Will Hummel

Members
  • Content Count

    18
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Will Hummel

  • Rank
    Member
  1. Yeah I removed them. I kept AVG AntiSpyware 7.5, Ad-Adware, Windows Defender, and HijackThis. Thanks again for all your help. I'll make sure to be more safer this time around! Also I wish you and your family a merry Christmas as well! Happy holidays!
  2. Thanks. My dad looked at that and just decided to get a different Firewall instead of messing with the computer anymore lol. Thanks for all your help and I wish you a very Merry Christmas and happy holidays! So I can now safely remove VirtumundoBeGone, Smitfraudfix, Panda's ActiveScan from my computer correct? Thanks again so much man. I really do appreciate everything.
  3. Yes that is the error we have. Also you are saying keep AVG AntiSpyware 7.5, so I will do that. However I can remove the rest of the programs you had me install correct? SmitfraudFix? VirtumundoBeGone? Panda ActiveScan?
  4. Hey, HJThis Yeah I was thinking of getting the free ZoneAlarm one. My dad really doesn't want to get one that costs money right now. Also can I remove those programs you had me install? SmitfraudFix? VirtumundoBeGone? AVG Anti-Spyware 7.5? Panda ActiveScan? I'll keep HijackThis I guess. But can those other ones be unistalled now? We also have Ad-Adware the latest edition and Windows Defender.
  5. Thanks man! We seem to be doing just fine. I've not noticed any pop ups at all or any redirecting websites. Now my dad has a question for you. Alright my dad had a question about the Windows Firewall. A couple of months ago we could not turn on our Windows Firewall. We tried to turn it on manually but we kept being told that the Windows Firewall could not be accessed due to an indenitified problem. However during the time we were returned on the system restore a window popped up saying the Windows Firewall was enabled. Now what do you think caused this and how can we turn on the firewall. Also what freeware firewall do you suggest? Thanks again! Merry Christmas!
  6. Logfile of HijackThis v1.99.1 Scan saved at 12:29:17 PM, on 12/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\William\Desktop\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152117739035 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152117691397 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Thanks again! I look forward to your reply!!!
  7. Alright I followed all the steps you gave me and read the article you showed me, now here is some feedback. I made the files unhidden and ran HijackThis. It found those three things and removed all three of those. Then we rebooted the computer into safe mode. However, we didn't find those things you listed. C:/WINDOWS/system32/blcdaevi.dll C:/WINDOWS/system32/geecd.dll C:/WINDOWS/system32/fcyww.dll We then rebooted and deleted the old system restore and created a new one just like you mentioned. Then we cleaned out my temporary Internet files, my cookies, my offline content, history, and then went and Reset the Web Settings. We also logged onto everyone's account and deleted all their saved passwords, cookies, cache, browsing history, search form information as well. We then also went and made Internet Explorer safer by following the steps you gave me on everyone's account. Here is a fresh HijackThis file.
  8. Haha, I got it, lol! Thanks again man you rock! Here is the log for VirtumundoBeGone! [12/23/2006, 10:30:16] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\William\Desktop\VirtumundoBeGone.exe" ) [12/23/2006, 10:30:23] - Detected System Information: [12/23/2006, 10:30:23] - Windows Version: 5.1.2600, Service Pack 2 [12/23/2006, 10:30:23] - Current Username: William (Admin) [12/23/2006, 10:30:23] - Windows is in SAFE mode with Networking. [12/23/2006, 10:30:23] - Searching for Browser Helper Objects: [12/23/2006, 10:30:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [12/23/2006, 10:30:23] - BHO 2: {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} () [12/23/2006, 10:30:23] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/23/2006, 10:30:23] - Checking for HKLM\...\Winlogon\Notify\blcdaevi [12/23/2006, 10:30:24] - Key not found: HKLM\...\Winlogon\Notify\blcdaevi, continuing. [12/23/2006, 10:30:24] - BHO 3: {948F9771-67D8-46D7-B032-833FF87DA864} () [12/23/2006, 10:30:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/23/2006, 10:30:24] - Checking for HKLM\...\Winlogon\Notify\fcyww [12/23/2006, 10:30:24] - Key not found: HKLM\...\Winlogon\Notify\fcyww, continuing. [12/23/2006, 10:30:24] - BHO 4: {98C2962E-495B-49EC-B08B-E7D15A27A983} () [12/23/2006, 10:30:24] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/23/2006, 10:30:24] - Checking for HKLM\...\Winlogon\Notify\geecd [12/23/2006, 10:30:24] - Key not found: HKLM\...