17 replies to this topic

[Sockdown]

I've been trying to fix a friend's computer. I used the Malware guide to do as much as I could, but I think there's still work to be done. I couldn't use the Online Scanners cause IE is *@&*$ up. I used Anti-Vir Classic. Here are the logs:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/13/2007 at 01:16 AM

Application Version : 3.9.1008

Core Rules Database Version : 3284
Trace Rules Database Version: 1295

Scan type : Complete Scan
Total Scan Time : 02:13:14

Memory items scanned : 427
Memory threats detected : 0
Registry items scanned : 6058
Registry threats detected : 48
File items scanned : 42822
File threats detected : 14

Adware.Starware
HKLM\Software\Classes\CLSID\{1962c5bc-e475-465b-823b-133e711bceb9}
HKCR\CLSID\{1962C5BC-E475-465B-823B-133E711BCEB9}
HKCR\CLSID\{1962C5BC-E475-465B-823B-133E711BCEB9}
HKCR\CLSID\{1962C5BC-E475-465B-823B-133E711BCEB9}\InprocServer32
HKCR\CLSID\{1962C5BC-E475-465B-823B-133E711BCEB9}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\STARWARE343\BIN\STARWARE343.DLL
HKLM\Software\Classes\CLSID\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}
HKCR\CLSID\{5F90C0E3-4C0A-4D54-A8AC-5AFE6163A99E}
HKCR\CLSID\{5F90C0E3-4C0A-4D54-A8AC-5AFE6163A99E}
HKCR\CLSID\{5F90C0E3-4C0A-4D54-A8AC-5AFE6163A99E}\InprocServer32
HKCR\CLSID\{5F90C0E3-4C0A-4D54-A8AC-5AFE6163A99E}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{ab3dfa03-f743-4302-81dd-c370bffeca23}
HKCR\CLSID\{AB3DFA03-F743-4302-81DD-C370BFFECA23}
HKCR\CLSID\{AB3DFA03-F743-4302-81DD-C370BFFECA23}
HKCR\CLSID\{AB3DFA03-F743-4302-81DD-C370BFFECA23}\Implemented Categories
HKCR\CLSID\{AB3DFA03-F743-4302-81DD-C370BFFECA23}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{AB3DFA03-F743-4302-81DD-C370BFFECA23}\InprocServer32
HKCR\CLSID\{AB3DFA03-F743-4302-81DD-C370BFFECA23}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{e550dc77-ef3b-474f-b59c-b3e2aa1fa6a5}
HKCR\CLSID\{E550DC77-EF3B-474F-B59C-B3E2AA1FA6A5}
HKCR\CLSID\{E550DC77-EF3B-474F-B59C-B3E2AA1FA6A5}
HKCR\CLSID\{E550DC77-EF3B-474F-B59C-B3E2AA1FA6A5}\Implemented Categories
HKCR\CLSID\{E550DC77-EF3B-474F-B59C-B3E2AA1FA6A5}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKCR\CLSID\{E550DC77-EF3B-474F-B59C-B3E2AA1FA6A5}\InprocServer32
HKCR\CLSID\{E550DC77-EF3B-474F-B59C-B3E2AA1FA6A5}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{1962c5bc-e475-465b-823b-133e711bceb9}
C:\SYSTEM VOLUME INFORMATION\_RESTORE{5D423018-0510-4B14-A810-F8CF8514EA21}\RP520\A0136742.EXE

