This is a known problem with the icon cache. Extensive description and several solutions can be found here:...

You have a typical "Virusburst" infection. Self-help guide here: http://www.bleepingcomputer.com/forums/topic63896.html

I have no real clue yet, but this file looks extremely suspicious:

C:\DOCUME~1\MARK'S~1\LOCALS~1\Temp\Rar$EX19.406\Bitlord Pro (UseNext) incl acount-maker 100% working. Download with ur whole...

Hi takethetime,

if possible, please upload these files to http://virusscan.jotti.org for an online scan. Just go to that website, click on the "Choose" button on top of the page and navigate to...

Well done :) Can you remember the names of the three infections or do you still have the log files of the virus scan that told you of these infections? I can identify only two of them at the moment....

The very same button you clicked to do the scan should read "Save log" after the scan. That's what the phrase "The Scan Button has a new Caption. Save Log" means. If it doesn't, HJT is somehow messed...

I've got a vague feeling that HJT doesn't work correctly on your computer. I guess you refer to the description on this site: http://www.tomcoyote.org/hjt/ (Click on the images to enlarge them on...

When you start HJT the first time, a "new users quickstart" screen appears, the first button will be "do a system scan and save a log file". If you use this, the log file will automatically saved...

I just stumbled over this:
http://www.av-comparatives.org/
That should be what you were looking for :)

Yay...:mrgreen: Your log looks better now. If you can't find them, I assume they're gone (for the time being). HJT doesn't delete them automatically but we ignore that for now - we'll see if they...

Yes or at least the same kind of stuff- let's see what the new log says. The mentioned CLSID and this kind of filename seems to be typical for Adware.WhenU... annoying but rather harmless.
...

Hey kylethedarkn, look at the posting times... we both should join a synchronized swimming team...:cheesy:

Yes, try to remove that one, too. But it may come back with a new filename. The thing that generates these *.dll files may be still on your computer and maybe it hides itself from HJT. Please rename...

Your log looks clean (in terms of malware) to me. But as I just learned, please rename HiJackthis.exe to something you like (DonaldDuck.exe or something else) and run/post it again. If nothing...

Yep, Kylethedarkn is right, too and has found them...:mrgreen: I guess the toolbar thingie (nso78.dll, its relatives are described here: http://www3.ca.com/securityadvisor/pest/pest.aspx?id=58306 )...

Hard to tell what exactly pested your system from the log alone. The O20 entry is strange and one BHO can point to 50 or more different malwares. What exactly is to read in these popups? Which (fake)...

Your copy of HJT is outdated. Please download the latest version and post a new log: http://www.hijackthis.de/downloads/hijackthis_199.zip

Your XP is running without any Service Pack and...

Your copy of HJT is outdated. Please download the latest version and post a new log: http://www.hijackthis.de/downloads/hijackthis_199.zip

Your XP is running without any Service Pack and...

Hi Graham,

hard to tell what's the cause for this. I guess you already took into consideration that most home DSL connections are disconnected every 24 hrs and get a new IP address. (Then it could...

Your log has these fishy entries:

O4 - HKCU\..\Run: [4ddd44b5.exe] G:\Documents and Settings\Mark\Local Settings\Application Data\4ddd44b5.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -...

After some more Google search I'm pretty sure that connecting 224.0.0.22 is not a sign of an infection. It seems that the Sygate firewall confuses lots of users with a false alert. I found a lot of...

Just wait a bit with reformatting...

I quote from this URL I found: http://forums.spywareinfo.com/lofiversion/index.php/t43918.html

I'm confused... googling for 224.0.0.22, I can't find clear...

Your log looks clean again, just as expected...

I know exactly what you're talking about...:cheesy: But when Blacklight and RootkitRevealer didn't find any discrepancies, this must be one of the "smart" rootkits we are afraid of. But not smart or...

Unfortunately yes, for me it looks very clean. Maybe I missed something... Have you tried some rootkit scanners? What do they report?

Download HJT: http://www.majorgeeks.com/download3155.html

Please enter "Winantivirus" in the forum's search box and follow the instructions you find (run Vundofix and post the log).

Hi spivey5,

concerning your "Virusburst" infection please read this thread:
http://www.daniweb.com/techtalkforums/post248650.html#post248650
But you have some more nasty stuff in your log -...

You're welcome and I'm glad to see that it worked! :cheesy: As a last action you can fix the very last entry in the log - it was a nasty (adware), too but the file was luckily missing.
Before I...

D'oh! Even not in Safe Mode? Then download two programs that I've never used before, too (but seen often in this matter):
LSPfix: http://www.cexx.org/lspfix.htm
and
Killbox:...

Well done, some of the stuff seems to be gone, but there are still a few things to fix:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sas.r21.mchsi.com:8000...

Thanks, that should be enough information for now. There is an issue with 98 and more than 768 MB only and your processor should have sufficient L2 cache to have that amount of RAM cached, so this is...

Sorry, I'm afraid there isn't much hope for you: This question comes up every so often and I never found an answer. Your log looks clean which is kind of bad in this case (the only people that solved...

Your log looks clean to me. These Logitech BackWeb entries are a typical case of "Logitech's overfatted software needs a diet". They come from the "Desktop Messenger" component, which is mainly used...

Sorry, I wish I could help you better but I have very little experience with all the removal tools, so you'll have to wait for the virus killer guys here. Or just google for each of the malware names...

Your log looks clean to me. That doesn't guarantee you don't have a virus, it may be well hidden from HJT. But your virus seems to be a generic virus alert from heuristic search, hence it could be a...

Welcome to the strange world of messageboards :)
If the other threads (like the proposed ones on the bottom of this page) didn't contain any help, a HJT log would be a good idea. Are the IE windows...

Your log shows some nasties to work on:

C:\WINDOWS\system32\SECUREANTIVIRUS.EXE
is a worm described here:
http://www.bleepingcomputer.com/startups/SecureAntivirus.exe-8892.html
...

I can't see traces of an infection in this log, just like all the programs you ran. This doesn't mean there can't be malware, but your problem is probably more generic - XP gone mad, hardware...

I can't see anything unusual in the log. Some Quicktime stuff
C:\WINDOWS\LOADQM.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE"...

I'm not sure if that is possible with Norton at all. You already stripped it down to what you need, but since it's a program suite, central components will always be installed and loaded. I liked...