Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: My windows keep disappearing  (Read 1901 times)

0 Members and 1 Guest are viewing this topic.

lisashomeoffice

    Topic Starter


    Beginner
    My windows keep disappearing
    « on: March 24, 2009, 06:17:28 PM »
    What would (could) cause my windows to disappear rather quickly?  I can have 2 or 3 or even 1 window open and all of a sudden it closes. I thought it might be the Stopzilla download;however, I have deleted the file and I still am having the problem.  I use Avast, Spybot S+D,
    Adaware, Spyware Begone and can't see where it might be a virus, spyware, or something. I'm not really sure if it is a virus, or within Win xp.

    Any clues?

    internet explorer 6
    Windows xp
    250 gb
    intel pentium 4
    2.66 g
    Cyber Power custom configured
    memory  512MB

    brundle



      Rookie

      Thanked: 3
      Re: My windows keep disappearing
      « Reply #1 on: March 24, 2009, 06:37:35 PM »
      Are they Explorer windows, or Internet Explorer windows ?
      Do all open windows close at once simultaneously, or do some stay open?
      System Restore to a point before it started?

      lisashomeoffice

        Topic Starter


        Beginner
        Re: My windows keep disappearing
        « Reply #2 on: March 25, 2009, 12:25:31 PM »
        I use IE.  It closes whether it is one window, or more.  Although it doesn't happen all the time, I loose my page or pages and I have to start all over again. I went to System Restore and went back to a week ago.  This problem has been going on for a little over a week now, so I will just keep going back a little and see if the problem goes away.  Thanks for such a  quick response.

        evilfantasy

        • Malware Removal Specialist
        • Moderator


        • Genius
        • Calm like a bomb
        • Thanked: 483
          • evilfantasy's blog
        • Experience: Familiar
        • OS: Windows 8
        Re: My windows keep disappearing
        « Reply #3 on: March 25, 2009, 04:23:52 PM »
        Stopzilla is not a trusted program nor is Spyware Begone.

        See here:
        http://www.mywot.com/en/scorecard/stopzilla.com
        http://www.mywot.com/en/scorecard/spywarebegone.com

        Uninstall those if you have them and then follow this guide http://www.computerhope.com/forum/index.php/topic,46313.0.html

        Post the 3 logs when complete.

        lisashomeoffice

          Topic Starter


          Beginner
          Re: My windows keep disappearing
          « Reply #4 on: March 27, 2009, 01:45:49 AM »
          I downloaded  Superantispyware, Malwarebytes' Anti-Malware, and Hijackthis.  I am enclosing the logs. They are on one page off of notepad.

          Lisa

          Logfile of Trend Micro HijackThis v2.0.2
          Scan saved at 12:25:02 AM, on 3/27/2009
          Platform: Windows XP SP3 (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
          Boot mode: Normal

          Running processes:
          C:\windows\System32\smss.exe
          C:\windows\system32\winlogon.exe
          C:\windows\system32\services.exe
          C:\windows\system32\lsass.exe
          C:\windows\system32\svchost.exe
          C:\windows\System32\svchost.exe
          C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\windows\system32\spoolsv.exe
          C:\PROGRA~1\Iomega\System32\AppServices.exe
          C:\Program Files\Java\jre6\bin\jqs.exe
          C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
          C:\windows\system32\nvsvc32.exe
          C:\windows\system32\svchost.exe
          C:\WINDOWS\system32\MsPMSPSv.exe
          C:\windows\Explorer.EXE
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\Program Files\Java\jre6\bin\jusched.exe
          C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
          C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
          C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
          C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
          C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Documents and Settings\Owner\Desktop\Hijackthis.exe\HijackThis.exe

          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
          R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
          R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
          R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
          O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
          O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
          O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
          O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
          O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
          O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
          O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
          O4 - HKCU\..\Run: [Iomega Automatic Backup] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
          O4 - HKCU\..\Run: [ErrorRepairTool] C:\Program Files\ErrorRepairTool\ErrorRepairTool.exe -boot
          O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
          O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
          O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
          O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
          O8 - Extra context menu item: Download Picture to Organizer - file://C:\Program Files\PictureWorks\MediaCenter\pages\cfile.htm
          O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
          O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
          O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-page.html
          O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\EarthLink TotalAccess\Accelerator\\pac-image.html
          O8 - Extra context menu item: Send as NetCard - file://C:\Program Files\PictureWorks\MediaCenter\pages\sendnetcard.htm
          O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
          O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
          O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
          O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
          O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
          O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
          O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
          O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
          O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
          O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
          O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{E458BD1A-5D92-47DF-B1E8-41E5878D08D7}: NameServer = 207.69.188.185 207.69.188.186
          O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
          O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
          O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
          O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
          O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

          --
          End of file - 8406 bytes

          evilfantasy

          • Malware Removal Specialist
          • Moderator


          • Genius
          • Calm like a bomb
          • Thanked: 483
            • evilfantasy's blog
          • Experience: Familiar
          • OS: Windows 8
          Re: My windows keep disappearing
          « Reply #5 on: March 27, 2009, 01:58:29 AM »
          Open HijackThis and select Do a system scan only.

          Place a check mark next to the following entries: (if there)

          • R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
          • R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
          • O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
          .
          Important: Close all open windows except for HijackThis and then click Fix checked.

          Once completed, exit HijackThis.

          ----------

          Two antivirus. CA and Avast.

          You need to uninstall all but one antivirus.

          The real-time protection of two antivirus programs may conflict with each other and cause the following:

          1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
          2) Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
          3) Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.

