Posts by caperjack

Great to hear you straigntned it out !:)

Also if the computer is hooked to the net,run this free online virus scan,check auto fix before you run it .

http://housecall.trendmicro.com/housecall/start_corp.asp

Don't know what cleaners you have run ,you don't say ,but if you ran these most of whats in the log would be gone.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save …

Ah! computers are so much FUN!:)
The realtek manager you downloaded if its like this one ,with all the drivers for all the OS .maybe just install the winxp drivers !I don't know never heard of realtech manager !!
http://www.softwarepatch.com/utilities/ac97.html

Thanx caperjack, but it's in red in my last post. :) in not so many words though.

oops!! missed that Sorry: :o

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

You could have them fix these 2 rescource hoggs ,not malware ,but a suggested fix

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft
Office\Office\FINDFAST.EXE

O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft
Office\Office\OSA.EXE

Well if the cause is in that log I don't see it ,only thing i can think is maybe it the messenger process service[not msn messenger ] get them yo download and run this to stop it if it running .
http://www.grc.com/stm/shootthemessenger.htm

Like the song says, It was all in fun ,might have been the wisky might have been the Rum!!!!!!might have been the little guy inside!!!
The Viaaagp1.sys =unboard video driver problem !!
http://forums.viaarena.com/messageview.cfm?catid=30&threadid=55703

Your welcome Glad it worked for you .Just in case you check back in ,do the following to help stop it from returning .

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

The Great Buttinskee.!:)

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Just wanted to say that ,boy them Dell computer sure have a lot of Shit running on startup that not necessary,but you list is to long for me to go through ,you can copy and paste any of the .EXES from the 04 entry is the hijackthis log into the search of this site and for most it will tell you if its need at startup .Any you want to stop from starting can be fixed with hijackthis .
http://www.sysinfo.org/startuplist.php

This site is verry well used so sometimes its slow or even inaccessible! good luck

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://look-today.com/searchbar.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://prosearching.com/passthrough...p://www.cnn.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://look-today.com/searchbar.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://look-today.com/searchbar.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://look-today.com/searchbar.html

O2 - BHO: (no name) - {77D642F1-41A9-079F-7896-9D59DF8A7FAE} - C:\PROGRA~1\OnceMore\CITYAIM.dll

O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\questmod-1.dll

O3 - Toolbar: Fast Save Dash - {2B001229-09FA-3616-2BBC-6C23D5AB1310} - C:\PROGRA~1\OnceMore\CITYAIM.dll

O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start

O4 - HKLM\..\Run: [cjaxcf] C:\WINDOWS\cjaxcf.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/176910717a5ef6...ip/RdxIE601.cab

Now reboot into safe mode and delete the following files and folders if found .

C:\Program Files\Support.com\bin\tgkill.exe ....delete file

C:\WINDOWS\cjaxcf.exe...delete file

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode …

You are missing the very top of the log that tell us what OS they are running and what version of hijackthis ,ect ect
and i don't see anythin that would be causin popups .
If the top of the log was there i would know the OS ,what version of windows are they using .

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

Download SPYBOT

After installing Spybot S&D, update …

Your problems probably started when you installed Bear Share

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

O2 - BHO: TEAM NAME PING - {2CB0EC4C-4750-3EB0-26E8-A417B52951FD} - C:\PROGRAM FILES\EQ DOWNLOAD SECOND\JUNK PROC.DLL

O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS\QUESTMOD-1.DLL

O3 - Toolbar: Burn Safe Program - {0BDD997F-4C81-27D5-5A76-7535B038238A} - C:\PROGRAM FILES\EQ DOWNLOAD SECOND\JUNK PROC.DLL

O4 - HKLM\..\Run: [drive idle] C:\PROGRA~1\Idol Bone Seek\TitleFlagDupe.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/24369f021d1a5e...tzip/RdxIE2.cab

Now reboot into safe mode and delete the following files and folders if found .

C:\PROGRA~1\Idol Bone Seek\TitleFlagDupe.exe....delete file and folder

to delete the above files and folder you will need to do the following
go to
Show hidden files & …

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

Download SPYBOT

After installing Spybot S&D, update …

OK ,so after you do the above and any of this left please do the following.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: URLSearch Class - {965A592F-8EFA-4250-8630-7960230792F1} - C:\WINDOWS\System32\cdsm32.dll

R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll

O2 - BHO: Rdr barb - {E2F923C7-2A54-2C19-BF4D-C234DC9E13B3} - C:\PROGRA~1\Cityamen\01 Defy.dll

O3 - Toolbar: type keep knob - {6428DA48-98A9-CF83-37C6-B05F7C5628BB} - C:\PROGRA~1\Cityamen\01 Defy.dll

O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe

O4 - HKLM\..\Run: [WinEssential] C:\WINDOWS\System32\keyword.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common files\WinTools\WToolsA.exe

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\Run: [Proxyford] C:\PROGRA~1\INSIDE~1\Help team bolt.exe

O4 - HKLM\..\Run: [WqA3Z] C:\WINDOWS\bjmoe.exe

O4 - HKCU\..\Run: [7rmwcqdk.exe] C:\WINDOWS\7rmwcqdk.exe /dk

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

…

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

Lets fix this one first First,O10 - Unknown file in Winsock LSP: c:\windows\system32\inetadpt.dll

download LSPfix here: http://www.cexx.org/lspfix.htm
Launch the application, and click the "I know what I'm doing" checkbox.
Check all instances of inetadpt.dll (and nothing else), and move them to the "Remove" pane.
Then click Finish.

