My windows keep disappearing

[lisashomeoffice]

What would (could) cause my windows to disappear rather quickly?  I can have 2 or 3 or even 1 window open and all of a sudden it closes. I thought it might be the Stopzilla download;however, I have deleted the file and I still am having the problem.  I use Avast, Spybot S+D,
Adaware, Spyware Begone and can't see where it might be a virus, spyware, or something. I'm not really sure if it is a virus, or within Win xp.

Any clues?

internet explorer 6
Windows xp
250 gb
intel pentium 4
2.66 g
Cyber Power custom configured
memory  512MB

[brundle]

Are they Explorer windows, or Internet Explorer windows ?
Do all open windows close at once simultaneously, or do some stay open?
System Restore to a point before it started?

[lisashomeoffice]

I use IE.  It closes whether it is one window, or more.  Although it doesn't happen all the time, I loose my page or pages and I have to start all over again. I went to System Restore and went back to a week ago.  This problem has been going on for a little over a week now, so I will just keep going back a little and see if the problem goes away.  Thanks for such a  quick response.

[evilfantasy]

Stopzilla is not a trusted program nor is Spyware Begone.

See here:
http://www.mywot.com/en/scorecard/stopzilla.com
http://www.mywot.com/en/scorecard/spywarebegone.com

Uninstall those if you have them and then follow this guide http://www.computerhope.com/forum/index.php/topic,46313.0.html

Post the 3 logs when complete.

[lisashomeoffice]

I downloaded  Superantispyware, Malwarebytes' Anti-Malware, and Hijackthis.  I am enclosing the logs. They are on one page off of notepad.

Lisa

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:02 AM, on 3/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\Hijackthis.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKCU\..\Run: [ErrorRepairTool] C:\Program Files\ErrorRepairTool\ErrorRepairTool.exe -boot
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download Picture to Organizer - file://C:\Program Files\PictureWorks\MediaCenter\pages\cfile.htm
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
O8 - Extra context menu item: Send as NetCard - file://C:\Program Files\PictureWorks\MediaCenter\pages\sendnetcard.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E458BD1A-5D92-47DF-B1E8-41E5878D08D7}: NameServer = 207.69.188.185 207.69.188.186
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

--
End of file - 8406 bytes

[evilfantasy]

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

• R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
• R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
• O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

.
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

Two antivirus. CA and Avast.

You need to uninstall all but one antivirus.

The real-time protection of two antivirus programs may conflict with each other and cause the following:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.

----------

Download from DDS by sUBs and save it to your Desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or forewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs:

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please include the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[lisashomeoffice]

Before I post the DDS and Attach logs, I just want you to know that I uninstalled about a year ago and have not been able to get the remainder of the files off of the computer.  I went to CA and used their uninstaller and it did not get it off.  I ran SAFARP  and it did not remove it either.  Is there and uninstaller that will get it off for good.  I know that 2 anti virus running is not productive;however, I just can't get CA off the computer.

Thanks for you help!




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/30/2006 4:25:11 PM
System Uptime: 3/26/2009 10:10:57 PM (3 hours ago)

Motherboard: ECS |  | 945P-A
Processor:              Intel(R) Pentium(R) D  CPU 2.66GHz | CPU 1 | 2660/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 223.405 GiB free.
D: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_18531019&REV_10\4&CF81C54&0&28F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_18531019&REV_10\4&CF81C54&0&28F0
Service: RTL8023xp

