Posts by dlh6213

I generally recommend having HJT 'fix' all O16 entries simply because it is easier then researching all of them individually and doesn't hurt anything -- any legit entries will come back next time the site is visited. Doing this can sometimes make a big difference in the length of a log as well.

The poker programs often come with a lot of adware (and sometimes spyware), and users usually aren't even aware they are installed on their systems. As long as your mother is aware of the risks, and doesn't mind the ads, there should be no problem.

You may want to do a search here on DaniWeb for comments about Limewire.

Your log looks clean to me now, happy computing :)

I'm not sure how you deleted the poker programs, but there are still traces of them in your log, so please do the following...

Go to Add/Remove Programs in your Control Panel and remove (if present):

PartyPoker
LadbrokesMPP (or something similar)

Then scan with HijackThis and have it fix:

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
And this one that I overlooked last time --
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Olivia\Start Menu\Programs\IMVU\Run IMVU.lnk

Remember to close any open windows before hitting Fix checked.

Now go to the following locations and delete the highlighted file and folders:

C:\Documents and Settings\Olivia\Start Menu\Programs\IMVU\Run IMVU.lnk

C:\Program Files\PartyPoker
C:\Program Files\ladbrokesMPP

If any of these could not be deleted, try booting into Safe Mode first.

Empty your Recycle Bin, reboot (normally), close any open browser windows, scan with HJT, and post a new log please. And let us know if you're still having the Winfixer problem.

Scan with HijackThis and have it fix the following entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O1 - Hosts: 127.0.0.67 search.active-max.com
O1 - Hosts: 127.0.0.0 www.dialup2.com
O1 - Hosts: 127.0.0.80 maxexp.com
O1 - Hosts: 127.0.0.221 www.mp3search.com
O1 - Hosts: 127.0.0.217 www.rub.to
O1 - Hosts: 127.0.0.91 www.spawnet.com
O1 - Hosts: 127.0.0.220 www.mp3search.com
O1 - Hosts: 127.0.0.9 best.omega-search.com
O1 - Hosts: 127.0.0.217 www.omega-search.com
O2 - BHO: DAPBHO Class - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - C:\Program Files\DAP\DAPIEBar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...kr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com...ver/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...er.cab31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -

Go to the following locations and delete conime.exe:

C:\windows\prefetch\conime.exe
C:\windows\system32\conime.exe
C:\windows\system32\dllcache\conime.exe

You could delete the entire contents of the prefetch folder (but not the folder itself) if you like, in case there is anything else hidden in there. I don't see anything else in your HJT log.

After you delete all of the conime.exe files, empty your Recycle Bin and reboot into Safe Mode.

Search for conime.exe again, and if it is completely gone, reboot normally and set a System Restore point.

If you still find any instances of conime.exe, try deleting them while in Safe Mode. Do not set a Restore Point until you are sure it is gone.

Let us know how it goes and don't forget your Windows Updates.

Please follow the instructions in post #11 of this thread -- http://www.daniweb.com/techtalkforums/thread28196.html

When you scan with HJT, have it fix the following entries:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [Warn pile] C:\DOCUME~1\rodney\APPLIC~1\DOESHE~1\MOVE PHONE JOY.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNfox000
O10 - Hijacked Internet access by New.Net
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...bridge-c401.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares...ysb_regular.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/active...free/asinst.cab

Close any open windows and hit Fix checked.

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double-click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will take a minute or two to scan your computer but it may appear nothing is happening, please be patient; notepad will then open with a log. Copy the contents of the log …

You need to get SP1 (or SP1a) for both XP and IE as soon as possible to help prevent further intrusions (do not get SP2 at this time).

Conime.exe is a trojan that allows attackers to access your system and should be removed. Please do a search on your system for conime.exe and give us the location(s) found.

PS -- I've deleted your other post because it looked like a duplicate of this one.

I only see a few minor things that should be fixed:

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {702EA91C-1ACF-4772-8078-18F2B2EE1031} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

Just to clean up the log, you could have HJT fix all of the O16 entries, but I don't see anything bad there.

Do you want to have Party Poker on your system?

Hi OmegaStealth, welcome to DaniWeb :D

Before fixing anything with HijackThis, it needs to be in its own permanent folder. You can find help on doing this in the HijackThis link below, along with tips on some other things you can do yourself.

