Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: My windows keep disappearing  (Read 2012 times)

0 Members and 1 Guest are viewing this topic.

lisashomeoffice

    Topic Starter


    Beginner
    My windows keep disappearing
    « on: March 24, 2009, 06:17:28 PM »
    What would (could) cause my windows to disappear rather quickly?  I can have 2 or 3 or even 1 window open and all of a sudden it closes. I thought it might be the Stopzilla download;however, I have deleted the file and I still am having the problem.  I use Avast, Spybot S+D,
    Adaware, Spyware Begone and can't see where it might be a virus, spyware, or something. I'm not really sure if it is a virus, or within Win xp.

    Any clues?

    internet explorer 6
    Windows xp
    250 gb
    intel pentium 4
    2.66 g
    Cyber Power custom configured
    memory  512MB

    brundle

    • Guest
    Re: My windows keep disappearing
    « Reply #1 on: March 24, 2009, 06:37:35 PM »
    Are they Explorer windows, or Internet Explorer windows ?
    Do all open windows close at once simultaneously, or do some stay open?
    System Restore to a point before it started?

    lisashomeoffice

      Topic Starter


      Beginner
      Re: My windows keep disappearing
      « Reply #2 on: March 25, 2009, 12:25:31 PM »
      I use IE.  It closes whether it is one window, or more.  Although it doesn't happen all the time, I loose my page or pages and I have to start all over again. I went to System Restore and went back to a week ago.  This problem has been going on for a little over a week now, so I will just keep going back a little and see if the problem goes away.  Thanks for such a  quick response.

      evilfantasy

      • Malware Removal Specialist
      • Moderator


      • Genius
      • Calm like a bomb
      • Thanked: 485
        • evilfantasy's blog
      • Experience: Familiar
      • OS: Windows 8
      Re: My windows keep disappearing
      « Reply #3 on: March 25, 2009, 04:23:52 PM »
      Stopzilla is not a trusted program nor is Spyware Begone.

      See here:
      http://www.mywot.com/en/scorecard/stopzilla.com
      http://www.mywot.com/en/scorecard/spywarebegone.com

      Uninstall those if you have them and then follow this guide http://www.computerhope.com/forum/index.php/topic,46313.0.html

      Post the 3 logs when complete.

      lisashomeoffice

        Topic Starter


        Beginner
        Re: My windows keep disappearing
        « Reply #4 on: March 27, 2009, 01:45:49 AM »
        I downloaded  Superantispyware, Malwarebytes' Anti-Malware, and Hijackthis.  I am enclosing the logs. They are on one page off of notepad.

        Lisa

        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 12:25:02 AM, on 3/27/2009
        Platform: Windows XP SP3 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
        Boot mode: Normal

        Running processes:
        C:\windows\System32\smss.exe
        C:\windows\system32\winlogon.exe
        C:\windows\system32\services.exe
        C:\windows\system32\lsass.exe
        C:\windows\system32\svchost.exe
        C:\windows\System32\svchost.exe
        C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        C:\Program Files\Alwil Software\Avast4\ashServ.exe
        C:\windows\system32\spoolsv.exe
        C:\PROGRA~1\Iomega\System32\AppServices.exe
        C:\Program Files\Java\jre6\bin\jqs.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
        C:\windows\system32\nvsvc32.exe
        C:\windows\system32\svchost.exe
        C:\WINDOWS\system32\MsPMSPSv.exe
        C:\windows\Explorer.EXE
        C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        C:\Program Files\Java\jre6\bin\jusched.exe
        C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
        C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
        C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
        C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
        C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Documents and Settings\Owner\Desktop\Hijackthis.exe\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
        R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
        R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
        R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
        O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
        O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
        O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
        O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
        O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
        O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
        O4 - HKCU\..\Run: [ErrorRepairTool] C:\Program Files\ErrorRepairTool\ErrorRepairTool.exe -boot
        O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
        O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
        O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
        O8 - Extra context menu item: Download Picture to Organizer - file://C:\Program Files\PictureWorks\MediaCenter\pages\cfile.htm
        O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
        O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
        O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
        O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
        O8 - Extra context menu item: Send as NetCard - file://C:\Program Files\PictureWorks\MediaCenter\pages\sendnetcard.htm
        O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
        O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
        O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
        O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
        O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
        O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
        O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{E458BD1A-5D92-47DF-B1E8-41E5878D08D7}: NameServer = 207.69.188.185 207.69.188.186
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
        O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
        O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
        O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
        O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
        O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
        O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

        --
        End of file - 8406 bytes

        evilfantasy

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Calm like a bomb
        • Thanked: 485
          • evilfantasy's blog
        • Experience: Familiar
        • OS: Windows 8
        Re: My windows keep disappearing
        « Reply #5 on: March 27, 2009, 01:58:29 AM »
        Open HijackThis and select Do a system scan only.

        Place a check mark next to the following entries: (if there)

        • R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
        • R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
        • O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
        .
        Important: Close all open windows except for HijackThis and then click Fix checked.

        Once completed, exit HijackThis.

        ----------

        Two antivirus. CA and Avast.

        You need to uninstall all but one antivirus.

        The real-time protection of two antivirus programs may conflict with each other and cause the following:

        1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
        2) Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
        3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.