Adware.Lop
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2CCB0F52-4B06-7E49-0607-AAA34D190F95}
HKCR\CLSID\{2CCB0F52-4B06-7E49-0607-AAA34D190F95}
HKCR\CLSID\{2CCB0F52-4B06-7E49-0607-AAA34D190F95}#D28A09D3
HKCR\CLSID\{2CCB0F52-4B06-7E49-0607-AAA34D190F95}\InprocServer32
HKCR\CLSID\{2CCB0F52-4B06-7E49-0607-AAA34D190F95}\InprocServer32#ThreadingModel
C:\DOCUME~1\BUTTERFLY\APPLIC~1\SOFTIS~1\ABOUTLESS.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LINK NEW INSIDE DUMB\RULETHAT.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LINK NEW INSIDE DUMB\PHONE MULTI.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LINK NEW INSIDE DUMB\DRV TIME.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LINK NEW INSIDE DUMB\BOLD KEEP.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LINK NEW INSIDE DUMB\PROXYCREATIVE.EXE
C:\DOCUMENTS AND SETTINGS\BUTTERFLY\APPLICATION DATA\BBTONS\QAFKASFX.EXE
C:\DOCUMENTS AND SETTINGS\BUTTERFLY\APPLICATION DATA\BBTONS\UBMSXSTZ.EXE
C:\DOCUMENTS AND SETTINGS\BUTTERFLY\APPLICATION DATA\BBTONS\VQPMQIFO.EXE
C:\DOCUMENTS AND SETTINGS\BUTTERFLY\APPLICATION DATA\BBTONS\FGOHSMHI.EXE
C:\DOCUMENTS AND SETTINGS\BUTTERFLY\APPLICATION DATA\BBTONS\ELZVCQWA.EXE

Registry Cleaner Trial
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [
]

Trojan.Spyware Stormer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}#SystemComponent
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}#Installer
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\Contains
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\Contains\Files
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\Contains\Files#C:\WINDOWS\Downloaded Program Files\Install.dll
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\DownloadInformation
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\DownloadInformation#CODEBASE
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\DownloadInformation#INF
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\InstalledVersion
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\InstalledVersion#LastModified

Adware.Tracking Cookie
C:\WINDOWS\system32\config\systemprofile\Cookies\system@mywebsearch[1].txt



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:25:38 AM 8/13/2007

+ Scan result:



C:\Program Files\Starware343\Starware343Uninstall.exe -> Adware.Comet : Ignored.
C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP557\A0138404.dll -> Adware.SpywareStorm : Ignored.
:mozilla.34:C:\Documents and Settings\BUTTERFLY\Application Data\Mozilla\Firefox\Profiles\8649d8zw.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.50:C:\Documents and Settings\BUTTERFLY\Application Data\Mozilla\Firefox\Profiles\8649d8zw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.51:C:\Documents and Settings\BUTTERFLY\Application Data\Mozilla\Firefox\Profiles\8649d8zw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.52:C:\Documents and Settings\BUTTERFLY\Application Data\Mozilla\Firefox\Profiles\8649d8zw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.53:C:\Documents and Settings\BUTTERFLY\Application Data\Mozilla\Firefox\Profiles\8649d8zw.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.6:C:\Documents and Settings\BUTTERFLY\Application Data\Mozilla\Firefox\Profiles\8649d8zw.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.


::Report end

------------------------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:15:50 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe -startup
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [idollive] C:\DOCUME~1\BUTTERFLY\APPLIC~1\BBTON~1\extra this default.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html...49YYPR_ZSzeb029
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.c...tacceptlang.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 9898 bytes
===========================

I saw the eAcceleration entries and the one with the weird name default... .exe that I think need to be remove. The Station.exe is running and a message appears when the computer is started that says: "Missing Components" title and a weird icon. Anyway, you guys are the experts
I downloaded Smitfraud just in case I need it. Also, just a question, the AntiVir icon on the tray is not appearing. Any clues?

Thanx in advance for your help guys.

