xmedx

Question

ed_shaw 0 Light Poster

13 Years Ago

I got nailed with xmedx emails going out to my Yahoo.mail contact list. I deactivated the yahoo account and asked it be on the list for permanent deletion. Then the FaceBook account started sending out xmedx mail and some kind of online chocolates store. So I
deactivated the Facebook account and reinvented myself on FaceBook. I use Spybot and RegEdit, AVG Free Anti Virus. I wish I knew where the virus is. Last time I ran RegEdit and Spybot there was nothing noted. It's embarrassing.

I use win2000P and Opera.

Here is a Malwarebyte Log. Five infections. Pressed "Fix"

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4796

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

10/11/2010 6:26:51 PM
mbam-log-2010-10-11 (18-26-51).txt

Scan type: Quick scan
Objects scanned: 108959
Time elapsed: 8 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://bing.zugo.com/?cfg=2-76-0-11xf7) Good: (http://www.google.com) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

windows-virus

Edited 13 Years Ago by ed_shaw because: n/a

2 Contributors
33 Replies
468 Views
1 Week Discussion Span
Latest Post 13 Years Ago Latest Post by jholland1964

All 33 Replies

jholland1964 650 Posting Expert

13 Years Ago

Hi Ed, welcome to daniweb.

RegEdit is certainly NOT tool to run to remove infections, you need to know what registry entries ARE infected before attempting this.
Your MBA-M shows you only ran a Quick Scan and No Action Taken. Did you reboot after running MBA-M? This is one of the things you must always do when using MBA-M to remove infection.

Update MBA-M and run a Full Scan. Have it Remove everything found REBOOT and then go into MBA-M and copy/paste the last log in the Log tab back here.

I would like to see a system scan log done with HiJackThis

http://free.antivirus.com/hijackthis/

Edited 13 Years Ago by jholland1964 because: n/a

jholland1964 650 Posting Expert

13 Years Ago

Oh, I meant to say RegCure, not RegEdit.
Doesn't matter, using a registry cleaner regardless is always a bad idea. Too much damage can be done. There is never a good reason to use a registry cleaner, optimizer, whatever.
Good tools like MBA-M will automatically clean out infected registry entries there really is hardly ever a good reason to "play" with the registry. Uninstall RegCure and continue with steps given.

jholland1964 650 Posting Expert

13 Years Ago

I would like to see an Uninstall List generated by using HiJackThis. To do this do the following:
Open HiJackThis
Click on Msc. Tools button
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad into a reply

After that do the following:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.
You will need to use Internet Explorer to to complete this scan.
You will need to temporarily Disable your current Anti-virus program.
Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.
Please Reboot the computer.
Post back with the log from the ESET Scanner.

jholland1964 650 Posting Expert

13 Years Ago

Hope you now see WHY we insist on all P2P programs be uninstalled. Look at those infected files you got from using P2P. This is one of the easiest ways to get some really bad infections.
Here is information about the infection removed by ESET which adds proof to this from ESET
WMA/TrojanDownloader.GetCodec has ranked fifth on ESET’s threat list
Win32/GetCodec.A is a type of malware that modifies media files. This Trojan converts all media files found on a computer to the WMA format and adds a field to the header that includes a URL pointing the user to a new codec, claiming that the codec has to be downloaded so that the media files can be read. WMA/TrojanDownloader.GetCodec.Gen is a downloader closely related to Wimad.N which facilitates infection by GetCodec variants like Win32/GetCodec.A

Note that is says it converts ALL media files on the computer. You cannot now assume that ANY of your media files on the computer are not carrying this Trojan but possibly have not yet been activated. Each time one of these files is accessed then the trigger will be pulled and this will then bring in more and more, that is what it was designed to do.

I note in your HiJackThis log that you obviously have an iPod. Yes, iPods also can become infected and then infect any computer they may be plugged into.
This is exactly WHY P2P sharing is so very dangerous. These infected files can also be spread via flash drives, floppy disks, CD's that you burn. Anyway that you happen to share this music the infections can go along with this sharing. So yes, P2P is a wonderful, and illegal way, to obtain music you want for free but as you now see you get a LOT of other things for free that you had not counted on. You must now presume that ALL the music on your computer and possibly your iPod has been compromised and infected. It only takes ONE infected file to infect literally hundreds of others. You have put your computer and yes your iPod at risk. Even music you obtained legally by paying for it is now at risk because this trojan will convert ALL media files to WMA files.

The one program you need to uninstall for sure is that RegCure. As stated earlier there is no reason at all to ever use a Registry cleaning, boosting, whatever program.

I would like you to run this program: Sophos Anti-Rootkit
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
* Double-click sar_15_sfx.exe to begin the installation, read the license agreement and click Accept.
* Allow the default location of C:\Program Files\Sophos\Sophos Anti-Rootkit and click Install.
* A message will appear "Sophos Anti-Rootkit was successfully installed. Click 'yes' to start it now".
* Click Yes and allow the driver and its randomly named .tmp file (i.e. F.tmp) to load if asked.
* If the scan did not start automatically, make sure the following are checked:
o Running processes
o Windows Registry
o Local Hard Drives
* Click Start scan.
* Sophos Anti-Rootkit will scan the selected areas and display any suspicious files in the upper panel.
* When the scan is complete, a pop-up screen will appear with "Rootkit Scan Results". Click OK to continue.
* Click on the suspicious file to display more information about it in the lower panel which also includes whether the item is recommended for removal.
o Files tagged as Removable: No are not marked for removal and cannot be removed.
o Files tagged as Removable: Yes (clean up recommended) are marked for removal by default.
o Files tagged as Removable: Yes (but clean up not recommended) are not marked for removal because Sophos did not recognize them. These files will require further investigation.
* Select only items recommended for removal, then click "Clean up checked items". You will be asked to confirm, click Yes.
* A pop up window will appear advising the cleanup will finish when you restart your computer. Click Restart Now.
* After reboot, a dialog box displays the files you selected for removal and the action taken.
* Click Empty list and then click Continue to re-scan your computer a second time to ensure everything was cleaned.
* When done, go to Start > Run and type or copy/paste: %temp%\sarscan.log
* This should open the log from the rootkit scan. Please post this log in your next reply. If you have a problem, you can find sarscan.log in C:\Documents and Settings\<username>\Local Settings\Temp\.
Post back with that log.

Edited 13 Years Ago by jholland1964 because: n/a

jholland1964 650 Posting Expert

13 Years Ago

No it certainly ISN'T time to close the thread. You haven't completed cleaning the computer yet.
Of course the choice is yours, but the computer has not yet been deemed 100% clean. If you don't want to clean it up it is your choice but then I would advise that you stop using this computer entirely. I know I wouldn't use it until all infection was cleaned off and I knew that for certain.
The computer can be cleaned. If you don't want to then we can close the thread. Basically you have three choices; continue with the clean up, or stop using the computer completely and get another to use online, or completely reformat and reload.