==== System Restore Points ===================

RP39: 12/28/2008 1:09:29 AM - System Checkpoint
RP40: 12/29/2008 4:05:07 AM - System Checkpoint
RP41: 1/6/2009 11:13:45 PM - System Checkpoint
RP42: 1/9/2009 3:34:07 AM - Removed Palm Desktop
RP43: 1/9/2009 3:34:52 AM - Removed Palm Desktop
RP44: 1/11/2009 8:26:42 AM - System Checkpoint
RP45: 1/12/2009 11:39:17 AM - System Checkpoint
RP46: 1/17/2009 8:14:16 AM - Software Distribution Service 3.0
RP47: 1/19/2009 8:53:10 PM - System Checkpoint
RP48: 1/21/2009 4:17:13 AM - System Checkpoint
RP49: 1/23/2009 2:44:32 AM - Software Distribution Service 3.0
RP50: 1/24/2009 11:09:31 PM - System Checkpoint
RP51: 1/27/2009 7:03:41 PM - System Checkpoint
RP52: 2/1/2009 11:21:25 PM - System Checkpoint
RP53: 2/4/2009 9:11:29 AM - System Checkpoint
RP54: 2/8/2009 1:33:40 AM - System Checkpoint
RP55: 2/9/2009 11:13:55 PM - System Checkpoint
RP56: 2/11/2009 11:49:04 PM - Software Distribution Service 3.0
RP57: 2/12/2009 10:06:37 PM - Installed MalwareRemovalBot
RP58: 2/14/2009 2:08:57 PM - System Checkpoint
RP59: 2/16/2009 4:09:28 AM - System Checkpoint
RP60: 2/17/2009 10:56:42 AM - System Checkpoint
RP61: 2/21/2009 10:55:16 AM - System Checkpoint
RP62: 2/24/2009 4:04:01 AM - System Checkpoint
RP63: 2/24/2009 9:39:34 PM - Software Distribution Service 3.0
RP64: 2/25/2009 11:06:46 PM - System Checkpoint
RP65: 2/26/2009 6:50:40 PM - Removed MalwareRemovalBot
RP66: 2/27/2009 7:52:24 PM - System Checkpoint
RP67: 3/2/2009 5:54:15 PM - System Checkpoint
RP68: 3/7/2009 8:45:11 AM - System Checkpoint
RP69: 3/8/2009 10:52:19 PM - System Checkpoint
RP70: 3/10/2009 5:22:51 PM - System Checkpoint
RP71: 3/10/2009 9:50:35 PM - Installed Mewsoft Fonawy Standard
RP72: 3/11/2009 11:00:18 AM - Software Distribution Service 3.0
RP73: 3/13/2009 1:15:33 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP74: 3/14/2009 12:22:14 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP75: 3/14/2009 3:16:48 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP76: 3/16/2009 4:34:55 AM - System Checkpoint
RP77: 3/16/2009 4:39:49 AM - Software Distribution Service 3.0
RP78: 3/20/2009 10:57:45 AM - System Checkpoint
RP79: 3/21/2009 4:05:18 PM - System Checkpoint
RP80: 3/24/2009 1:07:18 PM - System Checkpoint
RP81: 3/24/2009 3:51:57 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP82: 3/24/2009 7:16:57 PM - Installed Windows Internet Explorer 8.
RP83: 3/24/2009 7:41:34 PM - Spyware Begone! Spy Removal
RP84: 3/25/2009 11:06:05 AM - Restore Operation
RP85: 3/25/2009 11:13:48 AM - Software Distribution Service 3.0
RP86: 3/26/2009 1:53:23 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP87: 3/26/2009 4:22:50 PM - Installed SUPERAntiSpyware Free Edition
RP88: 3/26/2009 8:16:06 PM - Installed ErrorRepairTool
RP89: 3/26/2009 8:20:54 PM - Removed ErrorRepairTool
RP90: 3/26/2009 10:05:43 PM - Installed Java(TM) 6 Update 13