[AndyManchesta]

Hi Sockdown,

Regarding station.exe, it belongs to Stop-Sign, its not a rogue program but its not recommended either so its really up to the owner of the pc if they want to keep it, if they have payed for the program then its up to them if they trust the developer and wish to keep it installed, if they havent payed for it then Id suggest it be removed from the system using the Add/Remove screen (Start > Control Panel > Add or Remove Programs) , more info here

http://www.spywarewa...are.htm#ss_note

For the 'extra this default.exe' thats Adware.LOP, its installed with Messenger Plus if the user accepts to include the sponsor when installing it as well as other bundled software, Id suggest removing Messenger Plus from the Add/Remove screen and also enabling the option to remove the Sponsor when its removed and it should take LOP with it,

http://inetexplorer....rg/data/lop.htm

Run a couple of malware scans and post back the logs as it will make it easier to see how infected the system is

Please download WebRoot SpySweeper from HERE (It's a 14 day trial):

• Click the Download now link on the right to download the program.
  
• Double-click the file to install it as follows:

• Click "Next", read the agreement, Click "Next"
  
• Choose "Custom" click "Next".
  
• Leave the default installation directory as it is, then click "Next".
  
• UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  
• On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  
• Finally, click "Install"

• Once the program is installed, it will open.
  
• It will prompt you to update to the latest definitions, click Yes.
  
• Once the definitions are installed, disconnect from the internet.
  
• Click Options on the left side.
  
• Click the Sweep Options tab.
  
• Under What to Sweep please put a check next to the following:
  
• Sweep Memory
  
• Sweep Registry
  
• Sweep Cookies
  
• Sweep All User Accounts
  
• Enable Direct Disk Sweeping
  
• Sweep Contents of Compressed Files
  
• Sweep for Rootkits
  
• Please UNCHECK Do not Sweep System Restore Folder.

• Click Sweep Now on the left side.
  
• Click the Start button.
  
• When it's done scanning, click the Next button.
  
• Make sure everything has a check next to it, then click the Next button.
  
• It will remove all of the items found.
  
• Click Session Log in the upper right corner, copy everything in that window.
  
• Click the Summary tab and click Finish.
  
• Paste the contents of the session log you copied into your next reply.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/...rweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, we need to change the default settings. On the Menu Bar at the top, Go to Options>Change Settings.
  
• Click on the Actions tab, Using the drop down menus, change each item under Objects and Malware to Report then click Apply and OK
  
• Next, mark the drives that you want to scan.
  
• Select all drives. A red dot shows which drives have been chosen.
  
• Click the green arrow at the right, and the scan will start.
  
• Click 'No to all' if it asks if you want to cure/move the file.
  
• When the scan has finished, in the menu, click file and choose save report list
  
• Save the report to your desktop. The report will be called DrWeb.csv
  
• Close Dr.Web Cureit.
  
• post the contents of the log from Dr.Web you saved previously in your next reply.

Finally generate a report of the Add/Remove screen entries:
Open Hijackthis, and click the Misc Tools button.
Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.

Please then post back the SpySweeper log, Dr.Web log, Uninstall list and a new HijackThis log

Let us know if you have any problems

Cheers

Andy

[Sockdown]

Sorry for the delay. I'm on a Celeron and Dial-up computer. I unistalled MSN Plus, it said that the sponsor was removed, but I still see the default.exe program. About eAcceleration, I don't see the unistaller. Here are the Spy Sweeper, Dr.Web, Unistall and HJT logs:

