate responses would be oh-so-appreciated!!!  Thanks!

Roxy

[guestolo]

From my signature below, download and save to a permanent folder on your harddrive
Hijackthis 1.99.1

Open Hijackthis.exe
Do a "SCAN and Save a Log file"
A text file will open
copy and paste the WHOLE contents of the log  here... Don't try and fix anything yet----It is all important

[Roxy]

[color=\"#993399\"]OK, I ran Hijack This and here's the log.  How does it look?  

Also, I do have a couple of the logs from the scans I ran last night (spyware and the av "E-scan" if you want to see those.)

Thanks![/color]


Logfile of HijackThis v1.99.1
Scan saved at 4:00:00 PM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutUpdate.exe"
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [LanzarP2006] "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{6D8AD7BA-BC2B-4F2D-B8A4-5EE51D1D5CF8}\{EEBA9416-3207-47E0-9022-116440599DBC}\..\..\P2006tmp\Install.exe" /SETUP:"/l0x0009"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'\' />  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'\' />  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\'\' />

[guestolo]

Also, I do have a couple of the logs from the scans I ran last night (spyware and the av "E-scan" if you want to see those

Yes, go ahead and post them
Spyware>>Do you mean SpySweeper?

If the logs are long, it may take a few replies to post it all, but please try and post it all

[Roxy]

Well...I was going to post the logs, but there aren't any!  When I try to access the programs, none of them (probably because I didn't purchase them) show the logs!  And the one that I had on my desktop (that I copied and save) is not on my desktop anymore!   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/mad.gif\' class=\'bbc_emoticon\' alt=\':angry:\' />

Would you like me to go into safe mode and try to run these scans again and then post them right away...before they disappear!!

I did write a couple down -

Defender found "e-surveiller"

Spybot found "coolwwwsearch" (but then crashed before it could finish)

SpySweeper found several things, one of them was something called a "web dialect toolbar" and (yes, I actually wrote this one down....and then decided that was crazy, I'd just copy and save it!) was:
HKLM\software\microsoft\windows\urrentversion\explorer\browserhelperobjects\{c68ae9c0-0909-4ddc-b661-c1afb9f59e53}

Somebody else found something that started:
i386\apps\app19735\src\install\....

but then I decided to save that one too.

And then "E-scan" found a whole bunch of stuff.  It said it scanned 99306 files, there were a total of 8 viruses, 0 were disinfected, deleted or renamed (because I'd have to buy it....and I was in safe mode with no internet connection) and it said there were 158 errors.  There were a whole bunch of things listed, some it said was adware, some looked like browser hijackers or something, and then a bunch of stuff....but I tried to save it and couldn't as it wouldn't let me.

Any suggestions?

Oh, and I also remember that E-scan said on several things it had listed something like:

Probably password protected

I remember because I wasn't sure what that meant.

[guestolo]

==Download CWShredder.exe and save to your desktop
Don't run it yet

Can you make a new text file on your desktop please
Right click an empty spot on your desktop and select NEW>>Text Document
Name it escan.txt
This is where you can save the results


Download  eScan again, I want to make sure it is right up to date
Mwav.exe
There's nothing to install, save it
Don't run it yet

Reboot in safe mode
Run CWShredder.exe and click the FIX button
and let it fix whatever it finds

Double click on Mwav.exe
In eScan
Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
Give this scan time to finish, it's very thorough
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane---  Use "CTRL and the  C" keys  on your Keyboard to copy all found in the lower pane
Paste that info to escan.txt

****If prompted that a Virus was found and you need to purchase the product  to remove the malware, just close out the prompt and let it continue scanning
We just want to see where the bad guys are

Reboot back to Normal mode  

Post a fresh hijackthis log and the results from eScan.txt

[Roxy]

Will do, but it may be a while before I post again.  I left my office when E-scan was scanning this morning (like at 4am) and didn't go back in until 8am or so, and it said that scan time was 3:30:07.  I'm assuming that meant 3 1/2 hours.