Are you sure when you ran ad-aware and sp-bot you click to fix all they founf ,and did you setup ad-aware like this

Setup Ad-Aware !
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

Please run spybot and adaware again making sure you do the updates before you …

Try going to ,tools in IE and click Privacy ,go to edit cookies and put Classmates.com in the list and click, allow

Ah! so you have ,someone just recomended you use a updated cwshredder to fix it

So a move to the security section of this fourm and get some of the programs like ad-aware and spy-bot and hijackthis ,to help remove the Baddies from within is in order maybe!:)

But I read in another tread that I was'nt supposed to post my log. But thanks any way. ????

Yeah ,I know ,but how else can i help fix yor problem if i can't see you log .
Maybe that was in another catagory and not the SECURITY one where logs are to be posted .

I search here for some things . == http://computercops.biz/CLSID.html

There are hijack tutorial around ,like this one i use, http://www.computercops.biz/HijackThis.html

I have a program called hijack helper that is only given to those on certain fourm..
I joined this fourm-- http://forums.spywareinfo.com/ -- to learn and Iam over whelmed with how much there is to learn and new bad stuff every day to keep track of .

I would format and start from scratch .
When you booted to the cd you always had the options to exit and not install anything .You maybe just didn't read it right !:)
If you boot with the cd in and choose to not hit a key it will just boot to the C:\

check this site ,found by searching the net for "how to repair xp"
http://www.webtree.ca/windowsxp/repair_xp.htm

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mysearchnow.com/passthrough/index.html?http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load

O4 - HKLM\..\Run: [vfwheneac] C:\WINDOWS\System32\yocuivt.exe

O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

I can't find anything on this and have never seen it before do you know what it is ,if not fix it
O4 - HKLM\..\Run: [DogHtm] C:\PROGRA~1\INTRAT~1\find browse bore.exe

This one is suggested fix as its a rescource hog .
O4 - Global Startup: Microsoft Office.lnk = C:\Programmer\Microsoft Office\Office10\OSA.EXE

Now reboot into safe mode and delete the following files and folders if found .

C:\WINDOWS\Downloaded Program Files\bridge.dll...delete file

C:\WINDOWS\System32\yocuivt.exe.......delete file

C:\Program Files\WindowsSA\.delete folder

If you don't know this delete file???
C:\PROGRA~1\INTRAT~1\find browse bore.exe.....delete file????? ,

to delete the above files and folder you will need to do the following
go to
Show hidden files & folders

"Fix Checked"...Reboot to SAFE mode to delete files
How to start computer in safe mode

Have you checked out the thread at the top of this forum that says

DO NOT POST ABOUT BRIDGE.DLL BEFORE READING THIS

?

Not all bridge.dll problems are fixed by that site you are directing people to .as not all logs are the same ,

the bad ones in this posters log are
O4 - HKLM\..\Run: [vfwheneac] C:\WINDOWS\System32\yocuivt.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
and not c:\system32\A.exe

I don't see anything maybe Crunchie will stop and have a look

The exe for those programs will be found in the C:\windows folder .
I don't know why they are not sowing in Accessories.

This might help ,with the winxp cd in the cdrom ,go to start/run and type in,
SFC /SCANNOW , not the space between SFC and the /

What about a system restore back to before the problem started !

So,by accident you just kept say yes ,everytime it asked to format and create a new partition and install windows in said partition ,and so on and so on.

Some were along the line it stoped being an accident and became intentional.You could have just said NO!")

When you boot to the winxp cd it askes you if you want to run the repair by hitting, Rand you follow instructions from there ,by typing in commands ,that you can find by typing, HELP

Spywareblaster,is preventive not repair program !
check How i got infected in my signature and use all 3 program, along with a good anti viri program and you could be problem free for mont's like I have .
Good Luck

The answer is obvious ,uninstall AOL!:)me no like it !!

Go here and get Firefox 0.9.1,and enjoy the net .
WWW.mozilla.org
also you could go the the Serurity section here and get help with IE ,download hijackthis and post a log in the security fourm .
Download 'Hijack This!'.HERE

Unzip (extract) it to a folder of its own.Like c:\HJT\hijackthis.exe , Then Doubleclick HijackThis.exe (in the new folder), and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, then Ctrl-A to Select All, and copy its contents here. for hijackthis,most of what it lists will be harmless or even essential, don't fix anything yet.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

Download SPYBOT

After installing Spybot S&D, update …

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Unzip HijackThis into this folder. When you run HijackThis from this folder and have it "Fixed checked" it will create a backup file of modifications to use if restore is necessary.

first you should have posted this in you original thread to carry on ,instead of creating a new one and making us go look for the orignal.!:)

I suggest running ad-aware again ,but make sure you set it up in this way !

