Windows explorer.exe was crashing & rebooting itself.

On Startup, explorer.exe would show the desktop for about 10 sec, then crash for about 10 sec, then cycle through the same for about 10 min until it just would not start up again.

Following the instructions for cleaning from another post:
http://www.daniweb.com/forums/post738435-2.html

My explorer.exe file is now running fine (after running the programs below), but I need to make sure my computer is completely clean.

I ran ATF-Cleaner, except for Firefox files.
I need to know if it's necessary to delete all those files?

I also ran CCleaner.

I ran MBA-M twice & removed several issues.
(I can provide the other logs if necessary.)
Here is the most recent log for MBA-M:

Malwarebytes' Anti-Malware 1.30
Database version: 1437
Windows 5.1.2600 Service Pack 3

11/30/2008 8:20:53 AM
mbam-log-2008-11-30 (08-20-52).txt

Scan type: Full Scan (C:\|)
Objects scanned: 232215
Time elapsed: 3 hour(s), 54 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{4DF7BEB3-E3D2-473C-B32D-682F2CA7D884}\RP718\A0096104.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


Here is the most recent HJT log after MBA-M & reboot:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:31:17 AM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\ADrive Backup\BackupNetworkCoordinator.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: VisualTool - {F3A54897-9E68-B11E-A37A-4D1422CE9CAA} - C:\Program Files\VisualTool\VisualTool-2.dll
O3 - Toolbar: Mirar - {41B35E5E-FF7A-410E-9DBF-2485FB45C003} - C:\WINDOWS\system32\windg77.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [\\JB-DESKTOP\EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P37 "\\JB-DESKTOP\EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX500 on EDESKTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P41 "Auto EPSON Stylus Photo RX500 on EDESKTOP" /O16 "\\EDESKTOP\EPSON" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [\\Edesktop\EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P35 "\\Edesktop\EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [Auto photo printer on EDESKTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P30 "Auto photo printer on EDESKTOP" /O24 "\\EDESKTOP\photo-printer" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send Using &Gmail - C:\Program Files\SnipIT\SnipIT\sendusinggmail.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: OAN - {41C2F42D-73F5-425e-AE57-37295D565C30} - C:\WINDOWS\system32\TRVerticalBar_.dll
O9 - Extra 'Tools' menuitem: OAN - {41C2F42D-73F5-425e-AE57-37295D565C30} - C:\WINDOWS\system32\TRVerticalBar_.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.i-relay.com
O15 - Trusted Zone: *.insuresocket.com
O16 - DPF: {03DAF7AB-380A-4810-BF22-EE6BAC91CD49} - http://unitedamerican.com/download/software/WorkSiteMarketing-Web/disk1/Automated%20SBR%20Worksheet.cab
O16 - DPF: {297AEB8E-D78B-427A-BBC2-E6496017D290} (AHLDSync.ctlDataSync) - https://allapp.ahlcorp.com/DataSync/Control/AHLDSync.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E9D0859-D51B-46FA-9E2F-352658ED880F} (Loinstaller Control) - http://www.conferencingnow.com/ConferenceWebServer/repository/loinstaller.cab
O16 - DPF: {975F9329-0F5F-48D2-ADF8-AEFB19DEFB5F} (ZohoMeeting Control) - http://meeting.zoho.com/login/Agent.jsp
O16 - DPF: {C004D14E-D66D-4350-82D7-F9D6895640BF} - https://www.unitedamerican.com/download/software/WorkSiteMarketing-Web/disk1/Automated%20SBR%20Worksheet.cab
O16 - DPF: {D14E25E5-9846-462E-AF08-ACB15B3F26DC} - http://unitedamerican.com/download/software/WorkSiteMarketing-Web/disk1/Automated%20SBR%20Worksheet.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5238271-D692-408F-A625-275DF49EE4E3} (AHLInfoUpdate.Login) - https://allapp.ahlcorp.com/InfoUpdate/Control/AHLInfoUpdate.CAB
O16 - DPF: {E6545011-41C1-41E8-A553-2457571D1BBC} (TimeDlgBox Class) - http://localhost:25684/Sessionctl/control/SessionCtl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6185D792-2553-4A7B-9EAB-EF020B70D4A4}: NameServer = 216.17.128.1,216.17.128.2
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Novosoft Backup Network Coordinator (NovosoftBackupNetworkCoordinator) - Unknown owner - C:\Program Files\ADrive Backup\BackupNetworkCoordinator.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe

--
End of file - 11222 bytes


And also the ESET Online Scanner Log showed several more issues, which I have not removed per the other post's instructions:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3651 (20081129)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=a8e844bdc8903149bcfd894c4b924647
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2008-11-30 09:17:48
# local_time=2008-11-30 02:17:48 (-0700, Mountain Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=651049
# found=14
# scan_time=11747
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PlayMPz6.zip Win32/Bagle.gen.zip worm AB07999B8B275CACAA9E43A5061B5A7B
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamyy.zip Win32/Bagle.gen.zip worm 65B241C77FF25F0F53113FCE063FAE2C
C:\Documents and Settings\Jona\Local Settings\Temp\upd8.tmp.exe Win32/Adware.BrowsingEnhancer application 92EC4A7204FD98481781B0B5833736AB
C:\Documents and Settings\Jona\Local Settings\Temp\upd8.tmp.exe »NSIS »ý € Win32/Adware.BrowsingEnhancer application 00000000000000000000000000000000
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe Win32/Adware.180Solutions application CD712B8A8D43E9E0190D00C7A5F910C3
C:\Program Files\BearShare\Installer\BSInstall5.2.5.1.exe »WISE »BearShareZangoInstaller.exe Win32/Adware.180Solutions application 00000000000000000000000000000000
C:\Program Files\VisualTool\VisualTool-1.dll Win32/Adware.BrowsingEnhancer application 3287B4C9F2EE9C98A9DE559F61164DEF
C:\Program Files\VisualTool\VisualTool-2.dll Win32/Adware.BrowsingEnhancer application 3287B4C9F2EE9C98A9DE559F61164DEF
C:\RECYCLER\S-1-5-21-874416496-1570978858-1087987074-500\Dc6.exe Win32/Adware.BrowsingEnhancer application 92EC4A7204FD98481781B0B5833736AB
C:\RECYCLER\S-1-5-21-874416496-1570978858-1087987074-500\Dc6.exe »NSIS »ý € Win32/Adware.BrowsingEnhancer application 00000000000000000000000000000000
C:\WINDOWS\Sm9uYQ\mA6Rsk.vbs Win32/Adware.ISearch application 387EDBB90A5275D1B464EB31F3162C40
C:\WINDOWS\system32\vtUoPGwx.dll Win32/Adware.Virtumonde application ECDD775F73CE046659CC62A283ED4CA7
C:\WINDOWS\system32\wvUmllLb.dll Win32/Adware.Virtumonde application ECDD775F73CE046659CC62A283ED4CA7
C:\WINDOWS\system32\dPI02\dPI022328.exe a variant of Win32/TrojanDownloader.VB.AWJ trojan 385617973CE54861E2E320B0689BD2E9


Any other information I can provide?
Thank you very much for your help resolving this.

Recommended Answers

All 11 Replies

Great job and very efficient following of instructions. Just the kind of threads I love!

I ran ATF-Cleaner, except for Firefox files.
I need to know if it's necessary to delete all those files?

I also ran CCleaner.

One program or the other is fine, but yes the ALL files found should be deleted some of the infections found by the ESET scanner were within all of these items probably located by one or the other program. Use CCleaner and have it Analyze and Run Cleaner.
Open your Spybot program and Clean out the Recovery. This is also where some items found by ESET were located. They wouldn't be dangerous but no need to keep them as you would not want to put them back, they are infections.
Now run the ESET Scanner again and this time let it Fix/Remove everything found. Save the log for posting here.
Reboot.
Run MBA-M again. Update it first. Then run again and Remove everything found.
Then run a new HJT scan and save the log.
Post back here with all requested logs.
Judy

MBA-M log showed no issues.


ESET scan log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3651 (20081129)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=a8e844bdc8903149bcfd894c4b924647
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-11-30 09:59:42
# local_time=2008-11-30 02:59:42 (-0700, Mountain Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=650568
# found=14
# scan_time=5452
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PlayMPz6.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinAgentamyy.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\Documents and Settings\Jona\Local Settings\Temp\upd8.tmp.exe Win32/Adware.BrowsingEnhancer application (deleted) 00000000000000000000000000000000
C:\Documents and Settings\Jona\Local Settings\Temp\upd8.tmp.exe »NSIS »ý € Win32/Adware.BrowsingEnhancer application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Program Files\VisualTool\VisualTool-2.dll Win32/Adware.BrowsingEnhancer application (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-874416496-1570978858-1087987074-1005\Dc1\Installer\BSInstall5.2.5.1.exe multiple infiltrations (deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-874416496-1570978858-1087987074-1005\Dc1\Installer\BSInstall5.2.5.1.exe »WISE »BearShareZangoInstaller.exe Win32/Adware.180Solutions application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-874416496-1570978858-1087987074-1005\Dc1\Installer\BSInstall5.2.5.1.exe »WISE »MyGlobalSearch.exe a variant of Win32/Toolbar.MyWebSearch application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-874416496-1570978858-1087987074-500\Dc6.exe Win32/Adware.BrowsingEnhancer application (deleted) 00000000000000000000000000000000
C:\RECYCLER\S-1-5-21-874416496-1570978858-1087987074-500\Dc6.exe »NSIS »ý € Win32/Adware.BrowsingEnhancer application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\WINDOWS\Sm9uYQ\mA6Rsk.vbs Win32/Adware.ISearch application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\vtUoPGwx.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\wvUmllLb.dll Win32/Adware.Virtumonde application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINDOWS\system32\dPI02\dPI022328.exe a variant of Win32/TrojanDownloader.VB.AWJ trojan (unable to clean - deleted) 00000000000000000000000000000000