I will take your advice, do as you suggest, and will post again in a few hours when the scan is done.

Thank you so much for helping me!

[Roxy]

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />
Oops.  I've got a question.  After I went into safe mode, I "came back out" to ask you if I should turn off my system restore or not.  I know that I've read that viruses could "hide" in there, but I was afraid to shut it off in case I need to go back.

I forgot to ask you before. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

I'll wait a about 5 or 10 minutes to see if you see this post to respond and then if I don't hear from you, I'll just go ahead and scan without turning it off....as you didn't mention that anyway.

Let me know, though, if you do see this.

Thanks!

[guestolo]

Leave system restore on. I like to leave this till the end
With it off we have nothing to fall back on

[Roxy]

Okie doke.

thanks for responding quickly.  I'm off to safe-mode land.......

[Roxy]

Hey questolo!
Wow...it's 1:05am and I'm finally back.

I ran the CWShredder as you said, but it said I did not have coolwebsearch (or whatever it's called.)  I did have it before (I think Spybot found it...or somebody did...and they must have deleted it.)  Anyway, because nothing else has changed because it found nothing, I did not run another hijack this scan because it will look the same as it did before.

And I ran the 3 1/2 (or longer) eScan, but I could not copy and paste it as you had wanted me to.  I used the CTRL & C too as you suggested.  I tried all kinds of things.  What I ended up doing was using my UltraSnap to take pictures of it, and paste it into a document.  I couldn't paste it the text file that you had wanted me to as it wouldn't paste right.  AND...one other thing (this will get even crazier) when that lower pane is showing, only 1/2 of the line (6 lines at a time) shows so I had to snap a shot of the first 1/2 of 6 lines, then move it over and copy the second 1/2 of those 6 lines, and then move down to the next 6 lines and do it again.  (I hope you understand what I'm trying to explain.)  You will see on the VERY LONG document that I'm going to post, that there is a "1" (those first lines I could get all of in the shot) and then there's "2a", "2b"; "3a", "3b"; etc.  Those are the 2 halves of each set of lines.  Sorry...it was the best I could do.

I also ran one of the spyidentifier's that I had downloaded last night and will post what I copied and pasted from that scan.

I'll post the CWShredder logfile too.

I'll do that in 3 separate posts on this string...hope that's ok.

Please let me know as soon as you have some advice for me on what to do with this mess!!!

Did you get any info from the first hijack-this log I posted?

OK....scan results/logs to follow........

OK, this is what SpySweeper found.......