1:07 AM: Removal process completed. Elapsed time 00:00:13
1:07 AM: Quarantining All Traces: 66.220.17 cookie
1:07 AM: Removal process initiated
1:06 AM: Traces Found: 1
1:06 AM: Custom Sweep has completed. Elapsed time 05:10:47
1:06 AM: File Sweep Complete, Elapsed Time: 05:01:54
12:48 AM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
12:04 AM: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
10:42 PM: ApplicationMinimized - EXIT
10:42 PM: ApplicationMinimized - ENTER
10:33 PM: ApplicationMinimized - EXIT
10:33 PM: ApplicationMinimized - ENTER
10:32 PM: ApplicationMinimized - EXIT
10:32 PM: ApplicationMinimized - ENTER
10:07 PM: ApplicationMinimized - EXIT
10:07 PM: ApplicationMinimized - ENTER
10:04 PM: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
9:10 PM: ApplicationMinimized - EXIT
9:10 PM: ApplicationMinimized - ENTER
8:50 PM: ApplicationMinimized - EXIT
8:50 PM: ApplicationMinimized - ENTER
8:39 PM: ApplicationMinimized - EXIT
8:39 PM: ApplicationMinimized - ENTER
8:36 PM: ApplicationMinimized - EXIT
8:36 PM: ApplicationMinimized - ENTER
8:04 PM: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
8:04 PM: Starting File Sweep
8:04 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
8:04 PM: C:\Documents and Settings\BUTTERFLY\Application Data\Mozilla\Firefox\Profiles\8649d8zw.default\cookies.txt (ID = 1991)
8:04 PM: Found Spy Cookie: 66.220.17 cookie
8:04 PM: Starting Cookie Sweep
8:04 PM: Registry Sweep Complete, Elapsed Time:00:01:14
8:03 PM: Starting Registry Sweep
8:03 PM: Memory Sweep Complete, Elapsed Time: 00:07:29
7:55 PM: Starting Memory Sweep
7:55 PM: Start Custom Sweep
7:55 PM: Sweep initiated using definitions version 967
7:55 PM: None
7:55 PM: Traces Found: 0
7:55 PM: Memory Sweep Complete, Elapsed Time: 00:00:23
7:55 PM: Sweep Canceled
7:54 PM: Starting Memory Sweep
7:54 PM: Start Custom Sweep
7:54 PM: Sweep initiated using definitions version 967
7:51 PM: Your spyware definitions have been updated.
7:48 PM: ApplicationMinimized - EXIT
7:48 PM: ApplicationMinimized - ENTER
7:45 PM: ApplicationMinimized - EXIT
7:45 PM: ApplicationMinimized - ENTER
7:44 PM: ApplicationMinimized - EXIT
7:44 PM: ApplicationMinimized - ENTER
7:43 PM: ApplicationMinimized - EXIT
7:43 PM: ApplicationMinimized - ENTER
7:38 PM: ApplicationMinimized - EXIT
7:38 PM: ApplicationMinimized - ENTER
Keylogger: Off
E-mail Attachment: On
7:35 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
7:35 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
7:35 PM: Shield States
7:35 PM: License Check Status (0): Success
7:35 PM: Spyware Definitions: 906
7:34 PM: Warning: SpySweeper installation is damaged, please re-install the product.
7:34 PM: Warning: SpySweeper installation is damaged, please re-install the product.
7:34 PM: Warning: SpySweeper installation is damaged, please re-install the product.
7:34 PM: Spy Sweeper 5.5.7.48 started
7:34 PM: Spy Sweeper 5.5.7.48 started
7:34 PM: | Start of Session, Monday, August 13, 2007 |
***************



riched20.dll;C:\Program Files\MSN Messenger;Adware.Msearch;;
A0137856.scr;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP550;Adware.Msearch;;
A0138398.scr;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP557;Adware.Msearch;;
A0138404.dll;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP557;Adware.SpywareStorm;;
A0140224.EXE;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP564;Trojan.Swizzor;;
A0140225.exe;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP564;Trojan.Swizzor;;
A0140226.exe;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP564;Trojan.Swizzor;;
A0140227.exe;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP564;Trojan.Swizzor;;
A0140228.exe;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP564;Trojan.Swizzor;;
A0140229.EXE;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP564;Trojan.Swizzor;;
A0140230.EXE;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP564;Trojan.Swizzor;;
A0140231.EXE;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP564;Trojan.Swizzor;;
A0140232.EXE;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP564;Trojan.Swizzor;;
A0140233.EXE;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP564;Trojan.Swizzor;;
A0140325.exe;C:\System Volume Information\_restore{5D423018-0510-4B14-A810-F8CF8514EA21}\RP564;Trojan.LopAd;;
***************