not sure what to do with those "error while deleting" files from ESET?


HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:07:03 PM, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Jona\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: VisualTool - {F3A54897-9E68-B11E-A37A-4D1422CE9CAA} - C:\Program Files\VisualTool\VisualTool-2.dll (file missing)
O3 - Toolbar: Mirar - {41B35E5E-FF7A-410E-9DBF-2485FB45C003} - C:\WINDOWS\system32\windg77.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [\\JB-DESKTOP\EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P37 "\\JB-DESKTOP\EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX500 on EDESKTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P41 "Auto EPSON Stylus Photo RX500 on EDESKTOP" /O16 "\\EDESKTOP\EPSON" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [\\Edesktop\EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P35 "\\Edesktop\EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [Auto photo printer on EDESKTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P30 "Auto photo printer on EDESKTOP" /O24 "\\EDESKTOP\photo-printer" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send Using &Gmail - C:\Program Files\SnipIT\SnipIT\sendusinggmail.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: OAN - {41C2F42D-73F5-425e-AE57-37295D565C30} - C:\WINDOWS\system32\TRVerticalBar_.dll
O9 - Extra 'Tools' menuitem: OAN - {41C2F42D-73F5-425e-AE57-37295D565C30} - C:\WINDOWS\system32\TRVerticalBar_.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.i-relay.com
O15 - Trusted Zone: *.insuresocket.com
O16 - DPF: {03DAF7AB-380A-4810-BF22-EE6BAC91CD49} - http://unitedamerican.com/download/software/WorkSiteMarketing-Web/disk1/Automated%20SBR%20Worksheet.cab
O16 - DPF: {297AEB8E-D78B-427A-BBC2-E6496017D290} (AHLDSync.ctlDataSync) - https://allapp.ahlcorp.com/DataSync/Control/AHLDSync.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E9D0859-D51B-46FA-9E2F-352658ED880F} (Loinstaller Control) - http://www.conferencingnow.com/ConferenceWebServer/repository/loinstaller.cab
O16 - DPF: {975F9329-0F5F-48D2-ADF8-AEFB19DEFB5F} (ZohoMeeting Control) - http://meeting.zoho.com/login/Agent.jsp
O16 - DPF: {C004D14E-D66D-4350-82D7-F9D6895640BF} - https://www.unitedamerican.com/download/software/WorkSiteMarketing-Web/disk1/Automated%20SBR%20Worksheet.cab
O16 - DPF: {D14E25E5-9846-462E-AF08-ACB15B3F26DC} - http://unitedamerican.com/download/software/WorkSiteMarketing-Web/disk1/Automated%20SBR%20Worksheet.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5238271-D692-408F-A625-275DF49EE4E3} (AHLInfoUpdate.Login) - https://allapp.ahlcorp.com/InfoUpdate/Control/AHLInfoUpdate.CAB
O16 - DPF: {E6545011-41C1-41E8-A553-2457571D1BBC} (TimeDlgBox Class) - http://localhost:25684/Sessionctl/control/SessionCtl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6185D792-2553-4A7B-9EAB-EF020B70D4A4}: NameServer = 216.17.128.1,216.17.128.2
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe

--
End of file - 11114 bytes

Any further thoughts?...

:)
Thanks!

not sure what to do with those "error while deleting" files from ESET?

These files were just part of deleted objects.

Any further thoughts?...