Edited 13 Years Ago by jholland1964 because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

ed_shaw 0 Light Poster · Answer 1 · 2010-10-12T08:14:08+00:00

GMER Log One
Can't Find Log Two yet

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-10-11 19:08:42
Windows 5.0.2195 Service Pack 4
Running: d7587wh2.exe; Driver: C:\DOCUME~1\Ed\LOCALS~1\Temp\uwniafod.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

ed_shaw 0 Light Poster · Answer 2 · 2010-10-12T18:53:20+00:00

Thanks, jholland...after work today. Oh, I meant to say RegCure, not RegEdit.

ed_shaw 0 Light Poster · Answer 3 · 2010-10-13T05:39:59+00:00

OK, Thanks. If I had known I could get this kind of help, I would have left Yahoo.mail and Facebook alone and let them keep using me. Well, anyway, I hope the virus is still on there somewhere. Here is the full scan with MBAM....clicked fix one infection...and the Hijack Log if I did it right. I just kind of cobble together a patchwork of security programs, otherwise, pretty much of a slacker:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4796

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

10/12/2010 5:17:08 PM
mbam-log-2010-10-12 (17-17-08).txt

Scan type: Full scan (C:\|)
Objects scanned: 466024
Time elapsed: 1 hour(s), 23 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------Hijack-----------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:30:03 PM, on 10/12/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: BTTray.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://ra.qwest.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210915246421
O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} - http://activex.camfrogweb.com/basic/cfweb_activex.camfrogweb.com-basic_instmodule.exe
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe

--
End of file - 9887 bytes

Thanks for doing this.

ed_shaw 0 Light Poster · Answer 4 · 2010-10-14T10:05:23+00:00

Could not find a way to disable AVG Free.
Deleted Limewire three days ago per DaniWeb instructions

Hijack This Uninstall Log:
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Reader 9.4.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Ahead Nero Burning ROM
Ahead NeroMediaPlayer
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free 9.0
Billionton Bluetooth Software
CleanUp!
Compatibility Pack for the 2007 Office system
Google Earth
Google Update Helper
HiJackThis
Hotfix for MDAC 2.53 (KB927779)
Hotfix for Microsoft .NET Framework 2.0 Service Pack 1 (KB953300)
Hotfix for Microsoft .NET Framework 2.0 Service Pack 1 (KB971110)
HP LaserJet 1200 Uninstaller
InterVideo WinDVD 4
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB971108)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MIDI-OX
Midisport 2x2 1.0.1.0
Mozilla Firefox (3.6.6)
Nikon View 6
Opera 10.62
Philips SPC 900NC PC Camera
Philips VLounge
QuickTime
Realtek AC'97 Audio
RegCure
Remove on Reboot Shell Extension
Security Update for DirectX 9 (KB941568)
Security Update for DirectX 9 (KB951698)
Security Update for DirectX 9.0 (KB971633)
Security Update for DirectX 9.0 (KB975560)
Security Update for DirectX 9.0 (KB975562)
Security Update for DirectX 9.0 (KB976138)
Security Update for DirectX 9.0b (KB961373)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB977816)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 6.4 (KB954600)
Security Update for Windows Media Player 6.4 (KB974112)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Media Player 9 (KB973540)
SIPPS
Skype™ 3.8
Smart Link 56K Modem
SONY XDCAM EX Clip Browsing Software
Spybot - Search & Destroy
Suite Specific
SxS device driver
Update Rollup 1 for Windows 2000 SP4
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB883939
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923561
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938127
Windows 2000 Hotfix - KB938464
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB941202
Windows 2000 Hotfix - KB941568
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB941693
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944338
Windows 2000 Hotfix - KB945553
Windows 2000 Hotfix - KB947864
Windows 2000 Hotfix - KB948590
Windows 2000 Hotfix - KB948881
Windows 2000 Hotfix - KB950749
Windows 2000 Hotfix - KB950759
Windows 2000 Hotfix - KB950760
Windows 2000 Hotfix - KB950974
Windows 2000 Hotfix - KB951066
Windows 2000 Hotfix - KB951748
Windows 2000 Hotfix - KB951748-V2
Windows 2000 Hotfix - KB952004
Windows 2000 Hotfix - KB952954
Windows 2000 Hotfix - KB953838
Windows 2000 Hotfix - KB953839
Windows 2000 Hotfix - KB954211
Windows 2000 Hotfix - KB955069
Windows 2000 Hotfix - KB955759
Windows 2000 Hotfix - KB956390
Windows 2000 Hotfix - KB956391
Windows 2000 Hotfix - KB956802
Windows 2000 Hotfix - KB956844
Windows 2000 Hotfix - KB957095
Windows 2000 Hotfix - KB957097
Windows 2000 Hotfix - KB958215
Windows 2000 Hotfix - KB958470
Windows 2000 Hotfix - KB958644
Windows 2000 Hotfix - KB958687
Windows 2000 Hotfix - KB958690
Windows 2000 Hotfix - KB958869
Windows 2000 Hotfix - KB959426
Windows 2000 Hotfix - KB960225
Windows 2000 Hotfix - KB960714
Windows 2000 Hotfix - KB960715
Windows 2000 Hotfix - KB960803
Windows 2000 Hotfix - KB960859
Windows 2000 Hotfix - KB961371
Windows 2000 Hotfix - KB961371-V2
Windows 2000 Hotfix - KB961501
Windows 2000 Hotfix - KB963027
Windows 2000 Hotfix - KB967715
Windows 2000 Hotfix - KB968537
Windows 2000 Hotfix - KB969059
Windows 2000 Hotfix - KB969897
Windows 2000 Hotfix - KB969898
Windows 2000 Hotfix - KB969947
Windows 2000 Hotfix - KB970238
Windows 2000 Hotfix - KB971468
Windows 2000 Hotfix - KB971486
Windows 2000 Hotfix - KB971557
Windows 2000 Hotfix - KB971961
Windows 2000 Hotfix - KB972260
Windows 2000 Hotfix - KB972270
Windows 2000 Hotfix - KB973346
Windows 2000 Hotfix - KB973354
Windows 2000 Hotfix - KB973507
Windows 2000 Hotfix - KB973525
Windows 2000 Hotfix - KB973869
Windows 2000 Hotfix - KB973904
Windows 2000 Hotfix - KB974318
Windows 2000 Hotfix - KB974392
Windows 2000 Hotfix - KB974455
Windows 2000 Hotfix - KB974571
Windows 2000 Hotfix - KB976325
Windows 2000 Hotfix - KB976749
Windows 2000 Hotfix - KB977165-V2
Windows 2000 Hotfix - KB977914
Windows 2000 Hotfix - KB978037
Windows 2000 Hotfix - KB978207
Windows 2000 Hotfix - KB978251
Windows 2000 Hotfix - KB978262
Windows 2000 Hotfix - KB978542
Windows 2000 Hotfix - KB978601
Windows 2000 Hotfix - KB978706
Windows 2000 Hotfix - KB979309
Windows 2000 Hotfix - KB979482
Windows 2000 Hotfix - KB979559
Windows 2000 Hotfix - KB979683
Windows 2000 Hotfix - KB980182
Windows 2000 Hotfix - KB980195
Windows 2000 Hotfix - KB980218
Windows 2000 Hotfix - KB980232
Windows 2000 Hotfix - KB981350
Windows 2000 Hotfix - KB982381
Windows 2000 Hotfix (SP5) Q818043
Windows Installer 3.1 (KB893803)
Windows Live OneCare safety scanner
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinZip
Wisdom-soft Set up ScreenHunter 5.1 Pro