        ----------

        Download from DDS by sUBs and save it to your Desktop. Alternate DDS download link

        Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

        * XP users Double click on dds to run it.
        * If your antivirus or forewall try to block DDS then please allow it to run.
        * When finished DDS will open two (2) logs:

        1) DDS.txt
        2) Attach.txt

        * Save both logs to your desktop.
        * Please include the entire contents of both logs in your next reply.

        Note: DDS will instruct you to post the Attach.txt log as an attachment.
        Please just post it as you would any other log by copy and pasting it into the reply.

        lisashomeoffice

          Topic Starter


          Beginner
          Re: My windows keep disappearing
          « Reply #6 on: March 27, 2009, 03:09:07 AM »
          Before I post the DDS and Attach logs, I just want you to know that I uninstalled about a year ago and have not been able to get the remainder of the files off of the computer.  I went to CA and used their uninstaller and it did not get it off.  I ran SAFARP  and it did not remove it either.  Is there and uninstaller that will get it off for good.  I know that 2 anti virus running is not productive;however, I just can't get CA off the computer.

          Thanks for you help!




          UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
          IF REQUESTED, ZIP IT UP & ATTACH IT

          DDS (Ver_09-03-16.01)

          Microsoft Windows XP Home Edition
          Boot Device: \Device\HarddiskVolume1
          Install Date: 11/30/2006 4:25:11 PM
          System Uptime: 3/26/2009 10:10:57 PM (3 hours ago)

          Motherboard: ECS |  | 945P-A
          Processor:              Intel(R) Pentium(R) D  CPU 2.66GHz | CPU 1 | 2660/133mhz

          ==== Disk Partitions =========================

          A: is Removable
          C: is FIXED (NTFS) - 233 GiB total, 223.405 GiB free.
          D: is CDROM ()
          F: is Removable

          ==== Disabled Device Manager Items =============

          Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
          Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
          Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_18531019&REV_10\4&CF81C54&0&28F0
          Manufacturer: Realtek Semiconductor Corp.
          Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
          PNP Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_18531019&REV_10\4&CF81C54&0&28F0
          Service: RTL8023xp

          ==== System Restore Points ===================

          RP39: 12/28/2008 1:09:29 AM - System Checkpoint
          RP40: 12/29/2008 4:05:07 AM - System Checkpoint
          RP41: 1/6/2009 11:13:45 PM - System Checkpoint
          RP42: 1/9/2009 3:34:07 AM - Removed Palm Desktop
          RP43: 1/9/2009 3:34:52 AM - Removed Palm Desktop
          RP44: 1/11/2009 8:26:42 AM - System Checkpoint
          RP45: 1/12/2009 11:39:17 AM - System Checkpoint
          RP46: 1/17/2009 8:14:16 AM - Software Distribution Service 3.0
          RP47: 1/19/2009 8:53:10 PM - System Checkpoint
          RP48: 1/21/2009 4:17:13 AM - System Checkpoint
          RP49: 1/23/2009 2:44:32 AM - Software Distribution Service 3.0
          RP50: 1/24/2009 11:09:31 PM - System Checkpoint
          RP51: 1/27/2009 7:03:41 PM - System Checkpoint
          RP52: 2/1/2009 11:21:25 PM - System Checkpoint
          RP53: 2/4/2009 9:11:29 AM - System Checkpoint
          RP54: 2/8/2009 1:33:40 AM - System Checkpoint
          RP55: 2/9/2009 11:13:55 PM - System Checkpoint
          RP56: 2/11/2009 11:49:04 PM - Software Distribution Service 3.0
          RP57: 2/12/2009 10:06:37 PM - Installed MalwareRemovalBot
          RP58: 2/14/2009 2:08:57 PM - System Checkpoint
          RP59: 2/16/2009 4:09:28 AM - System Checkpoint
          RP60: 2/17/2009 10:56:42 AM - System Checkpoint
          RP61: 2/21/2009 10:55:16 AM - System Checkpoint
          RP62: 2/24/2009 4:04:01 AM - System Checkpoint
          RP63: 2/24/2009 9:39:34 PM - Software Distribution Service 3.0
          RP64: 2/25/2009 11:06:46 PM - System Checkpoint
          RP65: 2/26/2009 6:50:40 PM - Removed MalwareRemovalBot
          RP66: 2/27/2009 7:52:24 PM - System Checkpoint
          RP67: 3/2/2009 5:54:15 PM - System Checkpoint
          RP68: 3/7/2009 8:45:11 AM - System Checkpoint
          RP69: 3/8/2009 10:52:19 PM - System Checkpoint
          RP70: 3/10/2009 5:22:51 PM - System Checkpoint
          RP71: 3/10/2009 9:50:35 PM - Installed Mewsoft Fonawy Standard
          RP72: 3/11/2009 11:00:18 AM - Software Distribution Service 3.0
          RP73: 3/13/2009 1:15:33 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
          RP74: 3/14/2009 12:22:14 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
          RP75: 3/14/2009 3:16:48 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
          RP76: 3/16/2009 4:34:55 AM - System Checkpoint
          RP77: 3/16/2009 4:39:49 AM - Software Distribution Service 3.0
          RP78: 3/20/2009 10:57:45 AM - System Checkpoint
          RP79: 3/21/2009 4:05:18 PM - System Checkpoint
          RP80: 3/24/2009 1:07:18 PM - System Checkpoint
          RP81: 3/24/2009 3:51:57 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
          RP82: 3/24/2009 7:16:57 PM - Installed Windows Internet Explorer 8.
          RP83: 3/24/2009 7:41:34 PM - Spyware Begone! Spy Removal
          RP84: 3/25/2009 11:06:05 AM - Restore Operation
          RP85: 3/25/2009 11:13:48 AM - Software Distribution Service 3.0
          RP86: 3/26/2009 1:53:23 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
          RP87: 3/26/2009 4:22:50 PM - Installed SUPERAntiSpyware Free Edition
          RP88: 3/26/2009 8:16:06 PM - Installed ErrorRepairTool
          RP89: 3/26/2009 8:20:54 PM - Removed ErrorRepairTool
          RP90: 3/26/2009 10:05:43 PM - Installed Java(TM) 6 Update 13

