0

Can someone help me get rid of this? Every time I reboot or start my comp, a red icon that says "TAG" appears on my desktop and after some research online, I learned that it's spyware. How do I get rid of this? I read in another thread that I should use HiJack to scan my computer and post the logfile. Where here it is. Hopefully someone can help me. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 3:02:51 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\brss01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINNT\Mixer.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINNT\system32\Brmfrmps.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\SYSC00.exe
C:\WINNT\sys011134565166-.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\WINNT\slupiww.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\GetNetTime.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThisFolder\hijackthis.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://skyministry.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F3 - REG:win.ini: run=
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - (no file)
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [Tagasuarus7.exe] C:\WINNT\system32\Tagasuarus7.exe
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\SYSC00.exe
O4 - HKLM\..\Run: [slupiwwA] C:\WINNT\slupiwwA.exe
O4 - HKLM\..\Run: [sys011134565166-] C:\WINNT\sys011134565166-.exe
O4 - HKCU\..\Run: [msnmsgr] "c:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 -reboot 1
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O18 - Filter: text/html - {BA576CDE-9949-4473-A8F7-6C17C2A7E600} - (no file)
O20 - Winlogon Notify: H323TSP - C:\WINNT\system32\kt2ul7f91.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\slupiww.exe

3
Contributors
10
Replies
11
Views
11 Years
Discussion Span
Last Post by 'Stein
0

Hi, welcome to DaniWeb.

Alrite, first off, download the LSP-Fix (http://www.cexx.org/lspfix.htm) , save it to the desktop, but DO NOT RUN IT YET. Next, print these off or copy them to a word document, as you'll have to run this in Safe Mode (constantly press F8 while starting up). Run the program, which is sorta easy to use.

Second I see several things wrong with the HJT log. Rerun a new scan and check the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - (no file)
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} -C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [Tagasuarus7.exe] C:\WINNT\system32\Tagasuarus7.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\SYSC00.exe
O4 - HKLM\..\Run: [slupiwwA] C:\WINNT\slupiwwA.exe
O4 - HKLM\..\Run: [sys011134565166-] C:\WINNT\sys011134565166-.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Broken Internet access because of LSP provider 'farlsp.dll' missing
O18 - Filter: text/html - {BA576CDE-9949-4473-A8F7-6C17C2A7E600} - (no file)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\slupiww.exe

After fixing these, restart, run HJT, and post a new log, along with a paragraph on how the computer's now running.

Hmm, on top of that, I want DMR to look at this. It seems pretty screwed up.

Thanks.

0

Hi, ou have quite a bit of nasties in there ;). Boot into safe mode run HJT and have it fix the following.

C:\WINNT\SYSC00.exe

C:\WINNT\sys011134565166-.exe

C:\WINNT\slupiww.exe

R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

F3 - REG:win.ini: run=

O2 - BHO: (no name) - {0DEADE31-9A37-48B2-921A-7825EA93D32A} - (no file)

O4 - HKLM\..\Run: [keyboard] C:\\keyboard.exe

O4 - HKLM\..\Run: [Tagasuarus7.exe] C:\WINNT\system32\Tagasuarus7.exe

Then have HJT fix these.

O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\SYSC00.exe

O4 - HKLM\..\Run: [slupiwwA] C:\WINNT\slupiwwA.exe

O10 - Hijacked Internet access by New.Net

O18 - Filter: text/html - {BA576CDE-9949-4473-A8F7-6C17C2A7E600} - (no file)

O20 - Winlogon Notify: H323TSP - C:\WINNT\system32\kt2ul7f91.dll (file missing)

After that browse to and delete this file (if found).


C:\WINNT\system32\Tagasuarus7.exe

In order to see it, you mau have to have windows "Show hiiden files" And SHow proteted operating sytem files"

To do this:

Start>My Computer>Tools>Folder Options>View tab>Check show hidden folders>and uncheck hide protected operating system file Hit yes to the dialog box that comes up.

When thats deleted. Reboot normally, and download ewido Install it. Run it and save a log.

Scan again with HJT, and post that log along with the ewido log.

-T

EDIT: I was to late :(

0

ok thanks for the help.. let me go ahead and do what you instructed..

0

Ok, I did as instructed but I'm not sure if you would want me to post the ewido log. There were 2707 infected objects. But here's the HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 9:39:29 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\WINNT\system32\brsvc01a.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\brss01a.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\Brmfrmps.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINNT\Mixer.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\PCSecurityShield\The Shield Firewall\GetNetTime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\wuauclt.exe
C:\HijackThisFolder\hijackthis.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://skyministry.com/
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O2 - BHO: Farstone Popup Blocker - {E22F9B9D-1A1F-473E-BED6-D8BC152441F4} - C:\PROGRA~1\PCSECU~1\THESHI~1\FARPOP~1.DLL
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINNT\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [dwStart] C:\Program Files\PCSecurityShield\The Shield Firewall\FireWall.exe
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonnt.exe Main
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\PCSecurityShield\ShieldAntivirus\Vrres.exe
O4 - HKCU\..\Run: [msnmsgr] "c:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINNT\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINNT\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\PCSecurityShield\ShieldAntivirus\vrmonsvc.exe

0

Hmm a couple more:

O2 - BHO: Farstone Url Blocker - {316AEF8D-3C37-423E-9E6E-13820A9DC37A} - C:\PROGRA~1\PCSECU~1\THESHI~1\IrlOnIE.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Thats all I really see mostly. Are ya still having symptoms?

If yes, post another log after the changes.

Thanks.

0

Alright, everything seems to running fine now. Thanks so much for the help. Can you recommend anti virus, spyware, adware, etc. programs as well as a good firewall?

0

Haha awsome.
Time for some recomendations:
First off (if ya havn't already), switch and use Firefox instead of IE. It's significantly safer.

Next, download Ewido as a spyware cleaner. It's what I've used for a while with much success.

Also, download Microsoft Defender (formerly known as Microsoft Anti-Spyware). Although it isn't as good at catching spyware, it's a good 'active' catcher.

Antivirus: Personally, I use Norton Antivirus. However, the supposed current best is Nod32. However, these both cost money. For free (and these arn't that bad), I would download AVG. (NOTE: Be sure to only run 1 antivirus)

Firewall: Personally, I have a hardware router built into my router, with Norton Internet Security as a software firewall. However, again, this costs money. For free, the best (at least I feel it is) is ZoneAlarm.

Lastly, I would download CCleaner. This utility is helpful in keeping the computer in an overal good state.

Links for all of these:

Firefox – http://www.mozilla.org/products/firefox/
AVG – http://free.grisoft.com/doc/2/lng/us/tpl/v5
Nod32 – http://www.nod32.com/home/home.htm
Ewido - http://www.ewido.net/en/
Zone Alarm – http://www.zonelabs.com/store/conte...lid=selector_za
CCleaner - http://www.ccleaner.com/

Thanks.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.