----------------ESET Log Oct 13, 2010--------------------------------

ESET Log (Full of Limewire files. Note, I deleted Limewire
a few days ago and rarely have used it in the past year.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2800.1106
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=df84bff73c6dc64bab5e6e33b96b4272
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-14 01:00:08
# local_time=2010-10-13 07:00:08 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=5.0.2195 NT Service Pack 4
# scanned=361265
# found=6
# cleaned=6
# scan_time=8424
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ed\Desktop\Music and Video\Limewire Shared\anonymous four (new album).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ed\Desktop\Music and Video\Limewire Shared\heart of stone rolling stones [club mix].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ed\Desktop\Music and Video\Limewire Shared\hobos meditation rodgers.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ed\Desktop\Music and Video\Limewire Shared\in sweet bye anonymous four [extended concert version].mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Ed\My Documents\My Music\Incomplete\T-3435053-Louis Armstrong - What a Wonderful world.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C

----------------------------end-----------------------------------------

ed_shaw 0 Light Poster · Answer 5 · 2010-10-15T07:32:49+00:00

Wed. Oct 13th 2010: Deleted iTunes and all iPod related folders
Ran Sophos Once. Will run Sophos again tomorrow.
--------------------Sophos Log-------------------

Sophos Anti-Rootkit Version 1.5.4 (c) 2009 Sophos Plc
Started logging on 10/14/2010 at 18:17:26 PM
User "Ed" on computer "ED-0AA9075E6FE4"
Windows version 5.0 SP 4.0 Service Pack 4 build 2195 SM=0x0 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Program Files\Spybot - Search & Destroy\SDFiles.exe
Hidden: file C:\WINNT\system32\ati2evxx.dll
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\01_Audio\01_Audio\Ap\RtlRack.exe
Hidden: file C:\Program Files\AvRack\rtlrack.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\bluetooth\Bluetooth\bsetup.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_03_31_2010(2).exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\MEJFPNFDOYCPQAVP.scr
Hidden: file C:\Program Files\Spybot - Search & Destroy\SDShred.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_03_31_2010.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Cleaners From Dani\d7587wh2.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_10_02_2009(2).exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\AVS Audio\AVSAudioEditor.exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe
Hidden: file C:\Program Files\Lavasoft\Ad-Aware 2007\ProcessWatch.exe
Hidden: file C:\Program Files\Lavasoft\Ad-Aware 2007\HostFileEditor.exe
Hidden: file C:\Program Files\FileZilla FTP Client\uninstall.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_10_02_2009.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_11_20_2009.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\AVS Audio\audacity-win-1.2.6.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Current Documents\Setup.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\Sony PMW EX1 Software\PMW EX1 Clip Browser\setup.exe
Hidden: file C:\Program Files\InstallShield Installation Information\{0134A1A1-C283-4A47-91A1-92F19F960372}\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe Bridge\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe Bridge\browser\opera.dll
Hidden: file C:\Program Files\Adobe\Adobe Bridge\browser\xmlparse.dll
Hidden: file C:\Program Files\Adobe\Adobe Bridge\browser\es262-32.dll
Hidden: file C:\Program Files\Adobe\Adobe Help Center\Browser\xmlparse.dll
Hidden: file C:\Program Files\Adobe\Adobe Help Center\Browser\es262-32.dll
Hidden: file C:\Program Files\Adobe\Adobe Help Center\Browser\opera.dll
Hidden: file C:\Program Files\Adobe\Adobe Photoshop CS2\ImageReady.exe
Hidden: file C:\Program Files\Adobe\Adobe Photoshop CS2\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe InDesign CS2\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\aglfab.dll
Hidden: file C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Support.dll
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\cmdsupt.dll
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\AdobeUpdateManager.exe
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\plug_ins\Preflight\PreflightLib.dll
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\PDFMaker\Office\PDFMAccess.dll
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\AdobeLM.dll
Hidden: file C:\Documents and Settings\Ed\My Documents\My Webs\FileZilla_3.0.11.1_win32-setup.exe
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\Required\Opera\xmlparse.dll
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\Required\Opera\es262-32.dll
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\Required\Opera\opera.dll
Hidden: file C:\Program Files\Common Files\Adobe\Updater\AdobeUpdaterApp.dll
Hidden: file C:\WINNT\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
Hidden: file C:\Program Files\Ahead\Nero\SHORTCUT.DLL
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\Programs Downloaded\FileZilla_3.0.11_win32-setup.exe
Hidden: file C:\Program Files\Common Files\Ahead\Lib\NeroCBUI.dll
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\Programs Downloaded\delreb_setup-1.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\RegistryPatrol_Trial.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\CleanUp452.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\QWest setup
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\Programs Downloaded\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe
Hidden: file C:\Program Files\Registry Patrol\MemWarp.dll
Hidden: file C:\WINNT\system32\MemWarp.dll
Hidden: file C:\Program Files\PrintScreenPro45_Setup.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_11_20_2009(2).exe
Hidden: file C:\Program Files\Little Registry Cleaner\uninstall.exe
Hidden: file C:\Program Files\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\LimeWireWin(3).exe
Hidden: file C:\Documents and Settings\Ed\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
Hidden: file C:\Program Files\Porpoise Media\Screen Grabber\ScreenGrabber.exe
Hidden: file C:\Program Files\SigisSC1Setup.exe
Hidden: file C:\Program Files\Wisdom-soft ScreenHunter 5 Pro\KillScreenHunter.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Cleaners From Dani\dds.scr
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Cleaners From Dani\8xu0v48n.exe
Hidden: file C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\My Music\iTunes\iTunes Music\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Unknown Album\Dont Think Twice.mp3
Hidden: file C:\Documents and Settings\Ed\My Documents\My Music\iTunes\iTunes Music\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Unknown Album\I Woulda Danced With You More.mp3
Hidden: file C:\Documents and Settings\Ed\My Documents\My Music\iTunes\iTunes Music\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Unknown Album\St. Patrick's Day at The M&M.mp3
Hidden: file C:\Program Files\Ahead\ImageDrive\ImageDrive.exe
Hidden: file C:\Program Files\Ahead\NeroMediaPlayer\SHORTCUT.DLL
Hidden: file C:\WINNT\UNNMP.exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\Updates\advcheck165.exe
Hidden: file C:\Documents and Settings\Ed\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\Fender G-DEC 30\Prosonic Country Backings\Windows Unzipped\Country_Folk--Percussion--Volume-4--v2.1.exe
Hidden: file C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll
Hidden: file C:\WINNT\PaltalkScene\uninstall.exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\advcheck.dll
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\mbzzzigp.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\Sony PMW EX1 Software\SxS Drivers MAC and WIN\SxS_Driver_Win_Installer_v1_00_08030.exe
Hidden: file C:\Program Files\InstallShield Installation Information\{D2D8328B-F031-4F69-8621-250701844E9A}\ISSetup.dll
Hidden: file C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\SxS_Driver_Win_Installer_v1_00_08030.exe
Hidden: file C:\Program Files\JAMMER SongMaker 5\All\JAMMER SongMaker.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\Fender G-DEC 30\midc_32355.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\CamStudio20.exe
Hidden: file C:\Program Files\PC Pitstop\optimize3-setup-1031.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\LimeWireWin(2).exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\PC Pitstop\optimize3-setup-1031.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Current Documents\My Literary\Power Women\HandBrake-0.9.3-Win_GUI.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\LimeWireWin.exe
Hidden: file C:\Program Files\Nikon\NkView6\NikonPrint.dll
Hidden: file C:\Program Files\Nikon\NkView6\Nikon Editor\NikonPrint.dll
Hidden: file C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe
Hidden: file C:\Program Files\NCH Software\Components\aacdec\aacdec.exe
Hidden: file C:\Program Files\Search Toolbar\tbcore3.dll
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\InboxEmailNotifierSetup.exe
Hidden: file C:\Program Files\Common Files\Ahead\DSFilter\NDxGui.dll
Hidden: file C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\privoxy-setup-3.0.15.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\privoxy-setup-3.0.15(2).exe
Stopped logging on 10/14/2010 at 19:07:02 PM