          ----------

          Download from DDS by sUBs and save it to your Desktop. Alternate DDS download link

          Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

          * XP users Double click on dds to run it.
          * If your antivirus or forewall try to block DDS then please allow it to run.
          * When finished DDS will open two (2) logs:

          1) DDS.txt
          2) Attach.txt

          * Save both logs to your desktop.
          * Please include the entire contents of both logs in your next reply.

          Note: DDS will instruct you to post the Attach.txt log as an attachment.
          Please just post it as you would any other log by copy and pasting it into the reply.

          lisashomeoffice

            Topic Starter


            Beginner
            Re: My windows keep disappearing
            « Reply #6 on: March 27, 2009, 03:09:07 AM »
            Before I post the DDS and Attach logs, I just want you to know that I uninstalled about a year ago and have not been able to get the remainder of the files off of the computer.  I went to CA and used their uninstaller and it did not get it off.  I ran SAFARP  and it did not remove it either.  Is there and uninstaller that will get it off for good.  I know that 2 anti virus running is not productive;however, I just can't get CA off the computer.

            Thanks for you help!




            UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
            IF REQUESTED, ZIP IT UP & ATTACH IT

            DDS (Ver_09-03-16.01)

            Microsoft Windows XP Home Edition
            Boot Device: \Device\HarddiskVolume1
            Install Date: 11/30/2006 4:25:11 PM
            System Uptime: 3/26/2009 10:10:57 PM (3 hours ago)

            Motherboard: ECS |  | 945P-A
            Processor:              Intel(R) Pentium(R) D  CPU 2.66GHz | CPU 1 | 2660/133mhz

            ==== Disk Partitions =========================

            A: is Removable
            C: is FIXED (NTFS) - 233 GiB total, 223.405 GiB free.
            D: is CDROM ()
            F: is Removable

            ==== Disabled Device Manager Items =============

            Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
            Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
            Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_18531019&REV_10\4&CF81C54&0&28F0
            Manufacturer: Realtek Semiconductor Corp.
            Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
            PNP Device ID: PCI\VEN_10EC&DEV_8169&SUBSYS_18531019&REV_10\4&CF81C54&0&28F0
            Service: RTL8023xp

            ==== System Restore Points ===================

            RP39: 12/28/2008 1:09:29 AM - System Checkpoint
            RP40: 12/29/2008 4:05:07 AM - System Checkpoint
            RP41: 1/6/2009 11:13:45 PM - System Checkpoint
            RP42: 1/9/2009 3:34:07 AM - Removed Palm Desktop
            RP43: 1/9/2009 3:34:52 AM - Removed Palm Desktop
            RP44: 1/11/2009 8:26:42 AM - System Checkpoint
            RP45: 1/12/2009 11:39:17 AM - System Checkpoint
            RP46: 1/17/2009 8:14:16 AM - Software Distribution Service 3.0
            RP47: 1/19/2009 8:53:10 PM - System Checkpoint
            RP48: 1/21/2009 4:17:13 AM - System Checkpoint
            RP49: 1/23/2009 2:44:32 AM - Software Distribution Service 3.0
            RP50: 1/24/2009 11:09:31 PM - System Checkpoint
            RP51: 1/27/2009 7:03:41 PM - System Checkpoint
            RP52: 2/1/2009 11:21:25 PM - System Checkpoint
            RP53: 2/4/2009 9:11:29 AM - System Checkpoint
            RP54: 2/8/2009 1:33:40 AM - System Checkpoint
            RP55: 2/9/2009 11:13:55 PM - System Checkpoint
            RP56: 2/11/2009 11:49:04 PM - Software Distribution Service 3.0
            RP57: 2/12/2009 10:06:37 PM - Installed MalwareRemovalBot
            RP58: 2/14/2009 2:08:57 PM - System Checkpoint
            RP59: 2/16/2009 4:09:28 AM - System Checkpoint
            RP60: 2/17/2009 10:56:42 AM - System Checkpoint
            RP61: 2/21/2009 10:55:16 AM - System Checkpoint
            RP62: 2/24/2009 4:04:01 AM - System Checkpoint
            RP63: 2/24/2009 9:39:34 PM - Software Distribution Service 3.0
            RP64: 2/25/2009 11:06:46 PM - System Checkpoint
            RP65: 2/26/2009 6:50:40 PM - Removed MalwareRemovalBot
            RP66: 2/27/2009 7:52:24 PM - System Checkpoint
            RP67: 3/2/2009 5:54:15 PM - System Checkpoint
            RP68: 3/7/2009 8:45:11 AM - System Checkpoint
            RP69: 3/8/2009 10:52:19 PM - System Checkpoint
            RP70: 3/10/2009 5:22:51 PM - System Checkpoint
            RP71: 3/10/2009 9:50:35 PM - Installed Mewsoft Fonawy Standard
            RP72: 3/11/2009 11:00:18 AM - Software Distribution Service 3.0
            RP73: 3/13/2009 1:15:33 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
            RP74: 3/14/2009 12:22:14 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
            RP75: 3/14/2009 3:16:48 AM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
            RP76: 3/16/2009 4:34:55 AM - System Checkpoint
            RP77: 3/16/2009 4:39:49 AM - Software Distribution Service 3.0
            RP78: 3/20/2009 10:57:45 AM - System Checkpoint
            RP79: 3/21/2009 4:05:18 PM - System Checkpoint
            RP80: 3/24/2009 1:07:18 PM - System Checkpoint
            RP81: 3/24/2009 3:51:57 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
            RP82: 3/24/2009 7:16:57 PM - Installed Windows Internet Explorer 8.
            RP83: 3/24/2009 7:41:34 PM - Spyware Begone! Spy Removal
            RP84: 3/25/2009 11:06:05 AM - Restore Operation
            RP85: 3/25/2009 11:13:48 AM - Software Distribution Service 3.0
            RP86: 3/26/2009 1:53:23 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
            RP87: 3/26/2009 4:22:50 PM - Installed SUPERAntiSpyware Free Edition
            RP88: 3/26/2009 8:16:06 PM - Installed ErrorRepairTool
            RP89: 3/26/2009 8:20:54 PM - Removed ErrorRepairTool
            RP90: 3/26/2009 10:05:43 PM - Installed Java(TM) 6 Update 13