==== Installed Programs ======================


Ad-Aware
Adobe Acrobat 4.0
Adobe Acrobat 5.0
Adobe Download Manager 2.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.1.0
Arrange Startup 3.0
Audio Manager Driver
avast! Antivirus
CA Anti-Spam
CA Anti-Virus
CA Website Inspector
Call Alert! 1.0
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner (remove only)
CCScore
CuperUtilities StartUp Manager 1.1
Deal Info
EarthLink Accelerator
EarthLink FastLane
EarthLink MailBox
EarthLink Software
Easy Uninstaller
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
GIMP 2.4.5
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HPPhotoSmartPhotobookWebPack1
ieSpell
Iomega Automatic Backup
Java(TM) 6 Update 13
kgcbase
KissHTML Editor
Kodak EasyShare software
Malwarebytes' Anti-Malware
Mewsoft Fonawy Standard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office XP Web Components
Microsoft Word 2000
ML-1710 Series
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
netbrdg
NVIDIA Drivers
Nvu 1.0PR
OfotoXMI
PC Pitstop Driver Alert 1.0
PC Pitstop Optimize 1.5
Photo Presenter
PSSWCORE
Quick StartUp 2.1
QuickTime
Realtek High Definition Audio Driver
Redistributed Files
RunAlyzer
Safarp
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
SFR
SHASTA
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
The Book of Thoth
tooltips
TotalAccess Core Applications
Traffic Maximizer Pro 2.0
U.S. Robotics V.92 Voice Host Int
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
version 6.0
VideoToolkit01
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows XP Service Pack 3
WIRELESS

==== Event Viewer Messages From Past Week ========

3/24/2009 3:52:16 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
3/22/2009 5:27:05 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
3/22/2009 5:27:03 AM, error: Service Control Manager [7000]  - The avast! Mail Scanner service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
3/22/2009 5:27:03 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
3/24/2009 3:58:15 PM, error: System Error [1003]  - Error code 1000007e, parameter1 c0000005, parameter2 f75b9ce2, parameter3 f4f0eb7c, parameter4 f4f0e878.
3/25/2009 1:34:12 PM, error: Service Control Manager [7034]  - The avast! Web Scanner service terminated unexpectedly.  It has done this 1 time(s).
3/26/2009 1:52:24 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
3/26/2009 1:52:54 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the  service.
3/26/2009 7:56:56 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.

==== End Of File ===========================


DDS



DDS (Ver_09-03-16.01) - NTFSx86 
Run by Owner at  1:58:54.20 on Fri 03/27/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.200 [GMT -7:00]

AV: avast! antivirus 4.8.1335 [VPS 090326-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\windows\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HXFKGG\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uSearch Bar = hxxp://start.earthlink.net/AL/Search
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
uDefault_Page_URL = hxxp://start.earthlink.net
mSearchAssistant = hxxp://start.earthlink.net/AL/Search
uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: IE_PopupBlocker Class: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\program files\earthlink totalaccess\accelerator\prpl_IePopupBlocker.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Iomega Automatic Backup] c:\program files\iomega\iomega automatic backup\ibackup.exe
uRun: [ErrorRepairTool] c:\program files\errorrepairtool\ErrorRepairTool.exe -boot
uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Download Picture to Organizer - file://c:\program files\pictureworks\mediacenter\pages\cfile.htm
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: Refresh Pa&ge with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-page.html
IE: Refresh Pi&cture with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-image.html
IE: Send as NetCard - file://c:\program files\pictureworks\mediacenter\pages\sendnetcard.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {E458BD1A-5D92-47DF-B1E8-41E5878D08D7} = 207.69.188.185 207.69.188.186
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\linkadvisor\CIDLinkAdvisor.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-24 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-24 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-10-24 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-10-24 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-10-24 352920]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2006-11-30 20160]
S3 BW2NDIS5;BW2NDIS5;

S3 JL2005;JL2005A Camera;

S3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-10-23 185608]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S3 SIWIO;SIWIO;

