Posts by PhilliePhan

It could be that wlnotify is having trouble with damaged accounts. Can you enter Administrator in Safe Mode? If so, create an account with another name. Try to start into that, if it works copy over your files.

Hey Gerbil - long time, no see! :)

That's not a bad idea. If that is a no go, perhaps recovery console? Or maybe popping the hard drive into another PC as slave?

I think there are plenty of options to recover data before a format.

I wonder if that last run of MBA-M borked something.... It certainly would not be unprecedented.

PP :)

Hi Matt,

Have you tried loading the Last Known Good Configuration?

PP :)

Looks like a few baddies . . .

Please run MBA-M and ESET scans as per the linky below and post the logs.

http://www.daniweb.com/forums/thread134865.html

I am not around much, but I'm sure crunchie or Judy will be able to advise you further as needed.

Best Luck :)
PP

Ok, after some intense research, I found out that my PC is infected with Trojan.Win32.Small.bvb Normally this would be an easy bug to get rid of, but it seems like I got the worst of the worst.

I agree with Hugh's last post.

Additionally, I think the damage may be worse than a simple trojan. I suspect some system files have been irreparably damaged which is why I recommended a reformat.

An easy way to find out is to run the ESET or Kaspersky online scans (if you are able) in the linky below and post the resulting logs:

http://www.daniweb.com/forums/thread134865.html

PP :)

Thanx

You're welcome :)

I would not be surprised if all it takes to clean your machine is a run of MBA-M. Be sure to have it remove the baddies it finds and then post all the logs just to be on the safe side. . .

Cheers,
PP

Yup - you have a baddie.
Please run MBA-M as per the linky below and post back the requested logs.
I am not around much these days due to work, but Judy and crunchie would probably be happy to help you out:

http://www.daniweb.com/forums/thread134865.html

Best Luck :)
PP

Sorry if I was confusing

No worries! ;)

Problems like this are really difficult to deal with in a forum setting - much easier if we all were sitting in front of the machine.

These M$ error codes are next to useless due to their ambiguity.
M$ does say this, though:
The STOP 0xC000021A error occurs when either Winlogon.exe or Csrss.exe fails. When the Windows NT kernel detects that either of these processes has stopped, it stops the system and raises the STOP 0xC000021A error. This error may have several causes. Among them are the following:

* Mismatched system files have been installed.
* A Service Pack installation has failed.
* A backup program that is used to restore a hard disk did not correctly restore files that may have been in use.
* An incompatible third-party program has been installed.

-- Have you tried booting and tapping F8 and trying to load the "Last Known Good Configuration?" Probably won't help, but worth a go. Or maybe even getting rstrui.exe to run in Safe Mode and trying that to get the compy in a state where you can proceed to try another repair?

-- Do you think your recovery partition is viable?

-- What about a complete wipe and then reinstall starting with something such as Darik's Boot and Nuke to wipe the drive and then try the reinstall from disc?

Sorry I can't …

In all honesty, it would probably be best (and easier) to reformat your machine in this case. This baddie is difficult to recover from and even then things may still not work properly.....

You might want to wait for crunchie or Judy to weigh in with an opinion, but I would recommend a reformat.

-- Do you have a copy of your OS on disc? (Recovery discs, etc...)

PP :)

you had told me the other day to check the host file and it was full of entries had a friend at work show me the steps to clean it up. so all seems to be working well
thank you for the help

Happy to help!
So there were entries in the Hosts file after all - I figured that would be a good place to start.
Dumping Firefox may have been a bit of overkill...

As for the problems with IE/Daniweb, it sounds like a cookie issue. You should check your cookie settings as well as security settings for IE.

Cheers :)
PP

I do not believe that this is a malware issue. Perhaps some security settings have been changed? Have you tried a System Restore to a time when your compy was behaving properly?

You could fix the following in HJT, but they are just minor cleanup:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O13 - Gopher Prefix:

I am not sure why you are having trouble with command prompt. Have you tried navigating to cmd.exe and running it? What about command.com?

-- For your connectivity issue, you might try investigating with the following tools:
http://visualroute.visualware.com/
http://network-tools.com/

-- Have you installed the latest build for ZoneAlarm. I think they had a recent update.

-- Do you have connection problems using IE?