Acer Notebook Manager
acer screen saver
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8 - Español
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Agere Systems AC'97 Modem
AutoCAD 2006 - English
Autodesk DWF Viewer
AVG Anti-Spyware 7.5
Avira AntiVir PersonalEdition Classic
CCleaner (remove only)
Corel WordPerfect Suite 8
Encarta Encyclopedia 99
Enciclopedia Microsoft Encarta 99
Google Earth
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Memories Disc
hp officejet 7100 series
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Photo Printing Software
HP Share-to-Web
Intel RSX 3D
Intel® Extreme Graphics Driver
JD Secure 3.1
Launch Manager V1.0.5.0
Lexmark Photo Center
Lexmark Z700-P700 Series
Lexmark Z700-P700 Series Photo Card Reader
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Plus! for Windows XP
Microsoft Windows Journal Viewer
Mozilla Firefox (2.0.0.4)
Mozilla Firefox (2.0.0.6)
MSN Gaming Zone
MSXML 4.0 SP2 (KB927978)
Nero - Burning Rom
NTI CD & DVD-Maker 6.5 Gold
PowerDVD
QuickTime
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
SimTown
Spy Sweeper
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Sunbelt Personal Firewall
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinZip
Yahoo! Toolbar
***************


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:09:00 AM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe" -startup
O4 - HKLM\..\Run: [CamMonitor] "C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [idollive] C:\DOCUME~1\BUTTERFLY\APPLIC~1\BOREBO~1\extra this default.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html...49YYPR_ZSzeb029
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.c...tacceptlang.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9966 bytes

[AndyManchesta]

Thanks Sockdown

You can remove Spy Sweeper from the Add/Remove screen now its been used as its only a 2 week trial, you could keep it until it expires if you wanted to then uninstall it but as you already have SuperAntispy, AVG Antispy and Spybot its not really needed, it was just worth using to make sure there wasnt additional problems on the PC.

Run HijackThis and choose Do A System Scan then place a check next to these entries

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] "Rundll32.exe" "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKCU\..\Run: [idollive] C:\DOCUME~1\BUTTERFLY\APPLIC~1\BOREBO~1\extra this default.exe

Close all open browser and other windows except for HijackThis and press the Fix Checked button

Next delete these files/folders:

C:\Program Files\Acceleration Software <-- Folder
C:\Program Files\eAcceleration <-- Folder
C:\Program Files\MSN Messenger\riched20.dll <-- File

You can also delete the Dr.Web Cure-It file you downloaded as its not needed now


Download Deljob.exe and save it on your desktop.
Doubleclick Deljob.exe and follow any on-screen prompts. A log, (logit.txt) should open after its finished and also save to your desktop. Post the contents of the logfile in your next reply with a new HijackThis log

Let us know if you have any problems

Thanks

[Sockdown]

I tried to delete the Acceleration Software folder,but I couldn't. It said Access Denied. I deleted the 2. Here is the DelJob log and the new HJT log.

--------------------------------------------------------
File(s) moved to C:\deljob

A4C1CF3C918A4CC8.job
--------------------------------------------------------
Files remaining after cleaning

Norton AntiVirus - Scan my computer.job
HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1093651906.job
SDMsgUpdate (SmartDrawTrial).job
User_Feed_Synchronization-{A5E6271C-9C47-412E-AF4A-2B64E2BC1B6B}.job
Check Updates for Windows Live Toolbar.job
--------------------------------------------------------
App data folders