=============== Created Last 30 ================

2009-03-27 01:47   <DIR>   --d-----   c:\program files\Safarp
2009-03-26 22:06   410,984   a-------   c:\windows\system32\deploytk.dll
2009-03-26 22:06   73,728   a-------   c:\windows\system32\javacpl.cpl
2009-03-26 20:16   <DIR>   --d-----   c:\docume~1\owner\applic~1\ErrorRepairTool
2009-03-26 19:36   <DIR>   --d-----   c:\docume~1\owner\applic~1\Malwarebytes
2009-03-26 19:35   15,504   a-------   c:\windows\system32\drivers\mbam.sys
2009-03-26 19:35   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 19:35   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
2009-03-26 19:35   <DIR>   --d-----   c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-03-26 16:23   <DIR>   --d-----   c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2009-03-26 16:22   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
2009-03-26 16:22   <DIR>   --d-----   c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-03-26 14:22   <DIR>   --d-----   c:\program files\Easy Uninstaller
2009-03-25 11:07   <DIR>   --d-----   c:\program files\RegistryPatrol3.0
2009-03-25 11:06   <DIR>   --d-----   c:\program files\Free Offers from Freeze.com
2009-03-24 19:26   <DIR>   --d-----   c:\documents and settings\owner\IECompatCache
2009-03-24 19:24   <DIR>   --d-----   c:\documents and settings\owner\PrivacIE
2009-03-24 19:20   <DIR>   --d-----   c:\documents and settings\owner\IETldCache
2009-03-24 19:16   <DIR>   -cd-----   c:\windows\ie8
2009-03-24 16:53   <DIR>   --d-----   C:\spywarebegone
2009-03-24 16:53   170   a-------   c:\windows\spywarebegone-fullversion-installed.html
2009-03-14 02:22   42   a-------   c:\windows\system32\AK083E209605E394C.lie
2009-03-14 01:22   <DIR>   --d-----   c:\windows\SxsCaPendDel
2009-03-13 04:02   <DIR>   --d-----   c:\docume~1\owner\applic~1\MailWasherPro
2009-03-13 02:16   <DIR>   --d-----   c:\docume~1\alluse~1.win\applic~1\SITEguard
2009-03-13 02:15   <DIR>   --d-----   c:\program files\common files\iS3
2009-03-13 02:15   <DIR>   --d-----   c:\docume~1\alluse~1.win\applic~1\STOPzilla!
2009-03-11 06:09   <DIR>   --d-----   c:\program files\Enigma Software Group
2009-03-10 22:50   <DIR>   --d-----   c:\program files\Fonawy Standard
2009-03-10 17:38   <DIR>   --d-----   c:\program files\Call Alert
2009-03-10 17:26   <DIR>   --d-----   c:\program files\Traysoft
2009-03-08 14:22   1,241,088   --------   c:\windows\system32\ieframe.dll.mui
2009-03-08 14:22   49,152   --------   c:\windows\system32\msrating.dll.mui
2009-03-08 14:22   2,560   --------   c:\windows\system32\mshta.exe.mui
2009-03-08 14:21   10,240   --------   c:\windows\system32\advpack.dll.mui
2009-03-08 14:21   4,096   --------   c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20   81,920   --------   c:\windows\system32\iedkcs32.dll.mui
2009-03-03 00:02   <DIR>   --d-----   C:\freescan
2009-03-02 23:27   <DIR>   --d-----   c:\docume~1\owner\applic~1\com.codeode
2009-02-26 19:39   <DIR>   --d-----   c:\docume~1\owner\applic~1\Uniblue

==================== Find3M  ====================

2009-03-26 15:03   724,992   a-------   c:\windows\iun6002.exe
2009-02-09 04:13   1,846,784   a-------   c:\windows\system32\win32k.sys
2006-08-12 05:03   4   a-------   c:\program files\Reminder.todo
2006-08-12 05:02   325   a-------   c:\program files\autobidding.log
2006-08-12 04:48   4   a-------   c:\program files\Reminder.~todo

============= FINISH:  1:59:30.45 ===============

[evilfantasy]

You don't see these in th add/remove programs list?

CA Anti-Spam
CA Anti-Virus
CA Website Inspector

[lisashomeoffice]

Those were all removed a long time ago with the CA uninstaller.  Even though they don't show up in the ADD/ REMOVE it is still showing that it does and you can see that. CA has their own forum & it seems like that is a problem that I have seen in the forum.  Maybe you can find something I didn't see.  http://home3.ca.com/Support/techsupport/techsupporthome.aspx

Lisa

[evilfantasy]

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

File::
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe

Folder::
C:\Program Files\CA
c:\docume~1\alluse~1.win\applic~1\SITEguard
c:\program files\common files\iS3
c:\docume~1\alluse~1.win\applic~1\STOPzilla!