Yes, a BIG one...Where is your anti-virus program and where is your firewall. You are not running either one. You are very lucky you don't have many more infections on the computer.
There are some very good Free anti-virus programs, download ONE and install and update it.
Antivir
Avast
AVG8
You choose. But you MUST install and use an anti-virus program. Same goes for the firewall. There are several good free ones out there, also of course Windows XP has the built in firewall.
Run HJT again and place check marks next to the following entries if they remain:

O2 - BHO: VisualTool - {F3A54897-9E68-B11E-A37A-4D1422CE9CAA} - C:\Program Files\VisualTool\VisualTool-2.dll (file missing)
O3 - Toolbar: Mirar - {41B35E5E-FF7A-410E-9DBF-2485FB45C003} - C:\WINDOWS\system32\windg77.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Once you have placed the check marks click the Fix Checked button.
Exit HJT.
Reboot.
Run another HJT scan and post the log. Please don't print it in italics or color, that makes it very hard to read.
Judy

Any opinion on the Anti-virus program selection?

I have used all three, not at the same time of course. I liked AVG8 but found it slowed my system. I tried AVAST but didn't care for it's interface, personal opinion really. I now have used Antivir for probably 6 months. I like it quite well. It updates regularly. Free version does not allow for scheduling scans but I don't mind doing them manually once a week or more often if I am concerned about something.
It's really just a matter of what you like really. I am pleased with Antivir protection so that is the one I would recommend but had not complaint about protection factor of the other two either.

HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:29 PM, on 12/3/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Anagram\anagram.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MozyHome\mozystat.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [\\JB-DESKTOP\EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P37 "\\JB-DESKTOP\EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX500 on EDESKTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P41 "Auto EPSON Stylus Photo RX500 on EDESKTOP" /O16 "\\EDESKTOP\EPSON" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [\\Edesktop\EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P35 "\\Edesktop\EPSON Stylus Photo RX500" /O6 "USB002" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [Auto photo printer on EDESKTOP] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P30 "Auto photo printer on EDESKTOP" /O24 "\\EDESKTOP\photo-printer" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "c:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Anagram.lnk = C:\Program Files\Anagram\anagram.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send Using &Gmail - C:\Program Files\SnipIT\SnipIT\sendusinggmail.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: OAN - {41C2F42D-73F5-425e-AE57-37295D565C30} - C:\WINDOWS\system32\TRVerticalBar_.dll
O9 - Extra 'Tools' menuitem: OAN - {41C2F42D-73F5-425e-AE57-37295D565C30} - C:\WINDOWS\system32\TRVerticalBar_.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O15 - Trusted Zone: *.i-relay.com
O15 - Trusted Zone: *.insuresocket.com
O16 - DPF: {03DAF7AB-380A-4810-BF22-EE6BAC91CD49} - http://unitedamerican.com/download/software/WorkSiteMarketing-Web/disk1/Automated%20SBR%20Worksheet.cab
O16 - DPF: {297AEB8E-D78B-427A-BBC2-E6496017D290} (AHLDSync.ctlDataSync) - https://allapp.ahlcorp.com/DataSync/Control/AHLDSync.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8E9D0859-D51B-46FA-9E2F-352658ED880F} (Loinstaller Control) - http://www.conferencingnow.com/ConferenceWebServer/repository/loinstaller.cab
O16 - DPF: {975F9329-0F5F-48D2-ADF8-AEFB19DEFB5F} (ZohoMeeting Control) - http://meeting.zoho.com/login/Agent.jsp
O16 - DPF: {C004D14E-D66D-4350-82D7-F9D6895640BF} - https://www.unitedamerican.com/download/software/WorkSiteMarketing-Web/disk1/Automated%20SBR%20Worksheet.cab
O16 - DPF: {D14E25E5-9846-462E-AF08-ACB15B3F26DC} - http://unitedamerican.com/download/software/WorkSiteMarketing-Web/disk1/Automated%20SBR%20Worksheet.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5238271-D692-408F-A625-275DF49EE4E3} (AHLInfoUpdate.Login) - https://allapp.ahlcorp.com/InfoUpdate/Control/AHLInfoUpdate.CAB
O16 - DPF: {E6545011-41C1-41E8-A553-2457571D1BBC} (TimeDlgBox Class) - http://localhost:25684/Sessionctl/control/SessionCtl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6185D792-2553-4A7B-9EAB-EF020B70D4A4}: NameServer = 216.17.128.1,216.17.128.2
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - SDSD - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Unknown owner - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe

--
End of file - 12603 bytes


-------------------------------------------------------


I also installed & ran Antivir, which found 25 issues.
The ESET scanner came back with no problems after the last run.

--------------------------------

So thank you very much for your help.
Would you say my computer is clean now?