            ==== Installed Programs ======================


            Ad-Aware
            Adobe Acrobat 4.0
            Adobe Acrobat 5.0
            Adobe Download Manager 2.2 (Remove Only)
            Adobe Flash Player 9 ActiveX
            Adobe Flash Player ActiveX
            Adobe Reader 7.1.0
            Arrange Startup 3.0
            Audio Manager Driver
            avast! Antivirus
            CA Anti-Spam
            CA Anti-Virus
            CA Website Inspector
            Call Alert! 1.0
            Cards_Calendar_OrderGift_DoMorePlugout
            CCleaner (remove only)
            CCScore
            CuperUtilities StartUp Manager 1.1
            Deal Info
            EarthLink Accelerator
            EarthLink FastLane
            EarthLink MailBox
            EarthLink Software
            Easy Uninstaller
            ESSBrwr
            ESSCDBK
            ESScore
            ESSgui
            ESSini
            ESSPCD
            ESSPDock
            ESSSONIC
            ESSTOOLS
            essvatgt
            GIMP 2.4.5
            HijackThis 2.0.2
            Hotfix for Windows XP (KB952287)
            HP Photosmart Essential 2.5
            HP Photosmart Essential 3.0
            HPPhotoSmartPhotobookWebPack1
            ieSpell
            Iomega Automatic Backup
            Java(TM) 6 Update 13
            kgcbase
            KissHTML Editor
            Kodak EasyShare software
            Malwarebytes' Anti-Malware
            Mewsoft Fonawy Standard
            Microsoft .NET Framework 1.1
            Microsoft .NET Framework 1.1 Hotfix (KB928366)
            Microsoft Office XP Web Components
            Microsoft Word 2000
            ML-1710 Series
            MSXML 4.0 SP2 (KB936181)
            MSXML 4.0 SP2 (KB954430)
            netbrdg
            NVIDIA Drivers
            Nvu 1.0PR
            OfotoXMI
            PC Pitstop Driver Alert 1.0
            PC Pitstop Optimize 1.5
            Photo Presenter
            PSSWCORE
            Quick StartUp 2.1
            QuickTime
            Realtek High Definition Audio Driver
            Redistributed Files
            RunAlyzer
            Safarp
            Security Update for CAPICOM (KB931906)
            Security Update for Windows Media Player (KB911564)
            Security Update for Windows Media Player (KB952069)
            Security Update for Windows Media Player 6.4 (KB925398)
            Security Update for Windows Media Player 9 (KB917734)
            Security Update for Windows Media Player 9 (KB936782)
            Security Update for Windows XP (KB923689)
            Security Update for Windows XP (KB923789)
            Security Update for Windows XP (KB938464-v2)
            Security Update for Windows XP (KB938464)
            Security Update for Windows XP (KB941569)
            Security Update for Windows XP (KB946648)
            Security Update for Windows XP (KB950759)
            Security Update for Windows XP (KB950760)
            Security Update for Windows XP (KB950762)
            Security Update for Windows XP (KB950974)
            Security Update for Windows XP (KB951066)
            Security Update for Windows XP (KB951376-v2)
            Security Update for Windows XP (KB951698)
            Security Update for Windows XP (KB951748)
            Security Update for Windows XP (KB952954)
            Security Update for Windows XP (KB954211)
            Security Update for Windows XP (KB954459)
            Security Update for Windows XP (KB954600)
            Security Update for Windows XP (KB955069)
            Security Update for Windows XP (KB956390)
            Security Update for Windows XP (KB956391)
            Security Update for Windows XP (KB956802)
            Security Update for Windows XP (KB956803)
            Security Update for Windows XP (KB956841)
            Security Update for Windows XP (KB957095)
            Security Update for Windows XP (KB957097)
            Security Update for Windows XP (KB958215)
            Security Update for Windows XP (KB958644)
            Security Update for Windows XP (KB958687)
            Security Update for Windows XP (KB958690)
            Security Update for Windows XP (KB960225)
            Security Update for Windows XP (KB960714)
            Security Update for Windows XP (KB960715)
            SFR
            SHASTA
            skin0001
            SKINXSDK
            Spybot - Search & Destroy
            staticcr
            SUPERAntiSpyware Free Edition
            The Book of Thoth
            tooltips
            TotalAccess Core Applications
            Traffic Maximizer Pro 2.0
            U.S. Robotics V.92 Voice Host Int
            Update for Windows XP (KB951072-v2)
            Update for Windows XP (KB951978)
            Update for Windows XP (KB955839)
            Update for Windows XP (KB967715)
            version 6.0
            VideoToolkit01
            VPRINTOL
            WebFldrs XP
            Windows Genuine Advantage Notifications (KB905474)
            Windows Genuine Advantage Validation Tool (KB892130)
            Windows XP Service Pack 3
            WIRELESS

            ==== Event Viewer Messages From Past Week ========

            3/24/2009 3:52:16 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
            3/22/2009 5:27:05 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
            3/22/2009 5:27:03 AM, error: Service Control Manager [7000]  - The avast! Mail Scanner service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
            3/22/2009 5:27:03 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the avast! Mail Scanner service to connect.
            3/24/2009 3:58:15 PM, error: System Error [1003]  - Error code 1000007e, parameter1 c0000005, parameter2 f75b9ce2, parameter3 f4f0eb7c, parameter4 f4f0e878.
            3/25/2009 1:34:12 PM, error: Service Control Manager [7034]  - The avast! Web Scanner service terminated unexpectedly.  It has done this 1 time(s).
            3/26/2009 1:52:24 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
            3/26/2009 1:52:54 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the  service.
            3/26/2009 7:56:56 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.