There could be any number of causes for the connectivity problems.
The command prompt issue may be a lingering result from a previously cleaned malware infection.

PP :)

when i went to run this hijackthis check it said i could not enter some host files

Off the top of my head, it sounds as though you are being blocked from accessing some sites by Hosts File entries.

Navigate to C:\Windows\System32\Drivers\etc\hosts and open the Hosts file with notepad and copy and paste it for us and we'll see if that is the problem.

PP :)

i'm sure most of you must have heard of the registry entry mountpoints2 is there some way that you can get rid of it.

There is nothing inherently wrong with those registry keys - outside of perhaps Autorun issues involving infected USB drives. They will come back the next time you use a USB drive, clean or not.
I am not sure if you can remove them permanently....

You could have a look here for more info:
http://blogs.technet.com/steriley/archive/2007/10/30/more-on-autorun.aspx

I see that Judy has answered your other thread. I suggest you stick with that one in order to be helped in a timely manner.

Cheers :)
PP

Hi Judy,

Got your message - suggest you run AboutBuster and see if it will remove those hidden streams.

http://www.malwarebytes.org/aboutbuster.php

Let me know if you have any problems after that. I'll be doing storm cleanup all weekend, but will try to have a peek as time permits.

Best :)
PP

[sarcasm] Gotta Love Malware [/sarcasm]

http://www.theregister.co.uk/2008/08/22/anatomy_of_a_hack/

Seriously, though, it is an interesting read. Especially if you are a novice and are not familiar with the ways malware can hook you......

PP :)

just uncheck the 04's releated to each program, in hijackthis to disable them at start up .no need for another program

This is solid advice and probably the easiest way to manage unwanted startups without manually hacking the registry.
My first approach would be to uninstall any unwanted programs. Then, use HJT to adjust the registry for remaining startups as needed.

The programs Judy mentions have an advantage in that it is easier to re-enable startups. Some people have trouble navigating HJT or delete the backups (especially if HJT is run improperly).

Judy is correct that HJT is not a "fixer" program with regard to malware.
I think she might have been thinking of the people who use Diagnostic Startup via msconfig to disable unwanted startups - definitely NOT a good idea.

PP :)

- If I'm online and using microsoft word or wordperfect it freezes after I've typed a sentence or two but if i turn off the modem i'm able to use these programs without problems.
- the computer freezes if I try to stream audio or video
thanks a lot for your help so far

Sounds like some additional problems likely unrelated to the malware on your machine. We'll try to get you cleaned up and then see if those issues remain.

-- See my previous post (#7) in case you missed it.

PP :)

Also, I would suggest that you Uninstall ALL of the Anti-virus programs you have installed via Add/Remove Programs and then try to run MBA-M.
If it still hangs, try to run it in Safe Mode.

Let us know how you fare.

--- Re-install only ONE anti-virus program after the MBA-M scan. Looks like you have settled on AVG. That should be a solid choice.

Best Luck :)
PP

np glad i can help i no how hard it is when you cant find answers anywhere, hey if u can help out by just like posting that solution in other forums that you maybe part of

This is not a particularly good idea.

I fully understand the sentiment and your good intentions are to be commended. :)
Plus, I know how difficult it is to get a timely response from volunteers these days.

However, as someone who volunteers in a number of different Forums (including spywarewarrior that you linked) I can tell you that all infested computers are different and what works for one person might not work for others. Where there is one piece of malware, there are likely to be others and by simply following somebody else's steps, you may miss these....

Also, Combofix is not a tool to be run without a knowledgeable person assisting you. A lot of damage can be done if you are not careful! There is a reason you are requested to install the Recovery Console before running ComboFix.....

The steps in the post I linked earlier are the best way to proceed. MalwareByte's Anti-Malware will clean a lot of baddies. After that, a knowledgeable volunteer can tailor a plan for your specific issues.

Read me before posting a request for assistance

Cheers :)
PP

AVG needed to be uninstalled to prevent the computer from freezing in regular windows or in safe mode about ten seconds after it booted up. Now it usually only freezes when I try to run or download antivirus programs.

You've got a few baddies showing there.

-- Looks like you installed Comodo AV. Is it functioning properly?
-- What is this? --> C:\Program Files\ESTsoft\ALYac I've not seen it before.