Also, I am wondering about what all I am doing for protection & what is the difference of each program.
Spybot S&D
MBA-M
Antivir
Ad-Aware
CCleaner
AFT-Cleaner
HijackThis

I'm not clear on the differences of each of these, & when I should use them & how often.
Can you point me to the answer or provide some explanation?

Again, thank you.

Also, I am wondering about what all I am doing for protection & what is the difference of each program.
Spybot S&D
MBA-M
Antivir
Ad-Aware
CCleaner
AFT-Cleaner
HijackThis

I'm not clear on the differences of each of these, & when I should use them & how often.
Can you point me to the answer or provide some explanation?

Happy to do that shortly but one more thing you MUST to is update your java. Yours is WAY, WAY out of date. Current version is 6 update 11. Having out of date java can also raise security issues so it should be kept up to date.
You need to go HERE Download the Offline Install and save it to your desktop but DON'T install yet.
Once you have downloaded then go to Start, Control Panel, Add/Remove and Uninstall ALL versions of java you find there.
Once all have been uninstalled then go back to the desktop and with all browsers closed, double click the java install to install the newest version. Once the new version is installed then go back to that download page and on the right side you will see Verify Now. Click that to verify that the installation was successful.
Back shortly with explanation of the security programs noted and what to do with them.
Judy

Java updated & verified.
Thanks.

My question about what to we're doing is so I can understand & hopefully be able to catch the things you are doing so quickly.

Now for your security programs:
You can remove HiJackThis, you don't need this anymore. It should be used only when requested by a forum helper. It is not generally considered a clean up/fixer program but a scanner/investigative program really, though certain fixes of course are done with it when instructed to do so. Random use and removal without instruction can lead to damage to the computer if you really don't know for sure what you are fixing so it is always advisable to remove it once clean-up is complete.

As I told you I use Antivir and I see you've installed it also. I really like it a lot. It does auto update which I like, even though it has that annoying pop-up add for their paid version whenever it updates you just "X" it out. You have to run scans manually but if you make it a habit to run all these scans on a specific day and time then you will think nothing of it AND keep your computer running cleanly and smoothly.

ATF-Cleaner is a great cleanup program to keep, gets rid of the temp files and cookies, etc.

CCleaner is also a good one, does a bit more than ATF. You can keep it if you wish but only use the default settings. I have both on my system but ATF is the one I use on a regular basis.

Spybot Search and Destroy
is excellent and one to keep but DO NOT use the TeaTimer portion of the program. It can interfere with fixes/removals done by HiJackThis for sure and quite possibly other programs like an anti-virus scanner or anti-malware scanner. But it does an excellent job of removing adware and spyware. Keep it updated and use it at least weekly and have it remove/quarantine what ever it finds.

MBA-M is the top of the line right now. As you have seen it removes lots of nasty items. It shouldn't run at start up, but should be used for scanning at least once a week, maybe more often depending on your surfing habits. Always update it before each scan. This program often has updates daily, sometimes twice a day, so always be sure it is updated before you scan with it. Unless you suspect something really bad on the computer the Quick Scan is usually sufficient for weekly scans. If you do one of these and a lot is found then it might be prudent to run another Full System scan immediately just to be safe, but Quick Scan usually does the trick.

Adaware...well I used to use it, don't anymore. Just found with this new version it wasn't as up to date as the others and I just don't like something that installs itself as a service without my ok. So I have removed it. Not a bad program but the others do as well or better and this is why I don't use it anymore. But if you choose to keep it fine, if not Uninstall it via Add/Remove

The one I would add is SpywareBlaster from Javacool. Frankly I wouldn't run a computer without it. It will protect your computer against spyware, adware, browser hijackers, and dialers and to quote from their website

Multi-Angle Protection

* Prevent the installation of ActiveX-based spyware and other potentially unwanted programs.
* Block spying / tracking via cookies.
* Restrict the actions of potentially unwanted or dangerous web sites.
No-Nonsense Security
SpywareBlaster can help keep your system secure, without interfering with the "good side" of the web. And unlike other programs, SpywareBlaster does not have to remain running in the background. It works alongside the programs you have to help secure your system.

Download it, install it, update it, enable all, INCLUDING it's Restricted Sites protection and close the program. It DOES NOT run in the background. Check for updates once a week, install them if they are available, enable the new protection and close the program again. That's it.

Hope I have answered your questions concerning the security programs. All of the above are FREE and really very simple to use. You should do fine with all of them. With all of them, when one of the scans finds something have it fix/remove or quarantine whatever is found. Keep that quarantine file for a week or so, if all seems ok, you can delete them.
Anything else?
Judy

Think that's it for now.
Thanks again!

Happy I could help.
Judy

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.