12:04 AM: |       Start of Session, Tuesday, January 03, 2006       |
12:04 AM: Spy Sweeper started
12:04 AM: Sweep initiated using definitions version 556
12:04 AM: Starting Memory Sweep
12:05 AM: Memory Sweep Complete, Elapsed Time: 00:01:37
12:05 AM: Starting Registry Sweep
12:05 AM:   Found Adware: web dialect toolbar
12:05 AM:   HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{c68ae9c0-0909-4ddc-b661-c1afb9f5ae53}\  (1 subtraces) (ID = 146237)
12:05 AM:   Found Adware: adcom
12:05 AM:   HKCR\clsid\{83ec9074-6cba-43e8-b7e0-6a3809c4a958}\  (12 subtraces) (ID = 861285)
12:05 AM:   HKCR\clsid\{93f764ac-24d1-484f-92ea-3c84e31cdf72}\  (12 subtraces) (ID = 861315)
12:05 AM:   HKCR\clsid\{d360501e-dc73-4de6-a61c-21925aed7835}\  (12 subtraces) (ID = 861344)
12:05 AM:   HKCR\clsid\{f9668ada-fc6b-47f4-8381-de861dba5115}\  (12 subtraces) (ID = 861407)
12:05 AM:   HKLM\software\classes\clsid\{83ec9074-6cba-43e8-b7e0-6a3809c4a958}\  (12 subtraces) (ID = 861629)
12:05 AM:   HKLM\software\classes\clsid\{93f764ac-24d1-484f-92ea-3c84e31cdf72}\  (12 subtraces) (ID = 861659)
12:05 AM:   HKLM\software\classes\clsid\{d360501e-dc73-4de6-a61c-21925aed7835}\  (12 subtraces) (ID = 861688)
12:05 AM:   HKLM\software\classes\clsid\{f9668ada-fc6b-47f4-8381-de861dba5115}\  (12 subtraces) (ID = 861751)
12:06 AM: Registry Sweep Complete, Elapsed Time:00:00:12
12:06 AM: Starting Cookie Sweep
12:06 AM:   Found Spy Cookie: 2o7.net cookie
12:06 AM:   hp_administrator@2o7[1].txt (ID = 1957)
12:06 AM:   Found Spy Cookie: adknowledge cookie
12:06 AM:   hp_administrator@adknowledge[1].txt (ID = 2072)
12:06 AM:   Found Spy Cookie: advertising cookie
12:06 AM:   hp_administrator@advertising[2].txt (ID = 2175)
12:06 AM:   Found Spy Cookie: apmebf cookie
12:06 AM:   hp_administrator@apmebf[2].txt (ID = 2229)
12:06 AM:   Found Spy Cookie: ask cookie
12:06 AM:   hp_administrator@ask[1].txt (ID = 2245)
12:06 AM:   Found Spy Cookie: atlas dmt cookie
12:06 AM:   hp_administrator@atdmt[2].txt (ID = 2253)
12:06 AM:   Found Spy Cookie: atwola cookie
12:06 AM:   hp_administrator@atwola[1].txt (ID = 2255)
12:06 AM:   Found Spy Cookie: burstnet cookie
12:06 AM:   hp_administrator@burstnet[2].txt (ID = 2336)
12:06 AM:   Found Spy Cookie: casalemedia cookie
12:06 AM:   hp_administrator@casalemedia[2].txt (ID = 2354)
12:06 AM:   Found Spy Cookie: ru4 cookie
12:06 AM:   [email protected][2].txt (ID = 3269)
12:06 AM:   Found Spy Cookie: qksrv cookie
12:06 AM:   hp_administrator@qksrv[2].txt (ID = 3213)
12:06 AM:   Found Spy Cookie: questionmarket cookie
12:06 AM:   hp_administrator@questionmarket[1].txt (ID = 3217)
12:06 AM:   Found Spy Cookie: tribalfusion cookie
12:06 AM:   hp_administrator@tribalfusion[2].txt (ID = 3589)
12:06 AM: Cookie Sweep Complete, Elapsed Time: 00:00:11
12:06 AM: Starting File Sweep
12:20 AM: File Sweep Complete, Elapsed Time: 00:14:25
12:20 AM: Full Sweep has completed.  Elapsed time 00:16:35
12:20 AM: Traces Found: 119

[guestolo]

I'm on my way to bed as I have to work in the morning

Can you do the following after you post those logs please
I won't see the outcome till tomorrow

Please disable SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable SpySweeper: Do any that applies

Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".

==Download and Install
Windows Cleanup! 4.0
Don't run this yet,

Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Save the rest of these instructions to a Notepad file saved to your desktop or Print them out for use in safe mode
Reboot into safe mode

=Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

    * Empty Recycle Bins
    * Delete Cookies
    * Delete Prefetch files
    * Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

Remain in safe mode
==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
Note: As Ewido is running, don't open any other windows

Reboot back to Normal mode
Can you post back the following please

1. Post back a fresh hijackthis log
2. Post the whole contents of the Ewido report

[Roxy]

Yes, I figured you may not see this until tomorrow.  I don't even know what time zone you're in, but I thought you might be going to bed, or in bed.  (Thank God I'm working from home tomorrow because I haven't had any sleep and didn't get my work done this weekend because I've been doing this!!)

Anyway, I printed out your post and will do as instructed.  I'll post again tomorrow (or later today, I should say) after I done that.