            ==== End Of File ===========================


            DDS



            DDS (Ver_09-03-16.01) - NTFSx86 
            Run by Owner at  1:58:54.20 on Fri 03/27/2009
            Internet Explorer: 6.0.2900.5512
            Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.200 [GMT -7:00]

            AV: avast! antivirus 4.8.1335 [VPS 090326-0] *On-access scanning enabled* (Updated)

            ============== Running Processes ===============

            C:\windows\system32\svchost -k DcomLaunch
            svchost.exe
            C:\windows\System32\svchost.exe -k netsvcs
            svchost.exe
            svchost.exe
            C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
            C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
            C:\Program Files\Alwil Software\Avast4\ashServ.exe
            C:\windows\system32\spoolsv.exe
            C:\Program Files\Java\jre6\bin\jqs.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            C:\windows\system32\nvsvc32.exe
            C:\windows\system32\svchost.exe -k imgsvc
            C:\WINDOWS\system32\MsPMSPSv.exe
            C:\windows\Explorer.EXE
            C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
            C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
            C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
            C:\Program Files\Java\jre6\bin\jusched.exe
            C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
            C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
            C:\Program Files\EarthLink TotalAccess\FastLane\IPClient.exe
            C:\Program Files\EarthLink TotalAccess\Accelerator\ElinkAcc.exe
            C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
            C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\WINDOWS\system32\msiexec.exe
            C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8HXFKGG\dds[1].scr

            ============== Pseudo HJT Report ===============

            uStart Page = hxxp://www.yahoo.com
            uSearch Bar = hxxp://start.earthlink.net/AL/Search
            uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
            uDefault_Page_URL = hxxp://start.earthlink.net
            mSearchAssistant = hxxp://start.earthlink.net/AL/Search
            uURLSearchHooks: SrchHook Class: {44f9b173-041c-4825-a9b9-d914bd9dcbb3} - c:\program files\earthlink totalaccess\ElnIE.dll
            BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
            BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
            BHO: IE_PopupBlocker Class: {656ec4b7-072b-4698-b504-2a414c1f0037} - c:\program files\earthlink totalaccess\accelerator\prpl_IePopupBlocker.dll
            BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
            BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
            BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
            TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
            TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
            uRun: [Iomega Automatic Backup] c:\program files\iomega\iomega automatic backup\ibackup.exe
            uRun: [ErrorRepairTool] c:\program files\errorrepairtool\ErrorRepairTool.exe -boot
            uRun: [E6TaskPanel] "c:\program files\earthlink totalaccess\TaskPanl.exe" -winstart
            mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
            mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
            mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
            mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
            StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
            mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
            IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
            IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
            IE: Download Picture to Organizer - file://c:\program files\pictureworks\mediacenter\pages\cfile.htm
            IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
            IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
            IE: Refresh Pa&ge with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-page.html
            IE: Refresh Pi&cture with Full Quality - c:\program files\earthlink totalaccess\accelerator\\pac-image.html
            IE: Send as NetCard - file://c:\program files\pictureworks\mediacenter\pages\sendnetcard.htm
            IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
            IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
            IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
            IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
            IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
            DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
            DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=29223
            DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
            DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
            DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
            DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
            TCP: {E458BD1A-5D92-47DF-B1E8-41E5878D08D7} = 207.69.188.185 207.69.188.186
            Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
            SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\linkadvisor\CIDLinkAdvisor.dll
            SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

            ============= SERVICES / DRIVERS ===============

            R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-24 114768]
            R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
            R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
            R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
            R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-24 20560]
            R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-10-24 138680]
            R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-10-24 254040]
            R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-10-24 352920]
            S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2006-11-30 20160]
            S3 BW2NDIS5;BW2NDIS5;

            S3 JL2005;JL2005A Camera;

            S3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2008-10-23 185608]
            S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
            S3 SIWIO;SIWIO;