-----------------------end Sophos Log-------------------------

ed_shaw 0 Light Poster · Answer 6 · 2010-10-17T07:28:07+00:00

I am going to rerun Sophos, per instructions.
I can't tell you how much I appreciate the assistance. Without going into a lot of detail, I own an offline Mac devoted to only audio visual editing and was heading for trouble by shuffling MP3 content back and forth with a thumb drive. I had almost forgotten about the "curious George" episode with P2P, and thankfully, only transferred Band in the Box files that originated on the MAC from the MAC to the WIN
and only to play on the iPod. What was at risk was a camera, recorder, FCP and Garage Band, and the both machines. I scanned the MAC and it looks OK. What an idiot I am.
I am not saying the problem is solved, cause I don't really know. But ask, is it time to close this thread before it gets out of control or could there be other issues relevant to the problem that could keep the thread open?

ed_shaw 0 Light Poster · Answer 7 · 2010-10-17T08:47:44+00:00

2nd Sarscan Run
No fix errors box

Sophos Anti-Rootkit Version 1.5.4 (c) 2009 Sophos Plc
Started logging on 10/14/2010 at 18:17:26 PM
User "Ed" on computer "ED-0AA9075E6FE4"
Windows version 5.0 SP 4.0 Service Pack 4 build 2195 SM=0x0 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Program Files\Spybot - Search & Destroy\SDFiles.exe
Hidden: file C:\WINNT\system32\ati2evxx.dll
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\01_Audio\01_Audio\Ap\RtlRack.exe
Hidden: file C:\Program Files\AvRack\rtlrack.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\bluetooth\Bluetooth\bsetup.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_03_31_2010(2).exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\MEJFPNFDOYCPQAVP.scr
Hidden: file C:\Program Files\Spybot - Search & Destroy\SDShred.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_03_31_2010.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Cleaners From Dani\d7587wh2.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_10_02_2009(2).exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\AVS Audio\AVSAudioEditor.exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe
Hidden: file C:\Program Files\Lavasoft\Ad-Aware 2007\ProcessWatch.exe
Hidden: file C:\Program Files\Lavasoft\Ad-Aware 2007\HostFileEditor.exe
Hidden: file C:\Program Files\FileZilla FTP Client\uninstall.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_10_02_2009.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_11_20_2009.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\AVS Audio\audacity-win-1.2.6.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Current Documents\Setup.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\Sony PMW EX1 Software\PMW EX1 Clip Browser\setup.exe
Hidden: file C:\Program Files\InstallShield Installation Information\{0134A1A1-C283-4A47-91A1-92F19F960372}\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe Bridge\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe Bridge\browser\opera.dll
Hidden: file C:\Program Files\Adobe\Adobe Bridge\browser\xmlparse.dll
Hidden: file C:\Program Files\Adobe\Adobe Bridge\browser\es262-32.dll
Hidden: file C:\Program Files\Adobe\Adobe Help Center\Browser\xmlparse.dll
Hidden: file C:\Program Files\Adobe\Adobe Help Center\Browser\es262-32.dll
Hidden: file C:\Program Files\Adobe\Adobe Help Center\Browser\opera.dll
Hidden: file C:\Program Files\Adobe\Adobe Photoshop CS2\ImageReady.exe
Hidden: file C:\Program Files\Adobe\Adobe Photoshop CS2\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe InDesign CS2\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\aglfab.dll
Hidden: file C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Support.dll
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\cmdsupt.dll
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\AdobeUpdateManager.exe
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\plug_ins\Preflight\PreflightLib.dll
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\PDFMaker\Office\PDFMAccess.dll
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\AdobeLM.dll
Hidden: file C:\Documents and Settings\Ed\My Documents\My Webs\FileZilla_3.0.11.1_win32-setup.exe
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\Required\Opera\xmlparse.dll
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\Required\Opera\es262-32.dll
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\Required\Opera\opera.dll
Hidden: file C:\Program Files\Common Files\Adobe\Updater\AdobeUpdaterApp.dll
Hidden: file C:\WINNT\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe
Hidden: file C:\Program Files\Ahead\Nero\SHORTCUT.DLL
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\Programs Downloaded\FileZilla_3.0.11_win32-setup.exe
Hidden: file C:\Program Files\Common Files\Ahead\Lib\NeroCBUI.dll
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\Programs Downloaded\delreb_setup-1.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\RegistryPatrol_Trial.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\CleanUp452.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\QWest setup
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\Programs Downloaded\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe
Hidden: file C:\Program Files\Registry Patrol\MemWarp.dll
Hidden: file C:\WINNT\system32\MemWarp.dll
Hidden: file C:\Program Files\PrintScreenPro45_Setup.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_11_20_2009(2).exe
Hidden: file C:\Program Files\Little Registry Cleaner\uninstall.exe
Hidden: file C:\Program Files\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\LimeWireWin(3).exe
Hidden: file C:\Documents and Settings\Ed\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
Hidden: file C:\Program Files\Porpoise Media\Screen Grabber\ScreenGrabber.exe
Hidden: file C:\Program Files\SigisSC1Setup.exe
Hidden: file C:\Program Files\Wisdom-soft ScreenHunter 5 Pro\KillScreenHunter.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Cleaners From Dani\dds.scr
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Cleaners From Dani\8xu0v48n.exe
Hidden: file C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\My Music\iTunes\iTunes Music\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Unknown Album\Dont Think Twice.mp3
Hidden: file C:\Documents and Settings\Ed\My Documents\My Music\iTunes\iTunes Music\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Unknown Album\I Woulda Danced With You More.mp3
Hidden: file C:\Documents and Settings\Ed\My Documents\My Music\iTunes\iTunes Music\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Unknown Album\St. Patrick's Day at The M&M.mp3
Hidden: file C:\Program Files\Ahead\ImageDrive\ImageDrive.exe
Hidden: file C:\Program Files\Ahead\NeroMediaPlayer\SHORTCUT.DLL
Hidden: file C:\WINNT\UNNMP.exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\Updates\advcheck165.exe
Hidden: file C:\Documents and Settings\Ed\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\Fender G-DEC 30\Prosonic Country Backings\Windows Unzipped\Country_Folk--Percussion--Volume-4--v2.1.exe
Hidden: file C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll
Hidden: file C:\WINNT\PaltalkScene\uninstall.exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\advcheck.dll
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\mbzzzigp.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\Sony PMW EX1 Software\SxS Drivers MAC and WIN\SxS_Driver_Win_Installer_v1_00_08030.exe
Hidden: file C:\Program Files\InstallShield Installation Information\{D2D8328B-F031-4F69-8621-250701844E9A}\ISSetup.dll
Hidden: file C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\SxS_Driver_Win_Installer_v1_00_08030.exe
Hidden: file C:\Program Files\JAMMER SongMaker 5\All\JAMMER SongMaker.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\Fender G-DEC 30\midc_32355.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\CamStudio20.exe
Hidden: file C:\Program Files\PC Pitstop\optimize3-setup-1031.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\LimeWireWin(2).exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\PC Pitstop\optimize3-setup-1031.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Current Documents\My Literary\Power Women\HandBrake-0.9.3-Win_GUI.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\LimeWireWin.exe
Hidden: file C:\Program Files\Nikon\NkView6\NikonPrint.dll
Hidden: file C:\Program Files\Nikon\NkView6\Nikon Editor\NikonPrint.dll
Hidden: file C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe
Hidden: file C:\Program Files\NCH Software\Components\aacdec\aacdec.exe
Hidden: file C:\Program Files\Search Toolbar\tbcore3.dll
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\InboxEmailNotifierSetup.exe
Hidden: file C:\Program Files\Common Files\Ahead\DSFilter\NDxGui.dll
Hidden: file C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\privoxy-setup-3.0.15.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\privoxy-setup-3.0.15(2).exe
Stopped logging on 10/14/2010 at 19:07:02 PM