FIRST:
Look in Add / Remove Programs and Remove/Uninstall the following crapware:
C:\Program Files\RXToolBar
C:\Program Files\SpySpotter3
C:\Program Files\MyWebSearch

THEN:
Please run the steps listed in the linky below and submit the requested scanlogs:

Read me before posting a request for assistance

• Please post the DSS extra.txt as an attachment to your post using the “Manage Attachments” button (scroll down when composing your post).
• Hold off on posting the Uninstall List. The DSS extra.txt ought to suffice.

Let us know if you run into any problems with the above steps.
I or one of the other volunteers will be happy to help as time permits. I'm a bit over-extended at the moment, but will try to reply in a timely manner if nobody else jumps in.

Best Luck :)
PP

How do I solve thid problem? I was told this was a virus. I ran a virus scan program but it was no help

Yup - you have a worm on your Flash drive.
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FVB%2EAL&VSect=T

You might try this handy tool by sUBs:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

I would also suggest that you run the steps listed in the linky below and submit the requested scanlogs:
Read me before posting a request for assistance

• Please post the DSS extra.txt as an attachment to your post using the “Manage Attachments” button (scroll down when composing your post).
• Hold off on posting the Uninstall List. The DSS extra.txt ought to suffice.

I or one of the other volunteers will be happy to help as time permits.

Best Luck :)
PP

Hi Frustratedpc,

Sorry about replying so late - I was away for the weekend.

Please follow the steps in the linky below to run ComboFix and post that log for me:

How To Use ComboFix

PP :)

Hi katz123,

Please stay in one thread! Multiple threads confuse us volunteers...
Are you able to do any of the steps I posted in your other thread ---> http://www.daniweb.com/forums/thread141630.html
-- What about in Safe Mode?

Please post back in this thread. Cyber Punk, Judy, crunchie or I will be happy to try to help you.

I'll be back on Monday!

PP :)

I continue to have two error boxes that continue to pop up on my computer the message is " Runtime error 21 at 020149D2" And everytime i click "ok" or "X" out of the boxes my screen goes blank and then reappears and the boxes are back again

please help

Lot's of possible causes, including malware.

-- Are you able to do a System Restore (if applicable to your OS)? You might try that.

Also, whether a Restore removes the error or not, I suggest you follow the steps in the linky below:

Read me before posting a request for assistance

• Please post the DSS extra.txt as an attachment to your post using the “Manage Attachments” button (scroll down when composing your post).
• Hold off on posting the Uninstall List. The DSS extra.txt ought to suffice.

I will be tied up with work, but I imagine somebody will be able to advise you further after you post the requested logs.

Best Luck :)
PP

Everybody with this problem needs to start their own thread.

Please run the steps listed in the linky below and submit the requested scanlogs:

Read me before posting a request for assistance

• Please post the DSS extra.txt as an attachment to your post using the “Manage Attachments” button (scroll down when composing your post).
• Hold off on posting the Uninstall List. The DSS extra.txt ought to suffice.

I'm itied up with and may not be able to respond in a timely manner, but I'm sure another "regular" volunteer will be happy to look at the logs for you.

Best Luck :)
PP

I am not very good with computers; I need to know what the best anti virus program would be for me. I had mcafee and it just expired, but it is $70 to renew.... I really dont have the money to do that. All I use my computer for is school.
Please help!

The three Free options in my post above are all solid choices. You'll find people who prefer AVG, but I like AntiVir the best of the three.

PP :)

I know I haven't been on in like a week. I was on vacation, but I forgot to post that before I left...sorry.

I have also been getting a window that says "Cannot find script file 'C:\Documents and Settings\Baha Safadi\Local Settings\Temp\.tt3.tmp.vbs'"

I'll run DSS and MBA-M and post the logs in the next post.

Welcome Back!

-- Judy is on vacation this week too, so I am trying to cover for her as bast as I can. Unfortunately, I am starting a heavy work cycle, so free time may be limited. Please bear with me :)

-- Don't worry about running Microsoft MRT at this point.

-- tt3.tmp.vbs is likely malware and was probably flushed if you ran cleaned your Temp files.

I'll try to keep an eye open for the new logs.

PP :)

I think I will stick to XP for the time being....
I think we can call this thread solved. Thanks for the help, judging from what happened, it looks like I had to take the only possible resolution!