            =============== Created Last 30 ================

            2009-03-27 01:47   <DIR>   --d-----   c:\program files\Safarp
            2009-03-26 22:06   410,984   a-------   c:\windows\system32\deploytk.dll
            2009-03-26 22:06   73,728   a-------   c:\windows\system32\javacpl.cpl
            2009-03-26 20:16   <DIR>   --d-----   c:\docume~1\owner\applic~1\ErrorRepairTool
            2009-03-26 19:36   <DIR>   --d-----   c:\docume~1\owner\applic~1\Malwarebytes
            2009-03-26 19:35   15,504   a-------   c:\windows\system32\drivers\mbam.sys
            2009-03-26 19:35   38,496   a-------   c:\windows\system32\drivers\mbamswissarmy.sys
            2009-03-26 19:35   <DIR>   --d-----   c:\program files\Malwarebytes' Anti-Malware
            2009-03-26 19:35   <DIR>   --d-----   c:\docume~1\alluse~1.win\applic~1\Malwarebytes
            2009-03-26 16:23   <DIR>   --d-----   c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
            2009-03-26 16:22   <DIR>   --d-----   c:\program files\SUPERAntiSpyware
            2009-03-26 16:22   <DIR>   --d-----   c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
            2009-03-26 14:22   <DIR>   --d-----   c:\program files\Easy Uninstaller
            2009-03-25 11:07   <DIR>   --d-----   c:\program files\RegistryPatrol3.0
            2009-03-25 11:06   <DIR>   --d-----   c:\program files\Free Offers from Freeze.com
            2009-03-24 19:26   <DIR>   --d-----   c:\documents and settings\owner\IECompatCache
            2009-03-24 19:24   <DIR>   --d-----   c:\documents and settings\owner\PrivacIE
            2009-03-24 19:20   <DIR>   --d-----   c:\documents and settings\owner\IETldCache
            2009-03-24 19:16   <DIR>   -cd-----   c:\windows\ie8
            2009-03-24 16:53   <DIR>   --d-----   C:\spywarebegone
            2009-03-24 16:53   170   a-------   c:\windows\spywarebegone-fullversion-installed.html
            2009-03-14 02:22   42   a-------   c:\windows\system32\AK083E209605E394C.lie
            2009-03-14 01:22   <DIR>   --d-----   c:\windows\SxsCaPendDel
            2009-03-13 04:02   <DIR>   --d-----   c:\docume~1\owner\applic~1\MailWasherPro
            2009-03-13 02:16   <DIR>   --d-----   c:\docume~1\alluse~1.win\applic~1\SITEguard
            2009-03-13 02:15   <DIR>   --d-----   c:\program files\common files\iS3
            2009-03-13 02:15   <DIR>   --d-----   c:\docume~1\alluse~1.win\applic~1\STOPzilla!
            2009-03-11 06:09   <DIR>   --d-----   c:\program files\Enigma Software Group
            2009-03-10 22:50   <DIR>   --d-----   c:\program files\Fonawy Standard
            2009-03-10 17:38   <DIR>   --d-----   c:\program files\Call Alert
            2009-03-10 17:26   <DIR>   --d-----   c:\program files\Traysoft
            2009-03-08 14:22   1,241,088   --------   c:\windows\system32\ieframe.dll.mui
            2009-03-08 14:22   49,152   --------   c:\windows\system32\msrating.dll.mui
            2009-03-08 14:22   2,560   --------   c:\windows\system32\mshta.exe.mui
            2009-03-08 14:21   10,240   --------   c:\windows\system32\advpack.dll.mui
            2009-03-08 14:21   4,096   --------   c:\windows\system32\ie4uinit.exe.mui
            2009-03-08 14:20   81,920   --------   c:\windows\system32\iedkcs32.dll.mui
            2009-03-03 00:02   <DIR>   --d-----   C:\freescan
            2009-03-02 23:27   <DIR>   --d-----   c:\docume~1\owner\applic~1\com.codeode
            2009-02-26 19:39   <DIR>   --d-----   c:\docume~1\owner\applic~1\Uniblue

            ==================== Find3M  ====================

            2009-03-26 15:03   724,992   a-------   c:\windows\iun6002.exe
            2009-02-09 04:13   1,846,784   a-------   c:\windows\system32\win32k.sys
            2006-08-12 05:03   4   a-------   c:\program files\Reminder.todo
            2006-08-12 05:02   325   a-------   c:\program files\autobidding.log
            2006-08-12 04:48   4   a-------   c:\program files\Reminder.~todo

            ============= FINISH:  1:59:30.45 ===============


            evilfantasy

            • Malware Removal Specialist
            • Moderator


            • Genius
            • Calm like a bomb
            • Thanked: 483
              • evilfantasy's blog
            • Experience: Familiar
            • OS: Windows 8
            Re: My windows keep disappearing
            « Reply #7 on: March 27, 2009, 10:10:56 AM »
            You don't see these in th add/remove programs list?

            CA Anti-Spam
            CA Anti-Virus
            CA Website Inspector

            lisashomeoffice

              Topic Starter


              Beginner
              Re: My windows keep disappearing
              « Reply #8 on: March 27, 2009, 04:21:40 PM »
              Those were all removed a long time ago with the CA uninstaller.  Even though they don't show up in the ADD/ REMOVE it is still showing that it does and you can see that. CA has their own forum & it seems like that is a problem that I have seen in the forum.  Maybe you can find something I didn't see.  http://home3.ca.com/Support/techsupport/techsupporthome.aspx

              Lisa

              evilfantasy

              • Malware Removal Specialist
              • Moderator


              • Genius
              • Calm like a bomb
              • Thanked: 483
                • evilfantasy's blog
              • Experience: Familiar
              • OS: Windows 8
              Re: My windows keep disappearing
              « Reply #9 on: March 27, 2009, 05:31:39 PM »
              Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

              Link #1
              Link #2

              **Note:  It is important that it is saved directly to your Desktop

              DO NOT run it yet!

              Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

              Delete these files/folders, as follows:

              1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
              It must be Notepad, not Wordpad.
              2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

              Code: [Select]
              KillAll::

              File::
              C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
              C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe

              Folder::
              C:\Program Files\CA
              c:\docume~1\alluse~1.win\applic~1\SITEguard
              c:\program files\common files\iS3
              c:\docume~1\alluse~1.win\applic~1\STOPzilla!