Volume in drive C is ACER
Volume Serial Number is 290E-14EF

Directory of C:\Documents and Settings\BUTTERFLY\Application Data

05/26/2004 02:02 AM <DIR> .
05/26/2004 02:02 AM <DIR> ..
05/19/2003 11:49 PM <DIR> IDENTI~1 Identities
05/19/2003 11:57 PM <DIR> INTERT~1 InterTrust
05/19/2003 11:35 PM <DIR> MICROS~1 Microsoft
05/26/2004 02:27 AM <DIR> SYMANTEC Symantec
05/26/2004 03:05 AM <DIR> ADOBE Adobe
05/26/2004 03:06 AM <DIR> ADOBEUM AdobeUM
06/11/2004 10:43 AM <DIR> HELP Help
07/13/2004 01:04 PM <DIR> THELAB~1 The Labyrinth Plus! Edition
08/27/2004 06:42 PM <DIR> SHARE-~1 Share-to-Web Upload Folder
10/06/2004 10:26 AM <DIR> MACROM~1 Macromedia
05/13/2005 11:08 PM <DIR> LEADER~1 Leadertech
05/13/2005 11:18 PM <DIR> HEWLET~1 Hewlett-Packard
07/03/2005 05:43 PM <DIR> BBTONS~1 BBTons
08/27/2005 12:33 PM <DIR> MSNSEA~1 MSN Search Toolbar
12/22/2005 09:32 PM <DIR> MSNINS~1 MSNInstaller
03/25/2006 06:42 AM <DIR> SOFTIS~1 soft iso blah
05/25/2006 02:14 AM <DIR> SMARTD~1 SmartDraw
07/17/2006 07:21 PM <DIR> MSN6
07/19/2006 07:45 PM <DIR> MOZILLA Mozilla
07/19/2006 07:47 PM <DIR> TALKBACK Talkback
10/31/2006 08:58 PM <DIR> AUTODESK Autodesk
12/19/2006 11:40 PM <DIR> GOOGLE Google
03/10/2007 04:27 PM <DIR> AVG7
07/31/2007 02:56 PM <DIR> STARWA~1 Starware343
08/11/2007 11:24 PM <DIR> COMODO Comodo
08/12/2007 04:45 PM <DIR> GRISOFT Grisoft
08/12/2007 10:37 PM <DIR> SUPERA~1.COM SUPERAntiSpyware.com
0 File(s) 0 bytes
29 Dir(s) 13,628,145,664 bytes free
Volume in drive C is ACER
Volume Serial Number is 290E-14EF

Directory of C:\Documents and Settings\All Users\Application Data

05/19/2003 11:35 PM <DIR> .
05/19/2003 11:35 PM <DIR> ..
05/19/2003 11:35 PM <DIR> MICROS~1 Microsoft
05/19/2003 11:58 PM <DIR> CYBERL~1 CyberLink
05/26/2004 02:27 AM <DIR> SYMANTEC Symantec
05/26/2004 02:51 AM <DIR> ADOBE Adobe
05/26/2004 02:51 AM <DIR> QUICKT~1 QuickTime
05/26/2004 03:29 AM <DIR> VIEWPO~1 Viewpoint
07/03/2005 05:44 PM <DIR> LINKNE~1 Link New Inside Dumb
08/27/2005 12:30 PM <DIR> MSNSEA~1 MSN Search Toolbar
03/07/2006 02:57 PM <DIR> YAHOO!~1 Yahoo! Companion
05/25/2006 11:12 AM <DIR> WINDOW~1 Windows Genuine Advantage
07/17/2006 07:21 PM <DIR> MSN6
10/31/2006 08:58 PM <DIR> AUTODESK Autodesk
03/10/2007 04:26 PM <DIR> avg7
03/10/2007 05:34 PM <DIR> SPYBOT~1 Spybot - Search & Destroy
07/08/2007 09:31 PM <DIR> GOOGLE Google
07/31/2007 02:53 PM <DIR> STARWA~1 Starware343
08/07/2007 02:13 PM <DIR> OFFICE~1 Office Genuine Advantage
08/08/2007 09:15 AM <DIR> WINDOW~2 Windows Live Toolbar
08/11/2007 03:39 PM <DIR> GRISOFT Grisoft
08/11/2007 05:12 PM <DIR> ANTIVI~1 AntiVir PersonalEdition Classic
08/11/2007 11:23 PM <DIR> COMODO Comodo
08/12/2007 10:38 PM <DIR> SUPERA~1.COM SUPERAntiSpyware.com
0 File(s) 0 bytes
24 Dir(s) 13,628,145,664 bytes free
--------------------------------------------------------