Sophos Anti-Rootkit Version 1.5.4 (c) 2009 Sophos Plc
Started logging on 10/16/2010 at 19:31:21 PM
User "Ed" on computer "ED-0AA9075E6FE4"
Windows version 5.0 SP 4.0 Service Pack 4 build 2195 SM=0x0 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Program Files\Spybot - Search & Destroy\SDFiles.exe
Hidden: file C:\WINNT\system32\ati2evxx.dll
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\01_Audio\01_Audio\Ap\RtlRack.exe
Hidden: file C:\Program Files\AvRack\rtlrack.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\bluetooth\Bluetooth\bsetup.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_03_31_2010(2).exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\MEJFPNFDOYCPQAVP.scr
Hidden: file C:\Program Files\Spybot - Search & Destroy\SDShred.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_03_31_2010.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Cleaners From Dani\d7587wh2.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_10_02_2009(2).exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\AVS Audio\AVSAudioEditor.exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\SDDelFile.exe
Hidden: file C:\Program Files\Lavasoft\Ad-Aware 2007\ProcessWatch.exe
Hidden: file C:\Program Files\Lavasoft\Ad-Aware 2007\HostFileEditor.exe
Hidden: file C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\AGM.dll
Hidden: file C:\Program Files\FileZilla FTP Client\uninstall.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_10_02_2009.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_11_20_2009.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\AVS Audio\audacity-win-1.2.6.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Current Documents\Setup.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\Sony PMW EX1 Software\PMW EX1 Clip Browser\setup.exe
Hidden: file C:\Program Files\InstallShield Installation Information\{0134A1A1-C283-4A47-91A1-92F19F960372}\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe Bridge\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe Bridge\browser\opera.dll
Hidden: file C:\Program Files\Adobe\Adobe Bridge\browser\xmlparse.dll
Hidden: file C:\Program Files\Adobe\Adobe Bridge\browser\zip.dll
Hidden: file C:\Program Files\Adobe\Adobe Bridge\browser\es262-32.dll
Hidden: file C:\Program Files\Adobe\Adobe Help Center\Browser\es262-32.dll
Hidden: file C:\Program Files\Adobe\Adobe Help Center\Browser\opera.dll
Hidden: file C:\Program Files\Adobe\Adobe Photoshop CS2\ImageReady.exe
Hidden: file C:\Program Files\Adobe\Adobe Photoshop CS2\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe InDesign CS2\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\aglfab.dll
Hidden: file C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Support.dll
Hidden: file C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\versioncue.dll
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\cmdsupt.dll
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeLM.dll
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat Elements\AdobeUpdateManager.exe
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\plug_ins\Preflight\PreflightLib.dll
Hidden: file C:\Program Files\Adobe\Adobe Acrobat 7.0\PDFMaker\Office\PDFMAccess.dll
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\AdobeLM.dll
Hidden: file C:\Documents and Settings\Ed\My Documents\My Webs\FileZilla_3.0.11.1_win32-setup.exe
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\Required\Opera\xmlparse.dll
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\Required\Opera\es262-32.dll
Hidden: file C:\Program Files\Adobe\Adobe GoLive CS2\Required\Opera\opera.dll
Hidden: file C:\Program Files\Common Files\Adobe\Updater\AdobeUpdaterApp.dll
Hidden: file C:\Program Files\Ahead\Nero\SHORTCUT.DLL
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\Programs Downloaded\FileZilla_3.0.11_win32-setup.exe
Hidden: file C:\Program Files\Common Files\Ahead\Lib\NeroCBUI.dll
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\Programs Downloaded\capture.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\Programs Downloaded\delreb_setup-1.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\RegistryPatrol_Trial.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\CleanUp452.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\QWest setup
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\Programs Downloaded\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe
Hidden: file C:\Program Files\Registry Patrol\MemWarp.dll
Hidden: file C:\WINNT\system32\MemWarp.dll
Hidden: file C:\Program Files\PrintScreenPro45_Setup.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\Little_Registry_Cleaner_11_20_2009(2).exe
Hidden: file C:\Program Files\Little Registry Cleaner\uninstall.exe
Hidden: file C:\Program Files\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\LimeWireWin(3).exe
Hidden: file C:\Documents and Settings\Ed\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
Hidden: file C:\Program Files\Porpoise Media\Screen Grabber\ScreenGrabber.exe
Hidden: file C:\Program Files\SigisSC1Setup.exe
Hidden: file C:\Program Files\Wisdom-soft ScreenHunter 5 Pro\KillScreenHunter.exe
Hidden: file C:\Program Files\Wisdom-soft ScreenHunter 5 Pro\ScreenHunter.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Cleaners From Dani\dds.scr
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Cleaners From Dani\8xu0v48n.exe
Hidden: file C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\My Music\iTunes\iTunes Music\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Unknown Album\Dont Think Twice.mp3