              DDS::
              BHO: CA Toolbar Helper: {fbf2401b-7447-4727-be5d-c19b2075ca84} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
              TB: CA Toolbar: {10134636-e7af-4ac5-a1dc-c7c44bb97d81} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\toolbar\CallingIDIE.dll
              TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
              IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
              SEH: ShellHook Class: {1869181a-9f50-4fcf-8bff-1b8588ecb85c} - c:\program files\ca\ca internet security suite\ca website inspector\websiteinspector\linkadvisor\CIDLinkAdvisor.dll

              Driver::
              PPCtlPriv


              3. Go to the Notepad window and click Edit > Paste
              4. Then click File > Save
              5. Name the file CFScript.txt - Save the file to your Desktop
              6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



              ComboFix will begin to execute, just follow the prompts.
              After reboot (in case it asks to reboot), it will produce a log for you.
              Post that log (Combofix.txt) in your next reply.

              Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

              lisashomeoffice

                Topic Starter


                Beginner
                Re: My windows keep disappearing
                « Reply #10 on: March 27, 2009, 11:36:44 PM »
                I downloaded the Combo fix.  I had a problem when I got to #6.   After I pasted the given code, I did not see the 2 icons (combofix & CFscript) as shown in your instructions. Can you tell me how I can get that part of it done.  I just don't seem to be able to get that part.  Other than that, I am sending the log, as requested.

                Thanks,

                ComboFix 09-03-26.03 - Owner 2009-03-27 22:18:09.1 - NTFSx86
                Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.511.197 [GMT -7:00]
                Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
                AV: avast! antivirus 4.8.1335 [VPS 090327-0] *On-access scanning enabled* (Updated)
                 * Created a new restore point

                WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
                .

                (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                .

                c:\documents and settings\user\Cookies\user@1.offersquest[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@1064448610[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@1065924588[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@1072322497[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@59073359[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@a.directv[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@action.metaffiliation[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@ad[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@ads18.bpath[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@ads43.bpath[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@amomslove[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@avianweb[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@backbelt[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@betaseek[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@bidvertiser[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@cdrx[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@cgi-bin[12].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@cgi-bin[16].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@cgi-bin[19].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@cgi-bin[20].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@demr.imixserver[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@devx[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@dogpile[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@dogpile[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@ebay[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@ebay[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@ecommerce-guide[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@engage.everyone[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@forum.abestweb[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@freestuffpage[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@geocities[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@hyiprank[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@komando[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@landing.domainsponsor[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@maxpages[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@mb[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@mb[6].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@mb[7].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@mb[8].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@mkt.vailresorts[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@mydesktophelp[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@mygeek[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@network[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@nope[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@oxado[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@rc[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@rtm[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@sp2.information[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@superpstore.mail.everyone[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@us.intellitxt[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@user[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@webceo[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@webmasterworld[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@winhundred[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@www.amomslove[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@www.clubmomlinks[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@www.ether[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@www.freebeeclub[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@www.freenethelp[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@www.kolimbo[3].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@www.komando[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@www.musicroomaffiliates[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@www.myrasoft[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@www.poweredtemplates[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@www.promotionworld[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@www.smartadz[2].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@www.sportspecific[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@yahoo[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@zonaminada[1].txt.virtual.lnk
                c:\documents and settings\user\Cookies\user@zonaminada[4].txt.virtual.lnk
                c:\windows\a3kebook.ini
                c:\windows\akebook.ini
                c:\windows\ANS2000.INI

                .
                (((((((((((((((((((((((((   Files Created from 2009-02-28 to 2009-03-28  )))))))))))))))))))))))))))))))
                .