After moving HJT to a safe location, please post a new log.

You may need to download another utility to get rid of this, but try this first...

Reboot into Safe Mode.

Scan with HJT and have it fix the following entries:

Note: if you want Overture.com as your home page, don't fix the first two R1 entries.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\geebc.dll
O20 - Winlogon Notify: geebc - C:\WINDOWS\SYSTEM32\geebc.dll

Close any open windows before you hit Fix checked.

Now, with HijackThis still open, click on the Config... button, and then the Misc Tools button; click on the Delete a file on reboot... button. In the File name box, type (or copy and paste) C:\WINDOWS\SYSTEM32\geebc.dll

Reboot into Safe Mode again. Do a search for geebc.dll and delete any instances found.

Empty your Recycle Bin, reboot normally and post a new HJT log please.

As far as I know, HijackThis deletes the entries, but does nothing to prevent them from coming back.

Your log looks clean to me, let us know if you have any more problems :)

Lenovo\PkgMgr\\PkgMgr.exe is part of your ThinkPad, so don't do anything with that.

Reboot into Safe Mode, scan with HJT, and have it fix the following entries:

O4 - HKCU\..\Run: [SVC Service] svc32.pif
O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif
O4 - HKCU\..\RunServices: [SVC Service] svc32.pif
O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif

Close any open windows, other then HijackThis, and hit the Fix button.

Then do a search for each of these and delete any instances found:

svc32.pif
hhs32.pif
svc32.pif
hhs32.pif

Empty your Recycle Bin and Reboot normally.

Go to C:\WINNT\system32\acs.exe, right-click on acs.exe, go to Properties, and give us whatever info you can on this file.

Close any open browser windows, scan with HJT, and post a new log please.

Hi gummydude, welcome to DaniWeb :D

You should first review the links below to begin the cleanup and get some basic info on the use of HijackThis.

Once you've moved HijackThis to a safe location, go to post #14 and follow the instructions for removing yupsearch.

Please post a new log after that so we can see what's left.

You're welcome.

The log should be saved in the same folder HijackThis is in, but since you didn't have it in its own folder (C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE), it should be on your desktop somewhere. It would be best to move HJT into a folder of its own (you can do this by right-clicking in an open area of your desktop, and select New, Folder; give the folder a name, like HJT or HijackThis, and then drag the hijackthis.exe icon that is on your desktop into the new folder). Then rescan and the log will be in the same folder.

Once you locate the log, simply copy it and then paste it into the reply box here.

Hi again, you still have a bit more to do. Go to Add/Remove Programs in your Control Panel and remove WildTangent, if present.

Scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?T...lion&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\geebc.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...kr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...er.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/act...l_v1-0-3-18.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...nt.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploa...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl …

Those are all legit files; the first one is a USB patch for your motherboard, and the others are all related to your NVidia graphics card.

Hi Madelyn, welcome to DaniWeb :)

Is that Spy Sweeper by Webroot that you purchased?

Please download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install and update it, and then close the program (don't scan yet).

Reboot into Safe Mode and do a full system scan with Ewido allowing it to fix whatever it finds (it may take awhile). Note: you will be posting the log from this scan with your next reply.

Reboot normally, close any open browser windows, scan with HijackThis, and post a new log along with the Ewido log.

Try the instructions in post #11 of this thread -- http://www.daniweb.com/techtalkforums/thread28196.html

And then post a HijackThis log.

(Aren't you the one who said LimeWire never installed anything on your computer without you knowing about it? I wonder where this came from...)

Hi RAIDer, welcome to DaniWeb.

If you've already tried the IEFix mentioned above and are still having problems, please post a HijackThis log in a new thread. There is a link to HijackThis info. in my signature block below.

This thread is being closed due to inactivity from the original poster; if edallin would like to have it reopened, please PM one of the moderators.

A look at your HijackThis log may help. You should find it in the same folder where HijackThis.exe is located (which is one reason HijackThis should be in its own folder).

Are you referring to the Security Log shown in the Event Viewer?

Part of your problem may lie in the fact that you are running two antivirus programs. You should decide which you prefer, McAfee or Norton, and remove the other. Better yet, switch to AVG (free) or Nod32.