Hidden: file C:\Documents and Settings\Ed\My Documents\My Music\iTunes\iTunes Music\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Unknown Album\I Woulda Danced With You More.mp3
Hidden: file C:\Documents and Settings\Ed\My Documents\My Music\iTunes\iTunes Music\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Okrush, Chad\Unknown Album\St. Patrick's Day at The M&M.mp3
Hidden: file C:\Program Files\Ahead\ImageDrive\ImageDrive.exe
Hidden: file C:\Program Files\Ahead\NeroMediaPlayer\SHORTCUT.DLL
Hidden: file C:\WINNT\UNNMP.exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\Updates\advcheck165.exe
Hidden: file C:\Documents and Settings\Ed\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.789.0-static-A.exe
Hidden: file C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll
Hidden: file C:\WINNT\PaltalkScene\uninstall.exe
Hidden: file C:\Program Files\Spybot - Search & Destroy\advcheck.dll
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\mbzzzigp.exe
Hidden: file C:\Program Files\SONY\XDCAM EX Clip Browser\Clip Browser.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\Sony PMW EX1 Software\SxS Drivers MAC and WIN\SxS_Driver_Win_Installer_v1_00_08030.exe
Hidden: file C:\Program Files\InstallShield Installation Information\{D2D8328B-F031-4F69-8621-250701844E9A}\ISSetup.dll
Hidden: file C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\SxS_Driver_Win_Installer_v1_00_08030.exe
Hidden: file C:\Program Files\JAMMER SongMaker 5\All\JAMMER SongMaker.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\Fender G-DEC 30\midc_32355.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\Drivers\CamStudio20.exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Music and Video\Acoustica-Beatcraft-Installer.exe
Hidden: file C:\Program Files\PC Pitstop\optimize3-setup-1031.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\LimeWireWin(2).exe
Hidden: file C:\Documents and Settings\Ed\Desktop\Security\PC Pitstop\optimize3-setup-1031.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Current Documents\My Literary\Power Women\HandBrake-0.9.3-Win_GUI.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\LimeWireWin.exe
Hidden: file C:\Program Files\Nikon\NkView6\NikonPrint.dll
Hidden: file C:\Program Files\Nikon\NkView6\Nikon Editor\NikonPrint.dll
Hidden: file C:\Program Files\NCH Software\Components\mp3el\mp3enc.exe
Hidden: file C:\Program Files\NCH Software\Components\aacdec\aacdec.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\InboxEmailNotifierSetup.exe
Hidden: file C:\Program Files\Common Files\Ahead\DSFilter\NDxGui.dll
Hidden: file C:\Program Files\Search Toolbar\SearchToolbarUninstall.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\privoxy-setup-3.0.15.exe
Hidden: file C:\Documents and Settings\Ed\My Documents\Downloads\privoxy-setup-3.0.15(2).exe
Stopped logging on 10/16/2010 at 20:22:19 PM

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 8 · 2010-10-17T08:58:06+00:00

So you are continuing with the clean up or do you want to close the thread?

ed_shaw 0 Light Poster · Answer 9 · 2010-10-17T21:19:56+00:00

So you are continuing with the clean up or do you want to close the thread?

No, I want to continue with the cleanup. I just posted the second Sophos run, as instructed. (Maybe things were getting beyond my span)
My last posting was the temp log from the 2nd Sophos run. Does it look like I did it right? It doesn't seem quite like I did it right. What's next?

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 10 · 2010-10-17T21:59:29+00:00

Update MBA-M and do another Full Scan with it. Have it Remove everything found.
Reboot the computer and then do another HJT system scan.
Post back here with both logs.

ed_shaw 0 Light Poster · Answer 11 · 2010-10-18T05:00:33+00:00

--------MBA-M updated Full---------------

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4863

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

10/17/2010 4:11:12 PM
mbam-log-2010-10-17 (16-11-12).txt

Scan type: Full scan (C:\|)
Objects scanned: 465172
Time elapsed: 1 hour(s), 23 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------Hijack-----------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:52:15 PM, on 10/17/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: BTTray.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Billionton\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://ra.qwest.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210915246421
O16 - DPF: {64E27CFB-8B69-4B83-80F0-36A81437D587} - http://activex.camfrogweb.com/basic/cfweb_activex.camfrogweb.com-basic_instmodule.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe

--
End of file - 9957 bytes

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 12 · 2010-10-18T05:07:01+00:00

You know the page you have set as your homepage, sweetim.com, is not considered to be a very safe page.
Look at this information. Be sure to scroll all the way down to read the comments there.
http://www.mywot.com/en/scorecard/search.sweetim.com

ed_shaw 0 Light Poster · Answer 13 · 2010-10-18T06:54:09+00:00

I've never seen that page before. I mean, I saw it in the log a few times, but it didn't register with me. My Opera is set to Marketwatch...that's my usual browser.
I have Mozilla set to craigslist, but hardly use it. IE is set to Google Home Page for Search, and I never use IE except for automatic windows updates. That Google page could be the problem. Funny how sweetim shows up as a home page and I have never seen it or heard of it. I'll open IE and check the security options. Thanks for noticing that.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 14 · 2010-10-18T07:10:38+00:00