Also, here's the results from the eScan below.  I hope it's not too confusing! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

Shoot!  It won't paste right here either.  Can I attach the document to this post?  Let me try that:

Well it looks like it.  I'll try to send it and we'll see what happens!
 http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\'\' />


WELL...looks like the attachment is too big.  (It's 8 pages.)  I'll try to cut it in half and send it.

OK, that didn't work.  I'll try to break it up into 3 parts!!! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />

Be sure to notice, if you didn't already, that the SpySweeper results ended up going into my post that posted to the board before your response!  I don't know how it did that, but please note that it's in #11 post.

And I don't normally have that on my computer so it's not a problem at all to disable.  I've usually only used SpyBot and Adaware.

I just downloaded a whole bunch of stuff in the past couple of days trying to do scans and see what's going on with my computer.  But now I'm here and I just know that you'll help me figure it out!!
 http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'\' />

[Roxy]

OK.  Let's try this in 3 parts:

Arrgghh!!!!!!!!  It still is saying it's too big!!

Let me see what else I can do....

Well I THINK it went through....(the first of 3 parts) because I didn't get a message telling me that it couldn't.  but I don't know where it shows up that I've attached something.  Oh well.  I'm going to send this post and see if it worked before I do the other two!

  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />

[Roxy]

questolo-
You'll have to let me know how to get these eScan results to you.  I don't see an attachment on my post.

If you've got any ideas, then let me know!

More later..............

[Roxy]

Hello-
I ran the cleanup! and holy cow!  I thought I WAS cleaning out all of my temp files regularly!  That scan said it deleted 4511 files (most looked to be temp files) and it said it freed up almost 1.4 GB!  Wow!  I'm definitely keeping that on my computer.  How often can I run that?  (I want to delete/remove a bunch of the other stuff - like all of the AV and spyware scanners that I downloaded recently.  I want one AV on my computer and will either use the defender firewall or ZA.  I'm hoping you will also help me with all of that after we get my computer fixed and cleaned up.)

OK.....Below is my fresh hijackthis log:



Logfile of HijackThis v1.99.1
Scan saved at 1:37:27 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutUpdate.exe"
O4 - HKLM\..\Run: [Complete Security] "C:\Program Files\Defender Pro Private Surf\PrivateSurfNT.exe"
O4 - HKLM\..\Run: [CompleteSecurityUpdate] "C:\Program Files\Defender Pro Private Surf\AutomaticUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SpeedUpMyPC.lnk = C:\Program Files\LIUtilities\SpeedUpMyPC\speedupmypc.exe
O4 - Global Startup: WinTasks.lnk = C:\Program Files\LIUtilities\WinTasks\wintasks.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


I'll send the Ewido report in another post.  (Let me know how you want me to send you the eScan.)



Here is my Ewido report, as requested.  I will now wait to hear from you.



---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         1:29:49 PM, 1/3/2006
 + Report-Checksum:      D294CBD4

 + Scan result:

   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc100.txt -> Spyware.Cookie.Adserver : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc187.txt -> Spyware.Cookie.Adtech : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc189.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc19.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc190.txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc191.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc192.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc194.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc197.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc198.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc199.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc29.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc34.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc35.txt -> Spyware.Cookie.Com : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc39.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc41.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc52.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc54.txt -> Spyware.Cookie.2o7 : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc74.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc80.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
   C:\RECYCLER\S-1-5-21-585124988-2935058200-1954285887-1008\Dc89.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup


::Report End

[Roxy]

Hi questolo-
I'm not on the 2nd or 3rd page yet, but I just wanted to bump up as I'm just in limbo on some work stuff until I get my computer fixed.  And I'm hoping that you'll be able to respond to my posts from last night and earlier today this evening so that I can start working on whatever you advise me to do, and maybe...hopefully...get this thing fixed tonight.

And you may have been planning to.....I just wanted to remind you about me. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'\' />

Kind of like a "please, please, pick me, pick me!"   http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

Thanks for all of your help!