Happy to help!

-- I personally prefer XP, even with all its holes, to Vista at this time.

PP :)

Sure hope some one can give me a solution on this The laptop is old but I like it even though the fan stopped working. I would sure appreciate any help any of you Techies can give me. And would it be wothwhile to take it in and have the fan repaired?

Regarding the fan, I think that depends more on how much you really like the laptop and whether you can get a good price if you choose not to do it yourself (sometimes easy and sometimes a real pain - I'm not sure which category Dell falls into).

For the malware:
Please run the steps listed in the linky below and submit the requested scanlogs:
Read me before posting a request for assistance

• Please post the DSS extra.txt as an attachment to your post using the “Manage Attachments” button (scroll down when composing your post).
• Hold off on posting the Uninstall List. The DSS extra.txt ought to suffice.

I or one of the other volunteers will be happy to help as time permits. I'm a bit over-extended at the moment, but will try to reply in a timely manner if nobody else jumps in.

Best Luck :)
PP

I think I will change my Automatic Updates settings to: ask me before downloading.

That is my preference. Definitely a good idea. That way, if you install a new update and something immediately goes wrong, you'll know where to start troubleshooting.

Do you have any further information on this problem?

No specifics - sorry. Just anecdotal stuff from problems I've seen while volunteering in various tech forums over the last five years.
Sometimes the updates bork your machine. Sometimes it is the update process itself. I remember a few instances in 04 or thereabouts when people would be posting about sluggish computer, etc... and it turned out that they were on dial-up and their machine was in the process of automatically downloading and installing SP2...... LOL!

More recently, M$ released an updated that borked the Internet connection for anybody using ZoneAlarm Firewall.
http://www.daniweb.com/forums/thread133490.html

There are just too many possibilities. . . . . .

Cheers :)
PP

After all this, can someone suggest what might have happened? (Hopefully it won't ever happen again, but it never hurts to be prepared).

Hi Norman,

As you noted, all we can offer is mere conjecture at this point, so here goes:

-- Could be due to SP3. Many people have had issues with it. Many have not. I have had no major issues with SP3.

-- Could be a poorly written piece of software or a poorly written piece of malware. Most malware today is designed to make somebody money, either through extortion or outright theft of information and for that they need a working computer. It's been a while since I've seen a piece of ineptly designed malware do this, so I'd probably rule that out.

-- I have seen issues such as yours turn out to be related to Microsoft's Automatic Updating Service in Windows. There were patches for these issues and I would assume they were on your machine if you were running SP3.

The culprit(s) could be all sorts to things. Hard to pin a tail on it after the fact.

Best Luck :)
PP

Thank you to all who helped!

I'll jump in and speak for Judy and say You're Welcome! I'm sure it was her pleasure :)

PP

and so on... i kept on trying on lost my internet too....
finally i had to reinstall windows... so i can't tell you how your tool would work. but i have downloaded it for the bad times in future.

Thanks once again.

Happy to try to help :)

At least now you can be 100% sure your compy is clean. Some good preventive measures can be found in my "Protect Yourself" linky below.

-- That version of the tool I linked doesn't fix anything even though it says it does (it contains only part of one cleaning routine). Rather, it performs like HJT and DSS to enumerate running processes, certain registry keys, newly added files, etc... Even my later versions are pretty feeble when you compare them to a tool such as combofix, LOL!

Cheers :)
PP

Hi Diana,

Judy is away being a grandparent for a while ;)

-- Your last combofix log looks ok to me. Are you still having any problems?

-- You should Uninstall Viewpoint via Add/Remove Programs. It is "foistware" and not needed.

-- Also, you can delete C:\Documents and Settings\diana\Application Data\LimeWire if it remains.

Cheers :)
PP

I have the same problem on my IBM Intellistation 933 megahertz Intel Pentium III (2 installed)processors with Windows 2000 Professional.
"The operating system cannot run %1."

Have you ever resolved this?

-- Have you tried simply re-installing Windows Media Player?

-- Or, we can look at the registry:
Download Bill James’ RegSrch

Extract it to your Desktop and DoubleClick regsrch.vbs
-- if your AV has script blocking, you’ll need to allow this to run
When the dialog box opens, type Windows Media Player and Click OK.

-- You’ll need to save the log that pops up in Wordpad and then submit it for me.