Just wanted to point that out to you. Good thing you don't use IE. We can fix it easily. That isn't a google page.
Do you only use IE for Windows Updates correct? Give me a few moments and I will have some fixes for you to do using HJT

ed_shaw 0 Light Poster · Answer 15 · 2010-10-18T07:21:24+00:00

If I click that http://home.sweetim.com it redirects to a search box
http://search.sweetim.com with the little monkey head logo. It says Powered by Google. OK not necessarily connected. But still, you have to wonder how the scan picked up that URL as the home page. Anyway, I went through IE and deleted everything I could and set the security high and made WIN updates the home.
That HJThis is a neat little program in as much as it is quick and well put together for the users. I feel I'm making real progress with this machine and eager to try your recs. By the way, I got rid of all the Yahoo stuff, too, when the phoney emails started. If sweetims has anything to do with IM, well, Facebook IM and Yahoo IM were on my machine. Yahoo gone, I think.

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 16 · 2010-10-18T07:25:10+00:00

Please follow the instructions as I give them.
Since you jumped ahead we now have to go back.DON'T do the steps in my last post, as I had to delete it since the log shown has likely now been changed by your changes.

Please run a new scan with HJT and post the log. I am going to have to go through it again since you did steps not called for.

SweetIM is a program to Send fancier smiley-faces and IM graphics to friends who are using MSN Messenger. BUT - they are only able to see these advanced smiley-faces if they also have SweetIM installed.

ed_shaw 0 Light Poster · Answer 17 · 2010-10-18T07:47:52+00:00

Sorry, for whatever it was.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:48:09 PM, on 10/17/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Global Startup: BTTray.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://ra.qwest.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210915246421
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe

--
End of file - 6503 bytes

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 18 · 2010-10-18T07:59:03+00:00

The problem was, I told you I would get you the fixes and I spent all that time making a list for you to work with and then you did things manually that I had not requested. This is why we ask people to wait a moment. I worked as quickly as I could. Each line of that log had to be checked.
Ok, run HiJackThis again. This time though put check marks next to the following entries:
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab

O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (file missing)

Once you have the check marks in place click the Fix Checked button and exit HJT.
Reboot.
Please give me a NEW Uninstall list like you did before. There are other items which must be removed but I need to see a new list.

ed_shaw 0 Light Poster · Answer 19 · 2010-10-18T08:16:09+00:00

It was me taking IE out of the picture, wasn't it. I didn't think of that.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:16:11 PM, on 10/17/2010
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Hijack This\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Global Startup: BTTray.lnk.disabled
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://ra.qwest.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210915246421
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Billionton\Bluetooth Software\bin\btwdins.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe

--
End of file - 5689 bytes

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 20 · 2010-10-18T09:18:51+00:00

It was me taking IE out of the picture, wasn't it. I didn't think of that.
Yes it was. I need to see the new Uninstall list and I will give you a couple more steps but I need to see that first because I don't know now what was removed.

ed_shaw 0 Light Poster · Answer 21 · 2010-10-18T18:39:59+00:00

HJT Uninstall List October 18th 2010

Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Reader 9.4.0
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Ahead Nero Burning ROM
Ahead NeroMediaPlayer
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free 9.0
Billionton Bluetooth Software
CleanUp!
Compatibility Pack for the 2007 Office system
ESET Online Scanner v3
Google Earth
Google Update Helper
HiJackThis
Hotfix for MDAC 2.53 (KB927779)
Hotfix for Microsoft .NET Framework 2.0 Service Pack 1 (KB953300)
Hotfix for Microsoft .NET Framework 2.0 Service Pack 1 (KB971110)
HP LaserJet 1200 Uninstaller
InterVideo WinDVD 4
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB971108)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
MIDI-OX
Midisport 2x2 1.0.1.0
Mozilla Firefox (3.6.6)
Nikon View 6
Opera 10.63
Philips SPC 900NC PC Camera
Philips VLounge
QuickTime
Realtek AC'97 Audio
Remove on Reboot Shell Extension
Security Update for DirectX 9 (KB941568)
Security Update for DirectX 9 (KB951698)
Security Update for DirectX 9.0 (KB971633)
Security Update for DirectX 9.0 (KB975560)
Security Update for DirectX 9.0 (KB975562)
Security Update for DirectX 9.0 (KB976138)
Security Update for DirectX 9.0b (KB961373)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB977816)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 6.4 (KB954600)
Security Update for Windows Media Player 6.4 (KB974112)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Media Player 9 (KB973540)
SIPPS
Skype™ 3.8
Smart Link 56K Modem
SONY XDCAM EX Clip Browsing Software
Sophos Anti-Rootkit 1.5.4
Spybot - Search & Destroy
Suite Specific
SxS device driver
Update Rollup 1 for Windows 2000 SP4
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB883939
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB894320
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB897715
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923561
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938127
Windows 2000 Hotfix - KB938464
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB941202
Windows 2000 Hotfix - KB941568
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB941693
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944338
Windows 2000 Hotfix - KB945553
Windows 2000 Hotfix - KB947864
Windows 2000 Hotfix - KB948590
Windows 2000 Hotfix - KB948881
Windows 2000 Hotfix - KB950749
Windows 2000 Hotfix - KB950759
Windows 2000 Hotfix - KB950760
Windows 2000 Hotfix - KB950974
Windows 2000 Hotfix - KB951066
Windows 2000 Hotfix - KB951748
Windows 2000 Hotfix - KB951748-V2
Windows 2000 Hotfix - KB952004
Windows 2000 Hotfix - KB952954
Windows 2000 Hotfix - KB953838
Windows 2000 Hotfix - KB953839
Windows 2000 Hotfix - KB954211
Windows 2000 Hotfix - KB955069
Windows 2000 Hotfix - KB955759
Windows 2000 Hotfix - KB956390
Windows 2000 Hotfix - KB956391
Windows 2000 Hotfix - KB956802
Windows 2000 Hotfix - KB956844
Windows 2000 Hotfix - KB957095
Windows 2000 Hotfix - KB957097
Windows 2000 Hotfix - KB958215
Windows 2000 Hotfix - KB958470
Windows 2000 Hotfix - KB958644
Windows 2000 Hotfix - KB958687
Windows 2000 Hotfix - KB958690
Windows 2000 Hotfix - KB958869
Windows 2000 Hotfix - KB959426
Windows 2000 Hotfix - KB960225
Windows 2000 Hotfix - KB960714
Windows 2000 Hotfix - KB960715
Windows 2000 Hotfix - KB960803
Windows 2000 Hotfix - KB960859
Windows 2000 Hotfix - KB961371
Windows 2000 Hotfix - KB961371-V2
Windows 2000 Hotfix - KB961501
Windows 2000 Hotfix - KB963027
Windows 2000 Hotfix - KB967715
Windows 2000 Hotfix - KB968537
Windows 2000 Hotfix - KB969059
Windows 2000 Hotfix - KB969897
Windows 2000 Hotfix - KB969898
Windows 2000 Hotfix - KB969947
Windows 2000 Hotfix - KB970238
Windows 2000 Hotfix - KB971468
Windows 2000 Hotfix - KB971486
Windows 2000 Hotfix - KB971557
Windows 2000 Hotfix - KB971961
Windows 2000 Hotfix - KB972260
Windows 2000 Hotfix - KB972270
Windows 2000 Hotfix - KB973346
Windows 2000 Hotfix - KB973354
Windows 2000 Hotfix - KB973507
Windows 2000 Hotfix - KB973525
Windows 2000 Hotfix - KB973869
Windows 2000 Hotfix - KB973904
Windows 2000 Hotfix - KB974318
Windows 2000 Hotfix - KB974392
Windows 2000 Hotfix - KB974455
Windows 2000 Hotfix - KB974571
Windows 2000 Hotfix - KB976325
Windows 2000 Hotfix - KB976749
Windows 2000 Hotfix - KB977165-V2
Windows 2000 Hotfix - KB977914
Windows 2000 Hotfix - KB978037
Windows 2000 Hotfix - KB978207
Windows 2000 Hotfix - KB978251
Windows 2000 Hotfix - KB978262
Windows 2000 Hotfix - KB978542
Windows 2000 Hotfix - KB978601
Windows 2000 Hotfix - KB978706
Windows 2000 Hotfix - KB979309
Windows 2000 Hotfix - KB979482
Windows 2000 Hotfix - KB979559
Windows 2000 Hotfix - KB979683
Windows 2000 Hotfix - KB980182
Windows 2000 Hotfix - KB980195
Windows 2000 Hotfix - KB980218
Windows 2000 Hotfix - KB980232
Windows 2000 Hotfix - KB981350
Windows 2000 Hotfix - KB982381
Windows 2000 Hotfix (SP5) Q818043
Windows Installer 3.1 (KB893803)
Windows Live OneCare safety scanner
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinZip
Wisdom-soft Set up ScreenHunter 5.1 Pro