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:50 PM, on 8/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
O4 - HKLM\..\Run: [LXBLKsk] C:\PROGRA~1\Lexmark\PHOTOC~1\LXBLKsk.exe
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Lexmark\Lexmark Photo Center\MemoryCardManager.exe" -startup
O4 - HKLM\..\Run: [CamMonitor] "C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Inicio rápido de Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB2.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html...49YYPR_ZSzeb029
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.c...es/MsnInstC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.c...tacceptlang.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84615C78-B4AE-4EF2-ADE0-FC6C598DD81C}: NameServer = 196.28.61.145 196.28.61.161
O17 - HKLM\System\CS1\Services\Tcpip\..\{84615C78-B4AE-4EF2-ADE0-FC6C598DD81C}: NameServer = 196.28.61.145 196.28.61.161
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - Unknown owner - C:\Program Files\Comodo\Firewall\cmdagent.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

--
End of file - 9551 bytes

Thanx

[AndyManchesta]

Run HijackThis and choose Do A System Scan then place a check next to this entry

O8 - Extra context menu item: &Search - ht*p://bar.mywebsearch.com/menusearch.html...49YYPR_ZSzeb029

Close all open browser and other windows except for HijackThis and press the Fix Checked button

Its not malicious but it looks like a leftover entry as MyWeb isnt showing any other entries in the log and isnt listed on the Add/Remove screen

Optional Fix


O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

If you no longer have any Programs from Symantec (Norton) installed these entries can be fixed with HijackThis

For the folders you cannot remove can you download Unlocker and give it a try using that, first make sure you have rebooted the machine after fixing the 04 entries for stop sign then if your still unable to delete the folders download Unlocker from here

http://ccollomb.free...locker1.8.5.exe

Install it then when you try delete the folders again if you still get the Access Denied message right click the folder and choose Unlocker, the Unlocker program will then open and show what is locking the folder, click Unlock All and then attempt to delete the folder again, you may have to repeat that a couple of times depending on what is locking the folder but let us know if your still unable to remove them, you can uninstall Unlocker using the Add/Remove screen once you have removed the folders as its not the sort of program you would need often.

Delete the C:\deljob folder as its not needed now

Next set Windows to show hidden files and folders so you can locate these below

Click Start. Goto MyComputer then C:\drive
Select the Tools menu from the top bar and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
UnCheck the "Hide protected operating system files (recommended)" option.

Click Yes to confirm then OK

Set this back once you have checked for the folders by opening the same page and pressing the Restore Defaults button then click Apply and OK.

Goto Start > Run > and copy and paste

C:\Documents and Settings\BUTTERFLY\Application Data\

Press OK and it will open your profiles Application Data folder

Delete the Starware343 folder from inside there then please check what is inside the soft iso blah folder, if there is any files then post back the filenames, if its empty then delete the soft iso blah folder

Goto Start > Run > and copy and paste

C:\Documents and Settings\All Users\Application Data\

Press OK to open the All users Application Data folder

Delete the Starware343 folder from inside there and also delete the Link New Inside Dumb folder

Next run CCleaner to clear out the temp folders and reset the System Restore points

If you do not have CCleaner then download it from Here. Run the setup file and press Next, click I Agree on the Licence Agreement then Next again, click Install and then finally click Finish, Run CCleaner and press the Run Cleaner button to remove temp files then exit CCleaner.

Then clear your System Restore points:

Click Start Menu > All Programs > Accessories > System Tools > SystemRestore

Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created. Then press OK to clear the temp files found in the initial scan and close Disk Cleanup

Then reset your Internet Security settings and see if your then able to run an online scanner to check for remaining problems

Open a I.E browser window then goto Tools on the top bar then Internet Options

• Goto The Advanced Tab and Press Restore Defaults
  
• Goto The Security Tab, it will then be highlighting the Internet Zone, Press Custom Level then press Reset and Yes on the pop up confirmation box, then Click OK and OK again to close the Security Settings screen.