You can also follow the suggestions in the links below, and if you continue to have problems, post a HijackThis log to help us see what's going on.

Hi marcoolio, welcome to DaniWeb :D

Reboot into Safe Mode and do a complete system scan with Ewido, allowing it to fix whatever it finds (note: you will be posting the log from this scan with your next reply).

Go to Add/Remove Programs in your Control Panel and remove if present:

MySearch
InstaFinderK

Still in Safe Mode, scan with HijackThis, and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL (file missing)
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\2.bin\S4BAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Lin...204&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.c...es/MsnPUpld.cab
O16 - DPF: {58F0B492-A42E-435A-BCBF-C6B2608077BA} - http://ak.imgfarm.com/images/nocach...etup1.0.0.7.cab

Hi kdogg3311, welcome to DaniWeb :D

Please follow the suggestions and recommendations in the links below. HijackThis needs to be in its own permanent folder before fixing anything with it and you will find examples of how to do this in the 'Infection Removal' link. Post a new log after you've moved it to a safe folder.

Hi Nikki, welcome to DaniWeb :)

Backing up and reinstalling is always the best way to cure problems, but if you would like to try to resolve it before resorting to that, try posting a HijackThis log, it may help us spot whatever is causing your problem. There's a link to it in the 'Infection Removal" link below.

Some more good information can be found here (compliments of member Victor587):

http://www.techspot.com/vb/topic31474.html

Thanks Victor!

Sorry for the delay in replying to this. If you're still having problems, please follow the recommendations and instructions in the links below and then post a new log.

Here's the link to the SP2 download. While there, you can also read why it is important. If you're doing this from work, keep in mind it takes quite awhile to download, depending on the connection speed:

http://www.microsoft.com/athome/security/protect/windowsxp/default.mspx

You may find this thread useful as well:

http://www.daniweb.com/techtalkforums/thread10031.html

Hi Mike, welcome to DaniWeb :D

Please follow the suggestions and instructions in the links below and post a new HijackThis log when you've finished.

Hi lotinelm, welcome to DaniWeb :D

Please follow the suggestions and instructions in the links below.

When you get to the 'Cleanup' thread, download Ewido and run it in Safe Mode. Post the log in your next reply.

When you get to the end of the 'HijackThis' thread, go to post #11 to remove newdotnet.

Go to C:\WINDOWS\restore.exe and right-click on restore.exe; go to Properties, and get whatever info you can on it (Company, version, etc.)

When you've finished, please post a new HijackThis log, the Ewido log and the info on restore.exe.

Hi Jon, welcome to DaniWeb :D

Please follow the suggestions and instructions in the links below.

When you finish, go to Add or Remove Programs in your Control Panel and remove (if present):

tslw

Then scan with HijackThis and have it fix the following:

O2 - BHO: (no name) - {B404CC6B-95D3-1A44-27C3-77CD07F8BA38} - C:\WINDOWS\system32\ntui.dll (file missing)
O4 - HKLM\..\Run: [M0tPo.exe] c:\documents and settings\jon wertz\local settings\temp\M0tPo.exe
O4 - HKCU\..\Run: [Rivpzql] C:\WINDOWS\system32\??plorer.exe
O4 - HKCU\..\Run: [Sulm] C:\Program Files\tslw\csno.exe
O14 - IERESET.INF: SearchAssistant=
If this IP address is not related to your ISP, have HJT fix this O15 entry as well --
O15 - Trusted IP range: 206.161.125.149

Close any open windows, other then HijackThis, and hit Fix checked.

Go to the following locations and delete the highlighted files and folder:

C:\WINDOWS\system32\ntui.dll
C:\WINDOWS\system32\??plorer.exe

C:\Program Files\tslw

Go to C:\documents and settings\jon wertz\local settings\temp and delete the entire contents of the folder (but not the folder itself).

If any of these files cannot be deleted, try booting into Safe Mode first.

Empty your Recycle Bin and reboot (normally).

Close any open browser windows, scan with HijackThis, and post a new log please.

Hi Gort, do you have threads going on two different computers right now?

Please follow the suggestions and instructions in the links below.

When you get to the 'Cleanup' thread, download Ewido and run it in Safe Mode. Post the log in your next reply.

When you get to the end of the 'HijackThis' thread, go to post #11 to remove newdotnet.