                2009-03-27 01:47 . 2009-03-27 01:52   <DIR>   d--------   c:\program files\Safarp
                2009-03-26 22:06 . 2009-03-26 22:06   <DIR>   d--------   c:\windows\Sun
                2009-03-26 22:06 . 2009-03-26 22:05   410,984   --a------   c:\windows\system32\deploytk.dll
                2009-03-26 22:06 . 2009-03-26 22:05   73,728   --a------   c:\windows\system32\javacpl.cpl
                2009-03-26 22:05 . 2009-03-26 22:05   <DIR>   d--------   c:\program files\Java
                2009-03-26 20:16 . 2009-03-26 20:19   <DIR>   d--------   c:\documents and settings\Owner\Application Data\ErrorRepairTool
                2009-03-26 19:36 . 2009-03-26 19:36   <DIR>   d--------   c:\documents and settings\Owner\Application Data\Malwarebytes
                2009-03-26 19:35 . 2009-03-26 19:46   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
                2009-03-26 19:35 . 2009-03-26 19:35   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
                2009-03-26 19:35 . 2009-03-26 16:49   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
                2009-03-26 19:35 . 2009-03-26 16:49   15,504   --a------   c:\windows\system32\drivers\mbam.sys
                2009-03-26 16:23 . 2009-03-26 16:23   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
                2009-03-26 16:22 . 2009-03-26 16:22   <DIR>   d--------   c:\program files\SUPERAntiSpyware
                2009-03-26 16:22 . 2009-03-26 16:22   <DIR>   d--------   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
                2009-03-26 14:22 . 2009-03-26 14:22   <DIR>   d--------   c:\program files\Easy Uninstaller
                2009-03-25 11:07 . 2009-03-25 11:07   <DIR>   d--------   c:\program files\RegistryPatrol3.0
                2009-03-25 11:06 . 2009-03-25 11:06   <DIR>   d--------   c:\program files\Free Offers from Freeze.com
                2009-03-24 19:26 . 2009-03-24 19:26   <DIR>   d--------   c:\documents and settings\Owner\IECompatCache
                2009-03-24 19:24 . 2009-03-24 19:24   <DIR>   d--------   c:\documents and settings\Owner\PrivacIE
                2009-03-24 19:20 . 2009-03-24 19:20   <DIR>   d--------   c:\documents and settings\Owner\IETldCache
                2009-03-24 19:17 . 2009-03-25 11:07   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo! Companion
                2009-03-24 19:17 . 2009-03-24 19:17   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\Yahoo!
                2009-03-24 19:16 . 2009-03-25 11:07   <DIR>   d----c---   c:\windows\ie8
                2009-03-24 16:53 . 2009-03-26 15:58   <DIR>   d--------   C:\spywarebegone
                2009-03-24 16:53 . 2009-03-26 15:03   170   --a------   c:\windows\spywarebegone-fullversion-installed.html
                2009-03-24 15:03 . 2009-03-25 11:07   <DIR>   d--------   c:\program files\RegCure
                2009-03-14 02:22 . 2009-03-14 02:22   42   --a------   c:\windows\system32\AK083E209605E394C.lie
                2009-03-14 01:22 . 2009-03-26 13:58   <DIR>   d--------   c:\windows\SxsCaPendDel
                2009-03-13 04:02 . 2009-03-22 07:35   <DIR>   d--------   c:\documents and settings\Owner\Application Data\MailWasherPro
                2009-03-13 02:16 . 2009-03-13 02:21   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\SITEguard
                2009-03-13 02:15 . 2009-03-13 02:15   <DIR>   d--------   c:\program files\Common Files\iS3
                2009-03-13 02:15 . 2009-03-26 13:51   <DIR>   d--------   c:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
                2009-03-11 06:09 . 2009-03-11 20:04   <DIR>   d--------   c:\program files\Enigma Software Group
                2009-03-10 22:50 . 2009-03-11 00:10   <DIR>   d--------   c:\program files\Fonawy Standard
                2009-03-10 17:38 . 2009-03-10 17:38   <DIR>   d--------   c:\program files\Call Alert
                2009-03-10 17:26 . 2009-03-10 17:31   <DIR>   d--------   c:\program files\Traysoft
                2009-03-08 14:22 . 2009-03-08 14:22   1,241,088   ---------   c:\windows\system32\ieframe.dll.mui
                2009-03-08 14:22 . 2009-03-08 14:22   49,152   ---------   c:\windows\system32\msrating.dll.mui
                2009-03-08 14:22 . 2009-03-08 14:22   2,560   ---------   c:\windows\system32\mshta.exe.mui
                2009-03-08 14:21 . 2009-03-08 14:21   10,240   ---------   c:\windows\system32\advpack.dll.mui
                2009-03-08 14:21 . 2009-03-08 14:21   4,096   ---------   c:\windows\system32\ie4uinit.exe.mui
                2009-03-08 14:20 . 2009-03-08 14:20   81,920   ---------   c:\windows\system32\iedkcs32.dll.mui
                2009-03-03 00:02 . 2009-03-26 14:07   <DIR>   d--------   C:\freescan
                2009-03-02 23:27 . 2009-03-02 23:27   <DIR>   d--------   c:\documents and settings\Owner\Application Data\com.codeode

                .
                ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                2009-03-28 05:06   ---------   d-----w   c:\documents and settings\Owner\Application Data\CallingID
                2009-03-28 00:30   ---------   d-----w   c:\program files\EarthLink TotalAccess
                2009-03-26 23:21   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
                2009-03-26 22:03   724,992   ----a-w   c:\windows\iun6002.exe
                2009-03-26 21:29   ---------   d-----w   c:\program files\EarthLink
                2009-03-25 18:07   ---------   d-----w   c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
                2009-03-25 02:17   ---------   d-----w   c:\program files\Yahoo!
                2009-03-24 23:37   ---------   d-----w   c:\program files\Camtech
                2009-03-12 01:15   ---------   d---a-w   c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
                2009-02-27 02:39   ---------   d-----w   c:\documents and settings\Owner\Application Data\Uniblue
                2009-02-10 11:19   ---------   d-----w   c:\program files\CCleaner
                2009-02-10 11:19   ---------   d-----w   c:\documents and settings\Owner\Application Data\Yahoo!
                2009-02-09 11:13   1,846,784   ----a-w   c:\windows\system32\win32k.sys
                2006-08-12 12:03   4   ----a-w   c:\program files\Reminder.todo
                2006-08-12 12:02   325   ----a-w   c:\program files\autobidding.log
                2006-08-12 11:48   4   ----a-w   c:\program files\Reminder.~todo
                .

                (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                .
                .
                *Note* empty entries & legit default entries are not shown
                REGEDIT4

                [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "Iomega Automatic Backup"="c:\program files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 3014656]
                "E6TaskPanel"="c:\program files\EarthLink TotalAccess\TaskPanl.exe" [2005-09-01 942080]

                [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
                "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
                "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
                "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-26 148888]

                c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
                Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
                "EnableShellExecuteHooks"= 1 (0x1)

                [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                "{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "c:\program files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\LinkAdvisor\CIDLinkAdvisor.dll" [2007-07-30 1373624]
                "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
                2008-12-22 12:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

                [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
                "VIDC.MJPG"= jl_mjpg2.drv

                [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
                @="Service"

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
                path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
                backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Get Help (2).lnk]
                path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Get Help (2).lnk
                backup=c:\windows\pss\Get Help (2).lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
                path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
                backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
                path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\KODAK Software Updater.lnk
                backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

                [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^HotSync Manager.lnk]
                path=c:\documents and settings\Owner\Start Menu\Programs\Startup\HotSync Manager.lnk
                backup=c:\windows\pss\HotSync Manager.lnkStartup

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fonawy]
                c:\program files\Fonawy Standard\Fonawy [X]