DDS::
BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\linkadvisor\CIDLinkAdvisor.dll

Driver::
PPCtlPriv


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[lisashomeoffice]

I downloaded the Combo fix.  I had a problem when I got to #6.   After I pasted the given code, I did not see the 2 icons (combofix & CFscript) as shown in your instructions. Can you tell me how I can get that part of it done.  I just don't seem to be able to get that part.  Other than that, I am sending the log, as requested.

Thanks,

ComboFix 09-03-26.03 - Owner 2009-03-27 22:18:09.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.197 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090327-0] *On-access scanning enabled* (Updated)
 * Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Cookies\[email protected][3].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@1064448610[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@1065924588[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@1072322497[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@59073359[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][3].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][3].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@ad[3].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][1].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][2].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@amomslove[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@avianweb[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@backbelt[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@betaseek[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@bidvertiser[3].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@cdrx[2].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@cgi-bin[12].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@cgi-bin[16].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@cgi-bin[19].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@cgi-bin[20].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][2].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@devx[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@dogpile[2].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@dogpile[3].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@ebay[2].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@ebay[3].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@ecommerce-guide[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][3].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][2].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@freestuffpage[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@geocities[2].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@hyiprank[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@komando[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][3].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@maxpages[3].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@mb[3].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@mb[6].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@mb[7].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@mb[8].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@mydesktophelp[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@mygeek[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@network[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@nope[3].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@oxado[3].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@rc[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@rtm[3].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][1].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][3].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@user[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@webceo[2].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@webmasterworld[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@winhundred[2].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][1].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][3].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][2].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][2].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][1].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][3].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][2].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][2].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][2].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][2].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][1].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][2].txt.virtual.lnk
c:\documents and settings\user\Cookies\[email protected][1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@yahoo[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@zonaminada[1].txt.virtual.lnk
c:\documents and settings\user\Cookies\user@zonaminada[4].txt.virtual.lnk
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI

.
(((((((((((((((((((((((((   Files Created from 2009-02-28 to 2009-03-28  )))))))))))))))))))))))))))))))
.