          ==== Installed Programs ======================


          Ad-Aware
          Adobe Acrobat 4.0
          Adobe Acrobat 5.0
          Adobe Download Manager 2.2 (Remove Only)
          Adobe Flash Player 9 ActiveX
          Adobe Flash Player ActiveX
          Adobe Reader 7.1.0
          Arrange Startup 3.0
          Audio Manager Driver
          avast! Antivirus
          CA Anti-Spam
          CA Anti-Virus
          CA Website Inspector
          Call Alert! 1.0
          Cards_Calendar_OrderGift_DoMorePlugout
          CCleaner (remove only)
          CCScore
          CuperUtilities StartUp Manager 1.1
          Deal Info
          EarthLink Accelerator
          EarthLink FastLane
          EarthLink MailBox
          EarthLink Software
          Easy Uninstaller
          ESSBrwr
          ESSCDBK
          ESScore
          ESSgui
          ESSini
          ESSPCD
          ESSPDock
          ESSSONIC
          ESSTOOLS
          essvatgt
          GIMP 2.4.5
          HijackThis 2.0.2
          Hotfix for Windows XP (KB952287)
          HP Photosmart Essential 2.5
          HP Photosmart Essential 3.0
          HPPhotoSmartPhotobookWebPack1
          ieSpell
          Iomega Automatic Backup
          Java(TM) 6 Update 13
          kgcbase
          KissHTML Editor
          Kodak EasyShare software
          Malwarebytes' Anti-Malware
          Mewsoft Fonawy Standard
          Microsoft .NET Framework 1.1
          Microsoft .NET Framework 1.1 Hotfix (KB928366)
          Microsoft Office XP Web Components
          Microsoft Word 2000
          ML-1710 Series
          MSXML 4.0 SP2 (KB936181)
          MSXML 4.0 SP2 (KB954430)
          netbrdg
          NVIDIA Drivers
          Nvu 1.0PR
          OfotoXMI
          PC Pitstop Driver Alert 1.0
          PC Pitstop Optimize 1.5
          Photo Presenter
          PSSWCORE
          Quick StartUp 2.1
          QuickTime
          Realtek High Definition Audio Driver
          Redistributed Files
          RunAlyzer
          Safarp
          Security Update for CAPICOM (KB931906)
          Security Update for Windows Media Player (KB911564)
          Security Update for Windows Media Player (KB952069)
          Security Update for Windows Media Player 6.4 (KB925398)
          Security Update for Windows Media Player 9 (KB917734)
          Security Update for Windows Media Player 9 (KB936782)
          Security Update for Windows XP (KB923689)
          Security Update for Windows XP (KB923789)
          Security Update for Windows XP (KB938464-v2)
          Security Update for Windows XP (KB938464)
          Security Update for Windows XP (KB941569)
          Security Update for Windows XP (KB946648)
          Security Update for Windows XP (KB950759)
          Security Update for Windows XP (KB950760)
          Security Update for Windows XP (KB950762)
          Security Update for Windows XP (KB950974)
          Security Update for Windows XP (KB951066)
          Security Update for Windows XP (KB951376-v2)
          Security Update for Windows XP (KB951698)
          Security Update for Windows XP (KB951748)
          Security Update for Windows XP (KB952954)
          Security Update for Windows XP (KB954211)
          Security Update for Windows XP (KB954459)
          Security Update for Windows XP (KB954600)
          Security Update for Windows XP (KB955069)
          Security Update for Windows XP (KB956390)
          Security Update for Windows XP (KB956391)
          Security Update for Windows XP (KB956802)
          Security Update for Windows XP (KB956803)
          Security Update for Windows XP (KB956841)
          Security Update for Windows XP (KB957095)
          Security Update for Windows XP (KB957097)
          Security Update for Windows XP (KB958215)
          Security Update for Windows XP (KB958644)
          Security Update for Windows XP (KB958687)
          Security Update for Windows XP (KB958690)
          Security Update for Windows XP (KB960225)
          Security Update for Windows XP (KB960714)
          Security Update for Windows XP (KB960715)
          SFR
          SHASTA
          skin0001
          SKINXSDK
          Spybot - Search & Destroy
          staticcr
          SUPERAntiSpyware Free Edition
          The Book of Thoth
          tooltips
          TotalAccess Core Applications
          Traffic Maximizer Pro 2.0
          U.S. Robotics V.92 Voice Host Int
          Update for Windows XP (KB951072-v2)
          Update for Windows XP (KB951978)
          Update for Windows XP (KB955839)
          Update for Windows XP (KB967715)
          version 6.0
          VideoToolkit01
          VPRINTOL
          WebFldrs XP
          Windows Genuine Advantage Notifications (KB905474)
          Windows Genuine Advantage Validation Tool (KB892130)
          Windows XP Service Pack 3
          WIRELESS