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
                --a------ 2008-04-13 17:12 15360 c:\windows\system32\ctfmon.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Lamp]
                --a------ 2001-04-27 11:00 53248 c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
                --a------ 2008-03-13 09:34 81920 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup]
                --a------ 2002-10-15 10:32 3014656 c:\program files\Iomega\Iomega Automatic Backup\iBackup.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
                ---hs---- 2008-04-13 17:12 1695232 c:\program files\Messenger\msmsgs.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Optimize Scheduler]
                --a------ 2008-03-26 18:40 2577120 c:\program files\PCPitstop\Optimize\PCPOptimize.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
                --a------ 2005-05-03 03:43 69632 c:\windows\ALCMTR.EXE

                [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
                --------- 2005-01-07 18:07 61952 c:\windows\system32\HdAShCut.exe

                [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
                "capfasem"=c:\program files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
                "QOELOADER"="c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe"

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                "%windir%\\system32\\sessmgr.exe"=
                "c:\\Program Files\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
                "c:\\Program Files\\Messenger\\msmsgs.exe"=
                "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

                [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support

                R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-10-24 114768]
                R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-03-23 9968]
                R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-03-23 72944]
                R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-10-24 20560]
                S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2006-11-30 20160]
                S3 BW2NDIS5;BW2NDIS5;

                S3 JL2005;JL2005A Camera;

                S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2008-10-23 185608]
                S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
                S3 SIWIO;SIWIO;

                .
                Contents of the 'Scheduled Tasks' folder

                2009-03-27 c:\windows\Tasks\ErrorRepairTool Scan.job
                - c:\program files\ErrorRepairTool\ErrorRepairTool.exe []

                2009-03-27 c:\windows\Tasks\ErrorRepairTool Scan.job
                - c:\program files\ErrorRepairTool []

                2009-03-28 c:\windows\Tasks\RegCure Program Check.job
                - c:\program files\RegCure\RegCure.exe []

                2009-03-24 c:\windows\Tasks\RegCure.job
                - c:\program files\RegCure\RegCure.exe []
                .
                - - - - ORPHANS REMOVED - - - -

                URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
                Toolbar-SITEguard - (no file)
                HKCU-Run-ErrorRepairTool - c:\program files\ErrorRepairTool\ErrorRepairTool.exe
                MSConfigStartUp-Arovax Shield - c:\program files\Arovax Shield\ArovaxShield.exe
                MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe
                MSConfigStartUp-CaAvTray - c:\program files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
                MSConfigStartUp-CaISSDT - c:\program files\CA\eTrust Internet Security Suite\caissdt.exe
                MSConfigStartUp-CAVRID - c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
                MSConfigStartUp-com.codeode - c:\program files\Cactus Spam Filter 2.13\cactusspamfilter.exe
                MSConfigStartUp-eTrustPPAP - c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
                MSConfigStartUp-Free Ram Optimizer - c:\program files\AceLogix\Free Ram Optimizer\fro.exe
                MSConfigStartUp-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe
                MSConfigStartUp-PC-Checkup - c:\program files\Speeditup Free\PCCheckUp\PCCheckUp.exe
                MSConfigStartUp-QOELOADER - c:\program files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe
                MSConfigStartUp-Spyware Begone - c:\freescan\freescan.exe
                MSConfigStartUp-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


                .
                ------- Supplementary Scan -------
                .
                uStart Page = www.yahoo.com
                uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html
                IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
                IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
                IE: Download Picture to Organizer - file://c:\program files\PictureWorks\MediaCenter\pages\cfile.htm
                IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
                IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
                IE: Send as NetCard - file://c:\program files\PictureWorks\MediaCenter\pages\sendnetcard.htm
                TCP: {E458BD1A-5D92-47DF-B1E8-41E5878D08D7} = 207.69.188.185 207.69.188.186
                DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
                .

                **************************************************************************

                catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                Rootkit scan 2009-03-27 22:20:22
                Windows 5.1.2600 Service Pack 3 NTFS

                scanning hidden processes ... 

                scanning hidden autostart entries ...

                scanning hidden files ... 

                scan completed successfully
                hidden files: 0

                **************************************************************************
                .
                --------------------- LOCKED REGISTRY KEYS ---------------------

                [HKEY_USERS\S-1-5-21-823518204-1214440339-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
                @Allowed: (Read) (RestrictedCode)
                @Allowed: (Read) (RestrictedCode)
                .
                --------------------- DLLs Loaded Under Running Processes ---------------------

                - - - - - - - > 'winlogon.exe'(392)
                c:\program files\SUPERAntiSpyware\SASWINLO.dll
                .
                Completion time: 2009-03-27 22:21:49
                ComboFix-quarantined-files.txt  2009-03-28 05:21:46

                Pre-Run: 239,681,093,632 bytes free
                Post-Run: 239,806,058,496 bytes free

                294

                evilfantasy

                • Malware Removal Specialist
                • Moderator


                • Genius
                • Calm like a bomb
                • Thanked: 483
                  • evilfantasy's blog
                • Experience: Familiar
                • OS: Windows 8
                Re: My windows keep disappearing
                « Reply #11 on: March 28, 2009, 09:33:13 AM »
                Just read the instructions. You need to save the CFScript to your desktop and then drag and drop it into ComboFix.

                lisashomeoffice

                  Topic Starter


                  Beginner
                  Re: My windows keep disappearing
                  « Reply #12 on: April 05, 2009, 02:48:26 AM »
                  Hi,
                  I'm sorry it took me so long to get back to you.  I wasn't doing too well for awhile.  I'm going to have to start all over again. (I think!)  One thing you could tell me is what site are those icons at.  I'm missing something.  If I know which website that these are on, maybe I can figure it out.  I don't seem to have any problems other than this.


                  Lisa