[guestolo]

I see you have Spybot installed
I want you to hold onto that please

Hold onto Ewido and cleanup!
If you have Ad-Aware SE Personal installed hold onto it also

I think your having other problems with other Firewalls and Virus scanners

Zone Alarm has a good reputation,
In honesty I have never used Defender Pro

What we need you to do next is get you down to only using on AV and one Firewall
This includes the Firewall built into XP

What do you have installed from Panda's

Did you completely uninstall Nortons' ?

You may be getting conflicts from all these running at the same time

Remember, Have only one AV running and one Firewall, then we'll go from there
Disable the others completely or uninstall them please

[Roxy]

Thanks questolo, but I have only had more than one AV on my computer, and all of those spyware scanner things on my computer from just the last couple of days.

That certainly wasn't causing the problems I've been experiencing as they were happening before I installed that stuff.  I have, for a long time, only run Norton AV (and would occasionally do an online scan) and I've had spybot, Ad-Aware SE and Zone Alarm.  But my computer has been crashing and all of the RAM is being used up.  Someone had suggested, and I noticed, that Norton and Symantec uses a lot of RAM.  Also.....with Norton and ZA....I got the stuff that is on my computer now!......or has recently been deleted from my computer.

I started to download Panda....just 2 days ago because I was trying to find an AV that I could run in safemode that would let me fix whatever it found.  But I didn't finish with it, so it only half-installed, I guess.

I think I completely uninstalled.....I used uninstall in add/remove, and tried to delete any files I found with Norton or Symantec.

Did you not find anything in my hijackthis log?  You didn't comment.

I still don't know if it's safe to try and run my virus scan.  The one scan, eScan (that I can't copy here into the post, and which attachment that I split in FOUR, and it still says is too big) said that I have 8 viruses.  But I can't get that to you (unless I can email it) and I have not yet deleted these....whatever they are.

My trojanremover was disabled and didn't work, my Norton's didn't work, etc.  My computer keeps "crashing" down to a frozen (can't do anything else but unplug and replug) into a white screen....or a white screen with stripes.  Any online scan I attempt doesn't work because my computer freezes up in the middle.

Since I installed SpeedUpMyPC about 1 1/2 weeks ago or so, and figured out how to set the "crash recovery" now when the computer WANTS to crash (to the white, striped screen) this keeps it from getting to that point.  So at least I don't have to turn the power strip switch off and on (which can't be good for the wireless router!)

And there is tons of RAM being used.  Sometimes that's what crashes it.  I see the bar go up and up and then, bam-gone.  Sometimes there's no rhyme or reason-it just crashes.

AND....today I just discovered that when I hit the shift key and p, in other words try to type a capital "p" letter, the computer tries to crash.

What is causing all of this?  I've run the scans, posted the stuff, and I'm still afraid to download anything, or send any attachments to people because I don't know what I have.  The eScan said I have 8 viruses, but I can't fix them with eScan in safe mode and I  can't do any online scans.

Right now, I have no AV running.  I uninstalled Norton so that I could install Defender Pro (which I then uninstalled when I found I couldn't download it in safe-mode.)  I only have ZA, and that doesn't work right either (virus disabled that too?....don't know but it quit letting me update, and it shows things in there I didn't approve, and it is not showing very many programs....but it's let some through that I don't know what they are!)

My computer is such a mess....are you picking anything at all up from my scans so far?
Did you see anything in the hijackthis log?

I can disable more stuff, as you suggested, but do you know what's going on?  Any ideas?

Thanks!  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'\' />

[guestolo]

Your Hijackthis logs aren't too bad and Ewido didn't find much but cookies

The problem may be with all these half installed programs you have

Can you do the following please
Open Hijackthis>>Open Misc tools section>>Open uninstall manager
Click the SAVE LIST button
Save this list to desktop
copy and paste back here the whole contents

Additionally, post back a fresh Hijackthis log
Please don't install anymore virus scanners, this is not helping you at the moment