          ==== Event Viewer Messages From Past Week ========

          3/24/2009 3:52:16 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
          3/22/2009 5:27:05 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
          3/22/2009 5:27:03 AM, error: Service Control Manager [7000]  - The avast! Mail Scanner service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
          3/22/2009 5:27:03 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
          3/24/2009 3:58:15 PM, error: System Error [1003]  - Error code 1000007e, parameter1 c0000005, parameter2 f75b9ce2, parameter3 f4f0eb7c, parameter4 f4f0e878.
          3/25/2009 1:34:12 PM, error: Service Control Manager [7034]  - The avast! Web Scanner service terminated unexpectedly.  It has done this 1 time(s).
          3/26/2009 1:52:24 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
          3/26/2009 1:52:54 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the  service.
          3/26/2009 7:56:56 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.

          ==== End Of File ===========================


          DDS



          DDS (Ver_09-03-16.01) - NTFSx86 
          Run by Owner at  1:58:54.20 on Fri 03/27/2009
          Internet Explorer: 6.0.2900.5512
          Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.200 [GMT -7:00]

          AV: avast! antivirus 4.8.1335 [VPS 090326-0] *On-access scanning enabled* (Updated)

          ============== Running Processes ===============

          C:\windows\system32\svchost -k DcomLaunch
          svchost.exe
          C:\windows\System32\svchost.exe -k netsvcs
          svchost.exe
          svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\windows\system32\spoolsv.exe
          C:\Program Files\Java\jre6\bin\jqs.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\windows\system32\nvsvc32.exe
          C:\windows\system32\svchost.exe -k imgsvc
          C:\WINDOWS\system32\MsPMSPSv.exe
          C:\windows\Explorer.EXE
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\Program Files\Java\jre6\bin\jusched.exe
          C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
          C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
          C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
          C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
          C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
          C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\WINDOWS\system32\msiexec.exe
          C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HXFKGG\dds[1].scr

          ============== Pseudo HJT Report ===============

          uStart Page = hxxp://www.yahoo.com
          uSearch Bar = hxxp://start.earthlink.net/AL/Search
          uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
          uDefault_Page_URL = hxxp://start.earthlink.net
          mSearchAssistant = hxxp://start.earthlink.net/AL/Search
          uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
          BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
          BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
          BHO: IE_PopupBlocker Class: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\program files\earthlink totalaccess\accelerator\prpl_IePopupBlocker.dll
          BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
          BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
          BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
          TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
          TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
          uRun: [Iomega Automatic Backup] c:\program files\iomega\iomega automatic backup\ibackup.exe
          uRun: [ErrorRepairTool] c:\program files\errorrepairtool\ErrorRepairTool.exe -boot
          uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart
          mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
          mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
          mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
          mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
          StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
          mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
          IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
          IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
          IE: Download Picture to Organizer - file://c:\program files\pictureworks\mediacenter\pages\cfile.htm
          IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
          IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
          IE: Refresh Pa&ge with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-page.html
          IE: Refresh Pi&cture with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-image.html
          IE: Send as NetCard - file://c:\program files\pictureworks\mediacenter\pages\sendnetcard.htm
          IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
          IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
          IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
          IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
          IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
          DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
          DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
          DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
          DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
          DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
          DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
          TCP: {E458BD1A-5D92-47DF-B1E8-41E5878D08D7} = 207.69.188.185 207.69.188.186
          Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
          SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\linkadvisor\CIDLinkAdvisor.dll
          SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

          ============= SERVICES / DRIVERS ===============

          R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-24 114768]
          R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
          R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
          R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
          R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-24 20560]
          R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-10-24 138680]
          R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-10-24 254040]
          R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-10-24 352920]
          S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2006-11-30 20160]
          S3 BW2NDIS5;BW2NDIS5;

          S3 JL2005;JL2005A Camera;

          S3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-10-23 185608]
          S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
          S3 SIWIO;SIWIO;