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
  
• Read and Accept the Agreement
  
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  
• If you see a Windows [dialog asking if you want to install this software, click the Install button.
  
• The program will launch and then begin downloading the latest definition files,
  
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  
• Under "Please select a target to scan:", click My Computer to start the scan.
  
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.

If your able to run the online scan then post back the report but let us know if your have problems with any of the steps

Thanks

[Sockdown]

Internet Explorer is not working. I think that some files are missing. I tried to re-install it, but a crypt or encrypt something was missing and it was not able to check validity I think it said. I'm gonna do everything else now.

[AndyManchesta]

If you have a Windows disk then give IEFix a try to reinstall IE

http://windowsxp.mvps.org/IEFIX.htm

If not then try reinstall IE6

http://www.microsoft.com/windows/ie/ie6/do...p1/default.mspx

If you still have problems then see if your able to install IE7

http://www.microsoft.com/windows/products/...ie/default.mspx

[Sockdown]

I've done everything until the I.E. part. Going to download I.E. 6 to give it a try.

[AndyManchesta]

Let us know how it goes

[Sockdown]

I think it was I.E7 that was (*($R(&@ up. I unistalled I.E.7 and came back to I.E6. Trying to make the online scanner work now.

[AndyManchesta]

Good Luck

[Sockdown]

Tried to run the scanner, but failed on the downloading the ActiveX from server.

----------------------------
Failed to load Kaspersky Online Scanner ActiveX control!

You must have administrative rights on this computer;
you also must have the IE security settings to the Medium level.

[AndyManchesta]

Are you logged in using the Admin account ? , now you have returned to IE6 can you try resetting the security settings as explained in the earlier post and see if it helps

It would be useful to get this scanner to run as their detection rate is excellent but if you continue to have problems then try use one of the scanners below

BitDefender Online Scan

• Click I Agree to agree to the EULA.
  
• Allow the ActiveX control to install when prompted.
  
• Click Click here to scan to begin the scan.
  
• Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  
• When the scan is finished, click on Click here to export the scan results.
  
• Save the report to your desktop so you can post it in your next reply.

Panda Activescan.
Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan
(Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back.

[Sockdown]

Yeah, I'm on the administrator account. I got this message on the Bit Defender:

Could not load the Online Scanner!
Service Pack 2 was detected on this computer.
Click on the information bar and select "Install ActiveX Control...".

But that's what I'm doing... I don't know what's happening.

Something is wrong with I.E., I can't press the Scan Button on the Panda page.

[AndyManchesta]

Try working through the steps on this BitDefender help page and see if any fix the problem

http://kb.bitdefender.com/KB155-en--Troubl...ne-Scanner.html

If you have the Windows disk run the system file checking feature to make sure none of the protected Windows files are damaged or corrupt.

Goto Start Menu -> Run -> type

SFC /SCANNOW

(There's a space after SFC) , Press OK and it will run the System File Checker. Follow the prompts, and insert your Windows installation CD if requested then reboot the computer after it has finished.

Then try the IEFIX utility I linked to earlier if you havent already to see if it can fix the problem by re-registering IE's files


If you still cannot run the scanners then try setting up a new Admin Account then see if your able to run the Kaspersky scan using that account, Goto Start > Control Panel > User Accounts

Click Create A New Account > type a name for the account and click Next

On the Account Type screen choose Computer Administrator then click Create Account

Click the Start button and choose Log Off then login using the new account and try run the scanner again

Cheers

[Sockdown]

Sorry for the delay. Didn't have internet where I was. I had to leave, so' I stopped at the online scanner. Thank you Andy for you help.

[AndyManchesta]

No problems, let us know if you continue to have issues with the scanners and we can try some other tools to check your system in more detail

Thanks