2009-03-27 01:47 . 2009-03-27 01:52   <DIR>   d--------   c:\program files\Safarp
2009-03-26 22:06 . 2009-03-26 22:06   <DIR>   d--------   c:\windows\Sun
2009-03-26 22:06 . 2009-03-26 22:05   410,984   --a------   c:\windows\system32\deploytk.dll
2009-03-26 22:06 . 2009-03-26 22:05   73,728   --a------   c:\windows\system32\javacpl.cpl
2009-03-26 22:05 . 2009-03-26 22:05   <DIR>   d--------   c:\program files\Java
2009-03-26 20:16 . 2009-03-26 20:19   <DIR>   d--------   c:\documents and settings\Owner\Application Data\ErrorRepairTool
2009-03-26 19:36 . 2009-03-26 19:36   <DIR>   d--------   c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-26 19:35 . 2009-03-26 19:46   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2009-03-26 19:35 . 2009-03-26 19:35   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-03-26 19:35 . 2009-03-26 16:49   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 19:35 . 2009-03-26 16:49   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2009-03-26 16:23 . 2009-03-26 16:23   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-03-26 16:22 . 2009-03-26 16:22   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2009-03-26 16:22 . 2009-03-26 16:22   <DIR>   d--------   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-03-26 14:22 . 2009-03-26 14:22   <DIR>   d--------   c:\program files\Easy Uninstaller
2009-03-25 11:07 . 2009-03-25 11:07   <DIR>   d--------   c:\program files\RegistryPatrol3.0
2009-03-25 11:06 . 2009-03-25 11:06   <DIR>   d--------   c:\program files\Free Offers from Freeze.com
2009-03-24 19:26 . 2009-03-24 19:26   <DIR>   d--------   c:\documents and settings\Owner\IECompatCache
2009-03-24 19:24 . 2009-03-24 19:24   <DIR>   d--------   c:\documents and settings\Owner\PrivacIE
2009-03-24 19:20 . 2009-03-24 19:20   <DIR>   d--------   c:\documents and settings\Owner\IETldCache
2009-03-24 19:17 . 2009-03-25 11:07   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
2009-03-24 19:17 . 2009-03-24 19:17   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
2009-03-24 19:16 . 2009-03-25 11:07   <DIR>   d----c---   c:\windows\ie8
2009-03-24 16:53 . 2009-03-26 15:58   <DIR>   d--------   C:\spywarebegone
2009-03-24 16:53 . 2009-03-26 15:03   170   --a------   c:\windows\spywarebegone-fullversion-installed.html
2009-03-24 15:03 . 2009-03-25 11:07   <DIR>   d--------   c:\program files\RegCure
2009-03-14 02:22 . 2009-03-14 02:22   42   --a------   c:\windows\system32\AK083E209605E394C.lie
2009-03-14 01:22 . 2009-03-26 13:58   <DIR>   d--------   c:\windows\SxsCaPendDel
2009-03-13 04:02 . 2009-03-22 07:35   <DIR>   d--------   c:\documents and settings\Owner\Application Data\MailWasherPro
2009-03-13 02:16 . 2009-03-13 02:21   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\SITEguard
2009-03-13 02:15 . 2009-03-13 02:15   <DIR>   d--------   c:\program files\Common Files\iS3
2009-03-13 02:15 . 2009-03-26 13:51   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
2009-03-11 06:09 . 2009-03-11 20:04   <DIR>   d--------   c:\program files\Enigma Software Group
2009-03-10 22:50 . 2009-03-11 00:10   <DIR>   d--------   c:\program files\Fonawy Standard
2009-03-10 17:38 . 2009-03-10 17:38   <DIR>   d--------   c:\program files\Call Alert
2009-03-10 17:26 . 2009-03-10 17:31   <DIR>   d--------   c:\program files\Traysoft
2009-03-08 14:22 . 2009-03-08 14:22   1,241,088   ---------   c:\windows\system32\ieframe.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22   49,152   ---------   c:\windows\system32\msrating.dll.mui
2009-03-08 14:22 . 2009-03-08 14:22   2,560   ---------   c:\windows\system32\mshta.exe.mui
2009-03-08 14:21 . 2009-03-08 14:21   10,240   ---------   c:\windows\system32\advpack.dll.mui
2009-03-08 14:21 . 2009-03-08 14:21   4,096   ---------   c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:20 . 2009-03-08 14:20   81,920   ---------   c:\windows\system32\iedkcs32.dll.mui
2009-03-03 00:02 . 2009-03-26 14:07   <DIR>   d--------   C:\freescan
2009-03-02 23:27 . 2009-03-02 23:27   <DIR>   d--------   c:\documents and settings\Owner\Application Data\com.codeode