          =============== Created Last 30 ================

          2009-03-27 01:47   <DIR>   --d-----   c:\program files\Safarp
          2009-03-26 22:06   410,984   a-------   c:\windows\system32\deploytk.dll
          2009-03-26 22:06   73,728   a-------   c:\windows\system32\javacpl.cpl
          2009-03-26 20:16   <DIR>   --d-----   c:\docume~1\owner\applic~1\ErrorRepairTool
          2009-03-26 19:36   <DIR>   --d-----   c:\docume~1\owner\applic~1\Malwarebytes
          2009-03-26 19:35   15,504   a-------   c:\windows\system32\drivers\mbam.sys
          2009-03-26 19:35   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
          2009-03-26 19:35   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
          2009-03-26 19:35   <DIR>   --d-----   c:\docume~1\alluse~1.win\applic~1\Malwarebytes
          2009-03-26 16:23   <DIR>   --d-----   c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
          2009-03-26 16:22   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
          2009-03-26 16:22   <DIR>   --d-----   c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
          2009-03-26 14:22   <DIR>   --d-----   c:\program files\Easy Uninstaller
          2009-03-25 11:07   <DIR>   --d-----   c:\program files\RegistryPatrol3.0
          2009-03-25 11:06   <DIR>   --d-----   c:\program files\Free Offers from Freeze.com
          2009-03-24 19:26   <DIR>   --d-----   c:\documents and settings\owner\IECompatCache
          2009-03-24 19:24   <DIR>   --d-----   c:\documents and settings\owner\PrivacIE
          2009-03-24 19:20   <DIR>   --d-----   c:\documents and settings\owner\IETldCache
          2009-03-24 19:16   <DIR>   -cd-----   c:\windows\ie8
          2009-03-24 16:53   <DIR>   --d-----   C:\spywarebegone
          2009-03-24 16:53   170   a-------   c:\windows\spywarebegone-fullversion-installed.html
          2009-03-14 02:22   42   a-------   c:\windows\system32\AK083E209605E394C.lie
          2009-03-14 01:22   <DIR>   --d-----   c:\windows\SxsCaPendDel
          2009-03-13 04:02   <DIR>   --d-----   c:\docume~1\owner\applic~1\MailWasherPro
          2009-03-13 02:16   <DIR>   --d-----   c:\docume~1\alluse~1.win\applic~1\SITEguard
          2009-03-13 02:15   <DIR>   --d-----   c:\program files\common files\iS3
          2009-03-13 02:15   <DIR>   --d-----   c:\docume~1\alluse~1.win\applic~1\STOPzilla!
          2009-03-11 06:09   <DIR>   --d-----   c:\program files\Enigma Software Group
          2009-03-10 22:50   <DIR>   --d-----   c:\program files\Fonawy Standard
          2009-03-10 17:38   <DIR>   --d-----   c:\program files\Call Alert
          2009-03-10 17:26   <DIR>   --d-----   c:\program files\Traysoft
          2009-03-08 14:22   1,241,088   --------   c:\windows\system32\ieframe.dll.mui
          2009-03-08 14:22   49,152   --------   c:\windows\system32\msrating.dll.mui
          2009-03-08 14:22   2,560   --------   c:\windows\system32\mshta.exe.mui
          2009-03-08 14:21   10,240   --------   c:\windows\system32\advpack.dll.mui
          2009-03-08 14:21   4,096   --------   c:\windows\system32\ie4uinit.exe.mui
          2009-03-08 14:20   81,920   --------   c:\windows\system32\iedkcs32.dll.mui
          2009-03-03 00:02   <DIR>   --d-----   C:\freescan
          2009-03-02 23:27   <DIR>   --d-----   c:\docume~1\owner\applic~1\com.codeode
          2009-02-26 19:39   <DIR>   --d-----   c:\docume~1\owner\applic~1\Uniblue

          ==================== Find3M  ====================

          2009-03-26 15:03   724,992   a-------   c:\windows\iun6002.exe
          2009-02-09 04:13   1,846,784   a-------   c:\windows\system32\win32k.sys
          2006-08-12 05:03   4   a-------   c:\program files\Reminder.todo
          2006-08-12 05:02   325   a-------   c:\program files\autobidding.log
          2006-08-12 04:48   4   a-------   c:\program files\Reminder.~todo

          ============= FINISH:  1:59:30.45 ===============


          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 485
            • evilfantasy's blog
          • Experience: Familiar
          • OS: Windows 8
          Re: My windows keep disappearing
          « Reply #7 on: March 27, 2009, 10:10:56 AM »
          You don't see these in th add/remove programs list?

          CA Anti-Spam
          CA Anti-Virus
          CA Website Inspector

          lisashomeoffice

            Topic Starter


            Beginner
            Re: My windows keep disappearing
            « Reply #8 on: March 27, 2009, 04:21:40 PM »
            Those were all removed a long time ago with the CA uninstaller.  Even though they don't show up in the ADD/ REMOVE it is still showing that it does and you can see that. CA has their own forum & it seems like that is a problem that I have seen in the forum.  Maybe you can find something I didn't see.  http://home3.ca.com/Support/techsupport/techsupporthome.aspx

            Lisa

            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 485
              • evilfantasy's blog
            • Experience: Familiar
            • OS: Windows 8
            Re: My windows keep disappearing
            « Reply #9 on: March 27, 2009, 05:31:39 PM »
            Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

            Link #1
            Link #2

            **Note:  It is important that it is saved directly to your Desktop

            DO NOT run it yet!

            Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

            Delete these files/folders, as follows:

            1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
            It must be Notepad, not Wordpad.
            2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

            Code: [Select]
            KillAll::

            File::
            C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
            C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe

            Folder::
            C:\Program Files\CA
            c:\docume~1\alluse~1.win\applic~1\SITEguard
            c:\program files\common files\iS3
            c:\docume~1\alluse~1.win\applic~1\STOPzilla!

            DDS::
            BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
            TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
            TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
            IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
            SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\linkadvisor\CIDLinkAdvisor.dll

            Driver::
            PPCtlPriv


            3. Go to the Notepad window and click Edit > Paste
            4. Then click File > Save
            5. Name the file CFScript.txt - Save the file to your Desktop
            6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



            ComboFix will begin to execute, just follow the prompts.
            After reboot (in case it asks to reboot), it will produce a log for you.
            Post that log (Combofix.txt) in your next reply.

            Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

            lisashomeoffice

              Topic Starter


              Beginner
              Re: My windows keep disappearing
              « Reply #10 on: March 27, 2009, 11:36:44 PM »
              I downloaded the Combo fix.  I had a problem when I got to #6.   After I pasted the given code, I did not see the 2 icons (combofix & CFscript) as shown in your instructions. Can you tell me how I can get that part of it done.  I just don't seem to be able to get that part.  Other than that, I am sending the log, as requested.

              Thanks,

              ComboFix 09-03-26.03 - Owner 2009-03-27 22:18:09.1 - NTFSx86
              Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.197 [GMT -7:00]
              Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
              AV: avast! antivirus 4.8.1335 [VPS 090327-0] *On-access scanning enabled* (Updated)
               * Created a new restore point

              WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
              .

              (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
              .

              c:\documents and settings\user\Cookies\user@1.offersquest[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@1064448610[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@1065924588[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@1072322497[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@59073359[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@a.directv[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@action.metaffiliation[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@ad[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@ads18.bpath[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@ads43.bpath[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@amomslove[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@avianweb[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@backbelt[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@betaseek[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@bidvertiser[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@cdrx[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@cgi-bin[12].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@cgi-bin[16].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@cgi-bin[19].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@cgi-bin[20].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@demr.imixserver[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@devx[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@dogpile[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@dogpile[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@ebay[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@ebay[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@ecommerce-guide[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@engage.everyone[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@forum.abestweb[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@freestuffpage[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@geocities[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@hyiprank[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@komando[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@landing.domainsponsor[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@maxpages[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@mb[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@mb[6].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@mb[7].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@mb[8].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@mkt.vailresorts[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@mydesktophelp[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@mygeek[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@network[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@nope[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@oxado[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@rc[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@rtm[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@sp2.information[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@superpstore.mail.everyone[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@us.intellitxt[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@user[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@webceo[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@webmasterworld[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@winhundred[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@www.amomslove[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@www.clubmomlinks[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@www.ether[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@www.freebeeclub[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@www.freenethelp[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@www.kolimbo[3].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@www.komando[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@www.musicroomaffiliates[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@www.myrasoft[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@www.poweredtemplates[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@www.promotionworld[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@www.smartadz[2].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@www.sportspecific[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@yahoo[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@zonaminada[1].txt.virtual.lnk
              c:\documents and settings\user\Cookies\user@zonaminada[4].txt.virtual.lnk
              c:\windows\a3kebook.ini
              c:\windows\akebook.ini
              c:\windows\ANS2000.INI

              .
              (((((((((((((((((((((((((   Files Created from 2009-02-28 to 2009-03-28  )))))))))))))))))))))))))))))))
              .