When you've finished, please post a new HijackThis log and the Ewido log.

Hi acmit, welcome to DaniWeb :D

Try using System Restore first (to a date prior to June 1); if that doesn't work, you can try an in-place upgrade (aka repair installation) -- instructions can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

Let us know the results.

Hi Rick, welcome to DaniWeb :D

Please follow the suggestions and instructions in the links below (don't skip the Windows Updates!) to begin the cleanup process.

When you've finished, close any open browser windows, scan with HijackThis, and post a new log.

Since someone here has already done this, this should help:
http://www.daniweb.com/techtalkforums/thread9696.html

Don't worry too much about the things you couldn't find or that were no longer there, Add/Remove Programs, Ewido, and the other fixes with HJT probably cleared them up already.

Go to C:\Documents and Settings\All Users\Application Data and delete the Joy Comp Bend folder.

Please post your new HijackThis and Ewido logs.

Hi idiot19, welcome to DaniWeb :D

Please follow the suggestions and instructions in the links below (don't skip the Windows Updates!). When you get to the end of the last one, go to post #5 to remove Aurora.

When you've completed that, post a new HijackThis log (include the entire log next time) along with your Ewido log.

Hi infinitykpl, welcome to DaniWeb :D

Please follow the suggestions and instructions in the links below.

Then, after you get HijackThis moved into it's own permanent folder, please post a new log.

Hi IdRatherGoHunt, Welcome to DaniWeb :D

You have quite a few things to fix there. Please follow the suggestions and instructions in the links below to begin the cleanup process.

When you finish the last one -- Specific infections -- follow the instructions in post #14 and then post a new log please.

Please follow the suggestions and instructions in the links below and then post a new log.

Hi twista21,

Please follow the suggestions and instructions in the links below and then post a new log.

Try using System Restore first; if that doesn't work, you can try an in-place upgrade (aka repair installation) -- instructions can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

Let us know the results.

Hi uncle quiley, welcome to DaniWeb :D

Please follow the suggestions and instructions in the links in my signature block below.

If you continue to have problems, try WinsockXPFix --WinsockXPFix

Run it, and click the Fix button; choose YES when asked if you want to proceed.

If it still doesn't work, try IEFix -- http://windowsxp.mvps.org/IEFIX.htm

Post a new HijackThis log and let us know the current status.

Hi leviathan_49, welcome to DaniWeb :D

First of all, you have HijackThis in two locations (C:\DOCUME~1\CARESS~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe
C:\Documents and Settings\Caresse Garza\My Documents\download\HijackThis\HijackThis.exe). You should remove the one in the Temp folder so you don't accidently use it instead of the other one.

Then follow the suggestions and instructions in the links in my signature block below.

If you continue to have problems, try WinsockXPFix --WinsockXPFix

Run it, and click the Fix button; choose YES when asked if you want to proceed.

If it still doesn't work, try IEFix -- http://windowsxp.mvps.org/IEFIX.htm

Post a new HijackThis log and let us know the current status.

Hi HBMarar,

Sorry for the delay in responding to this; if you're still having trouble, please follow the suggestions and instructions in the links below and then post a new log.

Hi Ben, welcome to DaniWeb :D

Sorry for the delay in responding to this.

Please start by following these instructions -- http://www.daniweb.com/techtalkforums/showthread.php?p=156520#post156520

Post a new HijackThis log when you've completed that.

Hi joeman2199, welcome to DanWeb :D

I appologize for the delay in responding to this. I don't see anything in your HijackThis log that would indicate a problem; if you're still having trouble, you may have better luck posting in the Windows XP forum (without the HijackThis log).

Hi mels1pt8t, welcome to DanWeb :D

I appologize for the delay in responding to this; if you still need assistance, please follow the suggestions and instructions in the links below and then post a new HijackThis log.

Hi kcto88,

I appologize for the delay in responding to this. There are a few things that should be cleaned up there, please follow the suggestions and instructions in the links below (including the Windows Updates!) and then post a new HijackThis log.

Hi Zeez0r,

I appologize for the delay in responding to this; if you still need assistance, please follow the suggestions and instructions in the links below and then post a new HijackThis log.

Edit -- Never mind, I see you started a new thread and got your problem resolved :)