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-28 05:06   ---------   d-----w   c:\documents and settings\Owner\Application Data\CallingID
2009-03-28 00:30   ---------   d-----w   c:\program files\EarthLink TotalAccess
2009-03-26 23:21   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2009-03-26 22:03   724,992   ----a-w   c:\windows\iun6002.exe
2009-03-26 21:29   ---------   d-----w   c:\program files\EarthLink
2009-03-25 18:07   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-03-25 02:17   ---------   d-----w   c:\program files\Yahoo!
2009-03-24 23:37   ---------   d-----w   c:\program files\Camtech
2009-03-12 01:15   ---------   d---a-w   c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2009-02-27 02:39   ---------   d-----w   c:\documents and settings\Owner\Application Data\Uniblue
2009-02-10 11:19   ---------   d-----w   c:\program files\CCleaner
2009-02-10 11:19   ---------   d-----w   c:\documents and settings\Owner\Application Data\Yahoo!
2009-02-09 11:13   1,846,784   ----a-w   c:\windows\system32\win32k.sys
2006-08-12 12:03   4   ----a-w   c:\program files\Reminder.todo
2006-08-12 12:02   325   ----a-w   c:\program files\autobidding.log
2006-08-12 11:48   4   ----a-w   c:\program files\Reminder.~todo
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Iomega Automatic Backup"="c:\program files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
"E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 942080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-26 148888]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll" [2007-07-30 1373624]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= jl_mjpg2.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Get Help (2).lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Get Help (2).lnk
backup=c:\windows\pss\Get Help (2).lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fonawy]
c:\program files\Fonawy Standard\Fonawy [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]
--a------ 2001-04-27 11:00 53248 c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2008-03-13 09:34 81920 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup]
--a------ 2002-10-15 10:32 3014656 c:\program files\Iomega\Iomega Automatic Backup\iBackup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-13 17:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
--a------ 2008-03-26 18:40 2577120 c:\program files\PCPitstop\Optimize\PCPOptimize.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 03:43 69632 c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2005-01-07 18:07 61952 c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"capfasem"=c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
"QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-24 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-24 20560]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2006-11-30 20160]
S3 BW2NDIS5;BW2NDIS5;

S3 JL2005;JL2005A Camera;

S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-10-23 185608]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 SIWIO;SIWIO;

.
Contents of the 'Scheduled Tasks' folder

2009-03-27 c:\windows\Tasks\ErrorRepairTool Scan.job
- c:\program files\ErrorRepairTool\ErrorRepairTool.exe []

2009-03-27 c:\windows\Tasks\ErrorRepairTool Scan.job
- c:\program files\ErrorRepairTool []

2009-03-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe []

2009-03-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe []
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-SITEguard - (no file)
HKCU-Run-ErrorRepairTool - c:\program files\ErrorRepairTool\ErrorRepairTool.exe
MSConfigStartUp-Arovax Shield - c:\program files\Arovax Shield\ArovaxShield.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-CaAvTray - c:\program files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
MSConfigStartUp-CaISSDT - c:\program files\CA\eTrust Internet Security Suite\caissdt.exe
MSConfigStartUp-CAVRID - c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
MSConfigStartUp-com.codeode - c:\program files\Cactus Spam Filter 2.13\cactusspamfilter.exe
MSConfigStartUp-eTrustPPAP - c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
MSConfigStartUp-Free Ram Optimizer - c:\program files\AceLogix\Free Ram Optimizer\fro.exe
MSConfigStartUp-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe
MSConfigStartUp-PC-Checkup - c:\program files\Speeditup Free\PCCheckUp\PCCheckUp.exe
MSConfigStartUp-QOELOADER - c:\program files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe
MSConfigStartUp-Spyware Begone - c:\freescan\freescan.exe
MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Supplementary Scan -------
.
uStart Page = www.yahoo.com
uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Download Picture to Organizer - file://c:\program files\PictureWorks\MediaCenter\pages\cfile.htm
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Send as NetCard - file://c:\program files\PictureWorks\MediaCenter\pages\sendnetcard.htm
TCP: {E458BD1A-5D92-47DF-B1E8-41E5878D08D7} = 207.69.188.185 207.69.188.186
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 22:20:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1214440339-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(392)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-03-27 22:21:49
ComboFix-quarantined-files.txt  2009-03-28 05:21:46

Pre-Run: 239,681,093,632 bytes free
Post-Run: 239,806,058,496 bytes free

294

[evilfantasy]

Just read the instructions. You need to save the CFScript to your desktop and then drag and drop it into ComboFix.

[lisashomeoffice]

Hi,
I'm sorry it took me so long to get back to you.  I wasn't doing too well for awhile.  I'm going to have to start all over again. (I think!)  One thing you could tell me is what site are those icons at.  I'm missing something.  If I know which website that these are on, maybe I can figure it out.  I don't seem to have any problems other than this.


Lisa