              2009-03-27 01:47 . 2009-03-27 01:52   <DIR>   d--------   c:\program files\Safarp
              2009-03-26 22:06 . 2009-03-26 22:06   <DIR>   d--------   c:\windows\Sun
              2009-03-26 22:06 . 2009-03-26 22:05   410,984   --a------   c:\windows\system32\deploytk.dll
              2009-03-26 22:06 . 2009-03-26 22:05   73,728   --a------   c:\windows\system32\javacpl.cpl
              2009-03-26 22:05 . 2009-03-26 22:05   <DIR>   d--------   c:\program files\Java
              2009-03-26 20:16 . 2009-03-26 20:19   <DIR>   d--------   c:\documents and settings\Owner\Application Data\ErrorRepairTool
              2009-03-26 19:36 . 2009-03-26 19:36   <DIR>   d--------   c:\documents and settings\Owner\Application Data\Malwarebytes
              2009-03-26 19:35 . 2009-03-26 19:46   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
              2009-03-26 19:35 . 2009-03-26 19:35   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
              2009-03-26 19:35 . 2009-03-26 16:49   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
              2009-03-26 19:35 . 2009-03-26 16:49   15,504   --a------   c:\windows\system32\drivers\mbam.sys
              2009-03-26 16:23 . 2009-03-26 16:23   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
              2009-03-26 16:22 . 2009-03-26 16:22   <DIR>   d--------   c:\program files\SUPERAntiSpyware
              2009-03-26 16:22 . 2009-03-26 16:22   <DIR>   d--------   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
              2009-03-26 14:22 . 2009-03-26 14:22   <DIR>   d--------   c:\program files\Easy Uninstaller
              2009-03-25 11:07 . 2009-03-25 11:07   <DIR>   d--------   c:\program files\RegistryPatrol3.0
              2009-03-25 11:06 . 2009-03-25 11:06   <DIR>   d--------   c:\program files\Free Offers from Freeze.com
              2009-03-24 19:26 . 2009-03-24 19:26   <DIR>   d--------   c:\documents and settings\Owner\IECompatCache
              2009-03-24 19:24 . 2009-03-24 19:24   <DIR>   d--------   c:\documents and settings\Owner\PrivacIE
              2009-03-24 19:20 . 2009-03-24 19:20   <DIR>   d--------   c:\documents and settings\Owner\IETldCache
              2009-03-24 19:17 . 2009-03-25 11:07   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
              2009-03-24 19:17 . 2009-03-24 19:17   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
              2009-03-24 19:16 . 2009-03-25 11:07   <DIR>   d----c---   c:\windows\ie8
              2009-03-24 16:53 . 2009-03-26 15:58   <DIR>   d--------   C:\spywarebegone
              2009-03-24 16:53 . 2009-03-26 15:03   170   --a------   c:\windows\spywarebegone-fullversion-installed.html
              2009-03-24 15:03 . 2009-03-25 11:07   <DIR>   d--------   c:\program files\RegCure
              2009-03-14 02:22 . 2009-03-14 02:22   42   --a------   c:\windows\system32\AK083E209605E394C.lie
              2009-03-14 01:22 . 2009-03-26 13:58   <DIR>   d--------   c:\windows\SxsCaPendDel
              2009-03-13 04:02 . 2009-03-22 07:35   <DIR>   d--------   c:\documents and settings\Owner\Application Data\MailWasherPro
              2009-03-13 02:16 . 2009-03-13 02:21   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\SITEguard
              2009-03-13 02:15 . 2009-03-13 02:15   <DIR>   d--------   c:\program files\Common Files\iS3
              2009-03-13 02:15 . 2009-03-26 13:51   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
              2009-03-11 06:09 . 2009-03-11 20:04   <DIR>   d--------   c:\program files\Enigma Software Group
              2009-03-10 22:50 . 2009-03-11 00:10   <DIR>   d--------   c:\program files\Fonawy Standard
              2009-03-10 17:38 . 2009-03-10 17:38   <DIR>   d--------   c:\program files\Call Alert
              2009-03-10 17:26 . 2009-03-10 17:31   <DIR>   d--------   c:\program files\Traysoft
              2009-03-08 14:22 . 2009-03-08 14:22   1,241,088   ---------   c:\windows\system32\ieframe.dll.mui
              2009-03-08 14:22 . 2009-03-08 14:22   49,152   ---------   c:\windows\system32\msrating.dll.mui
              2009-03-08 14:22 . 2009-03-08 14:22   2,560   ---------   c:\windows\system32\mshta.exe.mui
              2009-03-08 14:21 . 2009-03-08 14:21   10,240   ---------   c:\windows\system32\advpack.dll.mui
              2009-03-08 14:21 . 2009-03-08 14:21   4,096   ---------   c:\windows\system32\ie4uinit.exe.mui
              2009-03-08 14:20 . 2009-03-08 14:20   81,920   ---------   c:\windows\system32\iedkcs32.dll.mui
              2009-03-03 00:02 . 2009-03-26 14:07   <DIR>   d--------   C:\freescan
              2009-03-02 23:27 . 2009-03-02 23:27   <DIR>   d--------   c:\documents and settings\Owner\Application Data\com.codeode

              .
              ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2009-03-28 05:06   ---------   d-----w   c:\documents and settings\Owner\Application Data\CallingID
              2009-03-28 00:30   ---------   d-----w   c:\program files\EarthLink TotalAccess
              2009-03-26 23:21   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
              2009-03-26 22:03   724,992   ----a-w   c:\windows\iun6002.exe
              2009-03-26 21:29   ---------   d-----w   c:\program files\EarthLink
              2009-03-25 18:07   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
              2009-03-25 02:17   ---------   d-----w   c:\program files\Yahoo!
              2009-03-24 23:37   ---------   d-----w   c:\program files\Camtech
              2009-03-12 01:15   ---------   d---a-w   c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
              2009-02-27 02:39   ---------   d-----w   c:\documents and settings\Owner\Application Data\Uniblue
              2009-02-10 11:19   ---------   d-----w   c:\program files\CCleaner
              2009-02-10 11:19   ---------   d-----w   c:\documents and settings\Owner\Application Data\Yahoo!
              2009-02-09 11:13   1,846,784   ----a-w   c:\windows\system32\win32k.sys
              2006-08-12 12:03   4   ----a-w   c:\program files\Reminder.todo
              2006-08-12 12:02   325   ----a-w   c:\program files\autobidding.log
              2006-08-12 11:48   4   ----a-w   c:\program files\Reminder.~todo
              .

              (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              *Note* empty entries & legit default entries are not shown
              REGEDIT4

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Iomega Automatic Backup"="c:\program files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
              "E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 942080]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
              "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
              "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
              "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-26 148888]

              c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
              Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
              "EnableShellExecuteHooks"= 1 (0x1)

              [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
              "{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll" [2007-07-30 1373624]
              "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
              2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

              [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
              "VIDC.MJPG"= jl_mjpg2.drv

              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
              @="Service"

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
              path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
              backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Get Help (2).lnk]
              path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Get Help (2).lnk
              backup=c:\windows\pss\Get Help (2).lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
              path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
              backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
              path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\KODAK Software Updater.lnk
              backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

              [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HotSync Manager.lnk]
              path=c:\documents and settings\Owner\Start Menu\Programs\Startup\HotSync Manager.lnk
              backup=c:\windows\pss\HotSync Manager.lnkStartup

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fonawy]
              c:\program files\Fonawy Standard\Fonawy [X]