I'll try to check back as time permits.

PP :)

Sounds like you have quite a mess there!

-- Are you able to run any tools in Safe Mode?

If you want, you could try this AT YOUR OWN RISK:
Run this early beta of a scanning tool I've been writing off and on for a while. It should be safe - many of the more risky components are not included in this early version.

Download PeekabooXP.zip and EXTRACT the PeekabooXP Folder to your C:\ Drive
It needs to be there to run properly.
-- You'll need to disable your AV temporarily before you run PeekabooXP. It might hang if you don't. Run it in Normal Windows Boot, not Safe Mode.
-- Open the PeekabooXP folder on the C:\ drive and DoubleClick Run This.bat and follow the prompts.
-- A log ought to pop up in notepad - post that for me.

I'll try to check back as time permits. I've got a busy weekend of home repairs ahead of me, so I may be tied up for a bit.

Best Luck :)
PP

MBA-M found nothing when I scanned with it.

That's odd - I fully expected MBA-M to remove those.

Well, Combofix got some of it on the first pass. Let's have a go at the little that remains:

-- Please delete your copy of ComboFix and download a fresh one to your Desktop
-- Download the attached file CFScript.txt to your Desktop as well.
-- Close ALL browser windows and then drag CFScript.txt into/over ComboFix.exe to start ComboFix.
-- Let Combofix run as before and post me that log

-- Go and Update your Java here ---> http://www.java.com/en
--> Please note that, before updating your Sun Java, you MUST remove ALL older versions that may be on your machine or you will still be vulnerable to some exploits/weaknesses such as VUNDO which may target and force execution on older runtime environments.
-- Do this by going into Add or Remove Programs and removing any versions that differ from the current version listed at the Java site. They may look similar to the following:
Java 2 Runtime Environment SE v1.4.2.06
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 9
Java(TM) SE Runtime Environment 6 Update 1
Java(TM) 6 Update 2

Please post me the new ComboFix log and let me know if you are still having problems.

PP :)

C:\WINDOWS\system32\ILS8e05l.exe <---this is the process that causes the popups
C:\Downloads\dss.exe
C:\DOWNLO~1\ADMINI~1.EXE <---- and I have no idea what this is

My fault there - Administrator.exe is what DSS changed Hijackthis.exe to. I don't normally see it running from Downloads Folder, hence my confusion.... No worries.

The baddies that jump out at me are these:

2008-08-14 10:22:21 2 ---hs---- C:\WINDOWS\system32\taskkill.com
2008-08-14 10:22:21 2 ---hs---- C:\WINDOWS\system32\netstat.com
2008-08-13 18:02:00 80898 --a------ C:\WINDOWS\system32\ILS8e05l.exe
2008-05-24 20:11:22 16 --a------ C:\WINDOWS\popcinfot.dat
2008-05-24 20:09:08 0 --a------ C:\WINDOWS\popcreg.dat

It would probably be easiest and "cleanest" in terms of removal if you tried running MBA-M as per the Read Me linky. It ought to be able to clean this.
Please post that log.

If you are unable to run MBA-M, then please follow the steps in the linky below to run combofix and post that log for me:

How To Use ComboFix

Will try to check back Friday evening.
PP :)

Thank you so much.

You're welcome! Happy to help.

There are a few issues that remain to be dealt with (updating Java, etc..) plus I imagine a bit of malware cleanup as well. If you need further assistance, please post a full DSS log.

Cheers :)
PP

I'm a bit pressed for time, but let's have a look......

This looks a lot like something from the Chode family of Trojans. If that is the case, then we'll need to address the changes it likely has made to the registry. But first, let's start with the following:

-- Did you just download this? Is it legit?
C:\DOWNLO~1\Administrator.exe

-- Please Download HostsXpert and Extract it from the ZIP to its own folder
-- Run HostsXpert and Select Restore MS Hosts File and then Click OK
-- Close HostsXpert.
You might want to keep this handy tool for use in the future.
If you have issues running this, no worries - we'll do it later.

There are a few other items as well.

Run HJT and FIX the following:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startzone.info/h --> unless you set this. Looks scammy to me.
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\qgekltrrd\winlogon.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O4 - Startup: winlogon.lnk = ?