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 22 · 2010-10-18T20:40:13+00:00

Your Java is woefully out of date. Go to http://www.java.com/en/download/manual.jsp
Choose the Offline install and save it to the desktop.
Once you have done that, close all browsers. Go to Add/Remove and Uninstall all of these
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Java(TM) 6 Update 6
Java(TM) 6 Update 7

Once all are removed then go to that Java install file on your desktop and install the newest version which is version 6 update 22. Watch the updating very closely as it automatically offers various toolbars. The check marks will all ready be there so REMOVE the check marks so that you don't get those unneeded toolbars. Once the install is complete go back to that download page and click Verify Now on the right side to go to the verification page to test that the install went as it should have.

Now some advice. I see you are running AVG 9 Free version. I would recommend that you change your anti-virus program to another. Avira Free is the one I use, I like it a lot and it ranks much higher in most tests than AVG.
Here is the link http://www.avira.com/en/avira-free-antivirus
Another good free one is Avast. It also ranks higher in most tests than AVG.
Here is the link for Avast Free http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

I prefer Avira because it is quite easy to run, not intrusive and provides excellent protection. It can be configured for auto updating and auto scanning.
The only complaint anyone seems to have about Avira Free is that when it does it's daily updates you receive a large pop up ad for the paid version, all that needs to be done with that is to "X" out of it. I never have a problem with that and frankly like it because I know for sure that it has updated and it only takes a click to get rid of that pop up.
Be sure of course to totally uninstall ALL of the AVG files before installing the new anti-virus program.
Another MUST have security program, and I would never run a computer without it would be SpywareBlaster from Javacool, Also FREE. This program provides prevents the installation of ActiveX-based spyware, adware, dialers, browser hijackers, and other potentially unwanted programs. It can also block spyware/tracking cookies in IE, Mozilla Firefox, Netscape, and many other browsers, and restrict the actions of spyware/ad/tracking sites. The great thing about this program is it does NOT run in the background. Download, install, update, Enable All Protection and close the program. That's it. Manually check for updates weekly, if there is an update, then download, install, enable all and close the program. That's it. It provides superior protection. It is available here http://download.cnet.com/SpywareBlaster/3000-8022_4-10196637.html

I have to stress, the P2P file sharing definitely caused your infections so stop that. Don't use registry cleaners of any kind. There really is no reason to clean the registry, defrag the registry or anything like that. If you do get another infection MBA-M will clean and remove infected files from the registry. Otherwise, leave it alone.
Any questions?
Judy

ed_shaw 0 Light Poster · Answer 23 · 2010-10-19T02:19:19+00:00

I guess that's it. You anticipated my question as to what follow up steps I ought to take. I'll take those recs and thank you for them, and the Java notice, which I acted on already. Your help has been invaluable to me. The thing I appreciate most is knowing how the trouble started. The improvement in my computer's speed is certainly welcome, but the greater issue of being stupid and responsible for emails and potential hazards is the big one. All I would have needed to do is have gotten one of those infected iTunes files, ( MP3, AIFF, or CD ) into some of the video equipment I use, all heavily software dependent, and who knows the what damage to either the equipment and/or my reputation might have been...knocking on wood.
Tell the truth, I made myself believe I was protected, but really knew something was wrong.
So, thanks, Judy. If there is anything I can do in return for your kind and thorough attention, please let me know.
Sincerely,
Ed Shaw
Oh, one other thing. I use Opera a lot on account of the speed dial and see Blaster does not support Opera. Is there another?

jholland1964 650 Posting Expert Team Colleague Featured Poster · Answer 24 · 2010-10-19T03:05:22+00:00

Yes, SpywareBlaster will protect Opera also. It doesn't show there, but it will because it uses the Internet Explorer engine. Any browser which uses the IE engine is protected and Opera does use the IE engine, along with all of these others:
AOL web browser
Avant Browser
Slim Browser
Maxthon (formerly MyIE2)
Crazy Browser
GreenBrowser
http://www.javacoolsoftware.com/spywareblaster.html#Browsers

xmedx

Recommended Answers Collapse Answers

All 33 Replies

Recommended Answers