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
              --a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]
              --a------ 2001-04-27 11:00 53248 c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
              --a------ 2008-03-13 09:34 81920 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup]
              --a------ 2002-10-15 10:32 3014656 c:\program files\Iomega\Iomega Automatic Backup\iBackup.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
              ---hs---- 2008-04-13 17:12 1695232 c:\program files\Messenger\msmsgs.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
              --a------ 2008-03-26 18:40 2577120 c:\program files\PCPitstop\Optimize\PCPOptimize.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
              --a------ 2005-05-03 03:43 69632 c:\windows\ALCMTR.EXE

              [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
              --------- 2005-01-07 18:07 61952 c:\windows\system32\HdAShCut.exe

              [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
              "capfasem"=c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
              "QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe"

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "%windir%\\system32\\sessmgr.exe"=
              "c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
              "c:\\Program Files\\Messenger\\msmsgs.exe"=
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
              "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

              R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-24 114768]
              R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
              R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
              R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-24 20560]
              S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2006-11-30 20160]
              S3 BW2NDIS5;BW2NDIS5;

              S3 JL2005;JL2005A Camera;

              S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-10-23 185608]
              S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
              S3 SIWIO;SIWIO;

              .
              Contents of the 'Scheduled Tasks' folder

              2009-03-27 c:\windows\Tasks\ErrorRepairTool Scan.job
              - c:\program files\ErrorRepairTool\ErrorRepairTool.exe []

              2009-03-27 c:\windows\Tasks\ErrorRepairTool Scan.job
              - c:\program files\ErrorRepairTool []

              2009-03-28 c:\windows\Tasks\RegCure Program Check.job
              - c:\program files\RegCure\RegCure.exe []

              2009-03-24 c:\windows\Tasks\RegCure.job
              - c:\program files\RegCure\RegCure.exe []
              .
              - - - - ORPHANS REMOVED - - - -

              URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
              Toolbar-SITEguard - (no file)
              HKCU-Run-ErrorRepairTool - c:\program files\ErrorRepairTool\ErrorRepairTool.exe
              MSConfigStartUp-Arovax Shield - c:\program files\Arovax Shield\ArovaxShield.exe
              MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
              MSConfigStartUp-CaAvTray - c:\program files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
              MSConfigStartUp-CaISSDT - c:\program files\CA\eTrust Internet Security Suite\caissdt.exe
              MSConfigStartUp-CAVRID - c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
              MSConfigStartUp-com.codeode - c:\program files\Cactus Spam Filter 2.13\cactusspamfilter.exe
              MSConfigStartUp-eTrustPPAP - c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
              MSConfigStartUp-Free Ram Optimizer - c:\program files\AceLogix\Free Ram Optimizer\fro.exe
              MSConfigStartUp-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe
              MSConfigStartUp-PC-Checkup - c:\program files\Speeditup Free\PCCheckUp\PCCheckUp.exe
              MSConfigStartUp-QOELOADER - c:\program files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe
              MSConfigStartUp-Spyware Begone - c:\freescan\freescan.exe
              MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


              .
              ------- Supplementary Scan -------
              .
              uStart Page = www.yahoo.com
              uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
              IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
              IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
              IE: Download Picture to Organizer - file://c:\program files\PictureWorks\MediaCenter\pages\cfile.htm
              IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
              IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
              IE: Send as NetCard - file://c:\program files\PictureWorks\MediaCenter\pages\sendnetcard.htm
              TCP: {E458BD1A-5D92-47DF-B1E8-41E5878D08D7} = 207.69.188.185 207.69.188.186
              DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
              .

              **************************************************************************

              catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2009-03-27 22:20:22
              Windows 5.1.2600 Service Pack 3 NTFS

              scanning hidden processes ... 

              scanning hidden autostart entries ...

              scanning hidden files ... 

              scan completed successfully
              hidden files: 0

              **************************************************************************
              .
              --------------------- LOCKED REGISTRY KEYS ---------------------

              [HKEY_USERS\S-1-5-21-823518204-1214440339-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
              @Allowed: (Read) (RestrictedCode)
              @Allowed: (Read) (RestrictedCode)
              .
              --------------------- DLLs Loaded Under Running Processes ---------------------

              - - - - - - - > 'winlogon.exe'(392)
              c:\program files\SUPERAntiSpyware\SASWINLO.dll
              .
              Completion time: 2009-03-27 22:21:49
              ComboFix-quarantined-files.txt  2009-03-28 05:21:46

              Pre-Run: 239,681,093,632 bytes free
              Post-Run: 239,806,058,496 bytes free

              294

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 485
                • evilfantasy's blog
              • Experience: Familiar
              • OS: Windows 8
              Re: My windows keep disappearing
              « Reply #11 on: March 28, 2009, 09:33:13 AM »
              Just read the instructions. You need to save the CFScript to your desktop and then drag and drop it into ComboFix.

              lisashomeoffice

                Topic Starter


                Beginner
                Re: My windows keep disappearing
                « Reply #12 on: April 05, 2009, 02:48:26 AM »
                Hi,
                I'm sorry it took me so long to get back to you.  I wasn't doing too well for awhile.  I'm going to have to start all over again. (I think!)  One thing you could tell me is what site are those icons at.  I'm missing something.  If I know which website that these are on, maybe I can figure it out.  I don't seem to have any problems other than this.


                Lisa