\Winlogon\Notify\geecd, continuing. [12/23/2006, 10:30:24] - Finished Searching Browser Helper Objects [12/23/2006, 10:30:24] - Finishing up... [12/23/2006, 10:30:24] - Nothing found! Exiting... [12/23/2006, 10:31:23] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\William\Desktop\VirtumundoBeGone.exe" ) [12/23/2006, 10:31:32] - Detected System Information: [12/23/2006, 10:31:32] - Windows Version: 5.1.2600, Service Pack 2 [12/23/2006, 10:31:32] - Current Username: William (Admin) [12/23/2006, 10:31:32] - Windows is in SAFE mode with Networking. [12/23/2006, 10:31:32] - Searching for Browser Helper Objects: [12/23/2006, 10:31:33] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class) [12/23/2006, 10:31:33] - BHO 2: {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} () [12/23/2006, 10:31:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/23/2006, 10:31:33] - Checking for HKLM\...\Winlogon\Notify\blcdaevi [12/23/2006, 10:31:33] - Key not found: HKLM\...\Winlogon\Notify\blcdaevi, continuing. [12/23/2006, 10:31:33] - BHO 3: {948F9771-67D8-46D7-B032-833FF87DA864} () [12/23/2006, 10:31:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/23/2006, 10:31:33] - Checking for HKLM\...\Winlogon\Notify\fcyww [12/23/2006, 10:31:33] - Key not found: HKLM\...\Winlogon\Notify\fcyww, continuing. [12/23/2006, 10:31:33] - BHO 4: {98C2962E-495B-49EC-B08B-E7D15A27A983} () [12/23/2006, 10:31:33] - WARNING: BHO has no default name. Checking for Winlogon reference. [12/23/2006, 10:31:33] - Checking for HKLM\...\Winlogon\Notify\geecd [12/23/2006, 10:31:33] - Key not found: HKLM\...\Winlogon\Notify\geecd, continuing. [12/23/2006, 10:31:33] - Finished Searching Browser Helper Objects [12/23/2006, 10:31:33] - Finishing up... [12/23/2006, 10:31:33] - Nothing found! Exiting... Thanks again!!!!
  9. First off thanks again HJThis!!! I really mean it, your help really means a lot to me. I did the steps and have one question before I post up the HijackThis log and the VirtumundoBeGone log. I noticed in Notepad that the File, Edit, View, Tools, etc were all highlighted in blocks of white? I was wondering if you know why that is? In Mozilla Firefox everything is just fine. Here are your logs. Logfile of HijackThis v1.99.1 Scan saved at 10:35:13 AM, on 12/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\Brmfrmps.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\Documents and Settings\William\Desktop\HijackThis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\blcdaevi.dll (file missing) O2 - BHO: (no name) - {948F9771-67D8-46D7-B032-833FF87DA864} - C:\WINDOWS\system32\fcyww.dll (file missing) O2 - BHO: (no name) - {98C2962E-495B-49EC-B08B-E7D15A27A983} - C:\WINDOWS\system32\geecd.dll (file missing) O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152117739035 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152117691397 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  10. Hey, In the first step COM+ Messages was alright stopped it said so I simply clicked disable at startup and applied it. Is that alright? Then we found everything and removed everything except for this 023 - Service: COM+ Messages - Unknown owner - C:/Windows/system32/svchosts.exe" -e However when we ran the miscellaneous tools section' it found it and we deleted it. Thanks again for all the help I really appreicate it! Now I am on VirtumondoBegone will post logs shortly!
  11. One more thing, I've noticed that people have been told to remove IpWins from their computer and was wondering if I should do the same since it is in the control panel, add or remove programs IpWins shows up in there but it doesn't seem to be installed should I remove it?
  12. And finally the HijackThis log. Logfile of HijackThis v1.99.1 Scan saved at 9:30:22 PM, on 12/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\brsvc01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\brss01a.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\ControlCenter2\brctrcen.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\William\Desktop\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\blcdaevi.dll (file missing) O2 - BHO: (no name) - {948F9771-67D8-46D7-B032-833FF87DA864} - C:\WINDOWS\system32\fcyww.dll (file missing) O2 - BHO: (no name) - {98C2962E-495B-49EC-B08B-E7D15A27A983} - C:\WINDOWS\system32\geecd.dll (file missing) O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file) O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [setDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.2\SetHook.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Rcio] "C:\DOCUME~1\William\APPLIC~1\CROSOF~1.NET\cmd.exe" -vt ndrv O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152117739035 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152117691397 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Thanks for all your help so far! I look forward to your reply!!!