Setup Ad-Aware !
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

Reboot and post a fresh log

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware !
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed

try searching this in google --- sp.html#96676

check you computer ports here to seehow secure it is ..in
https://www.grc.com/x/ne.dll?bh0bkyd2

Don't see what might be causing you problems ,just wondering were you get the room for all the extra buttons and tools !:)
O9 - Extra 'Tools' menuitem: Consola de Sun Java (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-33@1033,ABF Internet Explorer Tools Options (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-31@1033,ABF Internet Explorer Tools Options... (HKLM)
O9 - Extra button: Fill Forms (HKLM)
O9 - Extra 'Tools' menuitem: Fill Forms &] (HKLM)
O9 - Extra button: Save (HKLM)
O9 - Extra 'Tools' menuitem: Save Forms &[ (HKLM)
O9 - Extra 'Tools' menuitem: &Document Tree (HKLM)
O9 - Extra button: RoboForm (HKLM)
O9 - Extra 'Tools' menuitem: RF Toolbar &2 (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-200@1033,Save all images (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-43@1033,About ABF Internet Explorer Tools (HKLM)
O9 - Extra 'Tools' menuitem: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-41@1033,About ABF Internet Explorer Tools... (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-20@1033,Magnifier (HKLM)
O9 - Extra button: Selected Links (HKLM)
O9 - Extra 'Tools' menuitem: Selected Links (HKLM)
O9 - Extra button: Flash Hunter (HKLM)
O9 - Extra 'Tools' menuitem: &Flash Hunter (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-300@1033,Refresh (ignore cache) (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-10@1033,Page browser (HKLM)
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone (HKLM)
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-400@1033,Block pop-ups (HKLM)
O9 - Extra button: @C:\ARCHIV~1\ABFINT~1\ABFIET~1.DLL,-100@1033,Refresh images (HKLM)
O9 - Extra …

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

And this do you know what it is as i can't find any info on it ,if you don't know what it is fix and uninstall it .
O4 - HKLM\..\Run: [bits amen] C:\PROGRA~1\campcompscr\antilogo.exe

reboot and post a fresh log ,thanks

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

reboot computer and post a new log

Also a trip to windows updates is needed for critical updates and SP1's
WINDOWS UPDATES

After you get it all fixed and things are working good ,Download and install these two programs to help stop Spyware .

Spywareblaster

SpywareGuard

Keep Up-to-Date!
The most important key to maintaining a secure computer is keeping your protection up-to-date.

also check how i got infected in the first place .

http://www.computercops.biz/postlite7736-.html

If any of this remains after CWSHredder pleas do the following .

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

NOTE: Please copy and paste this post into notepad and save to you desktop. or print a copy of these instructions because you will be working with all windows closed except HijackThis.

-------------------------
- R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.the-exit.com/search

- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.cc/search.php?v=6&aff=2708831

- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.cc/index.php?v=6&aff=2708831

- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://best-search.cc/index.php?v=6&aff=2708831

- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.the-exit.com

- R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.the-exit.com/search

- R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.the-exit.com/search

- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.the-exit.com

- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com

- R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.the-exit.com

- R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.the-exit.com/search

R3 - URLSearchHook: (no name) - _{A045DC85-FC44-45be-8A50-E4F9C62C9A84} - (no file)

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL

O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\NEM214.DLL

O2 - BHO: (no name) - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\WSEM217.DLL

…

You Have A Variant of the CoolWebSearch Trojan.

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run swshredder

How to start computer in safe mode

ARG! The other forum won't let me login bc I use Yahoo as a mail account and they don't accept free accounts. >:( Darnit.

I have a shitty legit email address that i use for fourms just like that ,i will signin anf let you know the password ,hangin there while i sign in a little later on .

I'm still having problems with Internet Explorer resetting my home page to the "about:blank" search pagee. I get it to go away for a day or so then it comes back. When I run HijackThis, there is a different dll under O2-BHOl that shows up every time. Is there supposed to be one there or are all of these bad? What can I do to get rid of this once and for all? Would it help to uninstall Internet Explorer and redownload it? I'm guessing not since my registry is probably messed up, but I'll try anything at this point.

Also, my hard drive pretty much runs all the time and I am constantly getting a "Virtual memory minimum set too low" error message. This wasn't happening before so I am assuming it's related.

Any help would be appreciated.

Hi,I run into problems helping with this one ,Im still learning and don't really have time anymore to get right into it ,this link will show you what they are doing for some on the fourm where i get help with logs ,
'
http://forums.spywareinfo.com/index.php?showtopic=9134

No it is not evil!1I only know that because the people in the know ,who created spybot and run the board where i Learned to read hijackthis logs ,Tell me its ok to just let spy-bot ignore it !