FIX those with HJT and then boot to Safe Mode and Delete this Folder ---> C:\WINDOWS\system32\qgekltrrd

Let me know how you fare with the above.

-- Then, see if you can get DSS to run fully in normal windows …

so while I would love to give you a hijackthis log, I cant, can anyone help?

-- What is your OS?
-- Can you get any of the cleaning tools to run in Safe Mode?
-- Have you tried renaming hijackthis.exe to your name.exe or something random and then trying to run it in Normal Windows Boot? (a HJT log in Safe Mode doesn't show much)
-- Have you tried DSS from the Read Me Sticky at the very top of the Forum?

If you can answer/try the above for me, I'll let you know if I can be of assistance.

Best Luck :)
PP

You should run MBA-M as per the directions in the linky below:

Read me before posting a request for assistance

Note where it says: Be sure that everything is checked, and click Remove Selected.

Cheers :)
PP

At quick glance, your HJT log looks to be free of malware.

Keyloggers (at least the good ones) are often "stealthed" and will not show up in a HJT log. You would need to dig further with more sophisticated tools.

PP :)

I ran the PC tools registry mechanic.

You should run the two tools crunchie advised you to run.

MBA-M will clean without asking you to purchase, although you have the option to purchase a "full featured" version.

Please post both logs as directed.

Cheers :)
PP

I am sorry. . . . if given the chance to do so here the completion steps given there would have also been used here.
Sorry I couldn't have been of more help.

LOL! No worries, Judy.
The computer was pretty much clean by the time he posted at the "superior resource." He posted the MBA-M log from the scan YOU asked him to run in the first place which cleaned the Vundo. Nothing left for combofix to find but some mild adware....

PP ;)

i didnt have time... thats how fast SC was... son

LOL! Son?

I was polite and will remain so.

Katana volunteers at some of the same Forums as I. A volunteer's speed depends on their skill and current workload of threads in each forum. I can assure you that the cleaning steps here would be the same as SC.
BTW - Did you happen to notice how many threads Judy was working in this Forum alone?

No need to reply - I have better things to do with my time.

Cheers :)
PP

securitycadets seemed much swifter at assistance with malware problems and bar none for malware problems...

Next time (and if you keep using cracks and warez, there will definitely be a next time) please have the courtesy to let us know you are receiving help elsewhere.
Most forums are staffed by VOLUNTEERS and are overwhelmed with requests for help and it wastes our time and resources working the same problem in multiple forums.

Thanks :)
PP

Hey Judy,

If memory serves, Otto is OEM software for HP/Dell/others and I believe it is tied to WildTangent which also shows in log:
C:\Program Files\WildTangent\Apps

Cheers :)
PP

Can someone help? Trend Micro PC-cillin is giving me messages that I've attempted to open dangerous Web sites, although I haven't tried to go to those sites. They include codecservice1.com and us01.xmlsearch.findwh.

Nothing jumps out at me from your HJT log - However, a HJT log alone is insufficient to diagnose problems these days.

Please run the steps listed in the linky below and submit the requested scanlogs:
Read me before posting a request for assistance

• Please post the DSS extra.txt as an attachment to your post using the “Manage Attachments” button (scroll down when composing your post).
• Hold off on posting the Uninstall List. The DSS extra.txt ought to suffice.

I will be unavailable for much of the coming week, but I'm sure one of the other volunteers will be happy to help as time permits.

Best Luck :)
PP

Hi frustratedpc,

It looks like Judy has jumped in, so I will stay out of her way - too many cooks spoil the broth ;)
A few notes before I go:
-- You are running Waaaay too many AV & anti-spy apps. I suggest you remove all unnecessary programs as Judy will undoubtedly direct you. You might consider a System Restore back to before you added AVG 8 as well. Then go from there with a fresh set of logs.

-- I only saw a small bit of real malware. However, you do have some nuisance programs that need to be removed. You are in able hands with Judy and I'm sure she'll advise you on how to proceed.

Best Luck :)
PP

The MBA-M worked!
Thank you guys so much for helping me!
=)

Glad to hear it! We are happy to help!
MBA-M is an excellent tool - you ought to hang on to it.

You really should post the both logs, though. Often there are additional baddies that need to be addressed. Plus, we can often see weaknesses in you compy's defenses and advise you on how to address them to avoid future problems.

PP :)