  13. Now here is the Panda Scan log. Incident Status Location Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ubyoelxw.default\cookies.txt[.2o7.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ubyoelxw.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ubyoelxw.default\cookies.txt[citi.bridgetrack.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ubyoelxw.default\cookies.txt[.advertising.com/] Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ubyoelxw.default\cookies.txt[data.coremetrics.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\ubyoelxw.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\790j6jgk.default\cookies.txt[.2o7.net/] Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\790j6jgk.default\cookies.txt[citi.bridgetrack.com/] Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\790j6jgk.default\cookies.txt[data.coremetrics.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\790j6jgk.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jeannie\Application Data\Mozilla\Firefox\Profiles\790j6jgk.default\cookies.txt[.advertising.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\eehh0joy.default\cookies.txt[.2o7.net/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\eehh0joy.default\cookies.txt[.hitbox.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\eehh0joy.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\eehh0joy.default\cookies.txt[citi.bridgetrack.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\eehh0joy.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\eehh0joy.default\cookies.txt[.advertising.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\eehh0joy.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\l87tpzcg.default\cookies.txt[.toplist.cz/] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\William\Desktop\SmitfraudFix\SmitfraudFix\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\William\Desktop\SmitfraudFix.zip[smitfraudFix/Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\William\Local Settings\Application Data\Mozilla\Firefox\Profiles\l87tpzcg.default\Cache\633285D9d01[smitfraudFix/Process.exe] Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\deuibfoo.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\lqdakise.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\wvsokien.exe Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\wxwtkcuo.exe
  14. Next here is the AVG Anti-Spyware log. --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 7:28:45 PM 12/22/2006 + Scan result: C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP283\A0018431.exe -> Adware.AntiVermins : Cleaned with backup (quarantined). HKU\S-1-5-21-2000478354-2111687655-1343024091-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4D74AAA-A178-4463-846B-B4BC87A024E0} -> Adware.Generic : Cleaned with backup (quarantined). C:\Program Files\ipwins\ipwins.exe -> Adware.Maxifiles : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP288\A0018710.exe -> Adware.Maxifiles : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP293\A0018809.exe -> Adware.Maxifiles : Cleaned with backup (quarantined). C:\Documents and Settings\William\Desktop\OiUninstaller.exe -> Adware.MediaTickets : Cleaned with backup (quarantined). C:\Documents and Settings\William\Local Settings\Application Data\Mozilla\Firefox\Profiles\l87tpzcg.default\Cache\92941175d01 -> Adware.MediaTickets : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP283\A0018426.dll -> Adware.PurityScan : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP296\A0019142.dll -> Adware.PurityScan : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP299\A0019395.dll -> Adware.PurityScan : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-18\Dc1\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined). C:\RECYCLER\S-1-5-18\Dc1\system.dll -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP283\A0018461.dll -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP283\A0018462.exe -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP293\A0018844.dll -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP293\A0018845.exe -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP295\A0018883.dll -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP295\A0018884.exe -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP295\A0018896.exe -> Adware.Softomate : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP295\A0018881.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP288\A0018711.exe -> Downloader.Small.buy : Cleaned with backup (quarantined). C:\Program Files\ipwins\Services.dll -> Downloader.Small.ece : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP293\A0018810.dll -> Downloader.Small.ece : Cleaned with backup (quarantined). C:\Program Files\ipwins\Uninst.exe -> Dropper.DollarR.b : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP296\A0019042.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP296\A0019043.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : Cleaned with backup (quarantined). :mozilla.25:C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\l87tpzcg.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.56:C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\l87tpzcg.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\William\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned. :mozilla.74:C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\l87tpzcg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.75:C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\l87tpzcg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.76:C:\Documents and Settings\William\Application Data\Mozilla\Firefox\Profiles\l87tpzcg.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP283\A0018459.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP296\A0019144.exe -> Trojan.Small : Cleaned with backup (quarantined). C:\System Volume Information\_restore{697AEFAD-7ED8-4788-9D9E-82267739744E}\RP299\A0019398.exe -> Trojan.Small : Cleaned with backup (quarantined). ::Report end
  15. Alright thanks very much! I ran everything just like you told me and here are all the logs. First I will start with the SmitfraudFix log. SmitFraudFix v2.131 Scan done at 18:54:00.23, Fri 12/22/2006 Run from C:\Documents and Settings\William\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{fe288882-f661-4522-88f3-20cfb7866fa4}"="gutturalness" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\system32\cvnzie.dll Deleted C:\WINDOWS\system32\ot.ico Deleted C:\WINDOWS\system32\ts.ico Deleted C:\WINDOWS\system32\components\flx?.dll Deleted »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End