I have apparently sent out hundreds of emails this morning, as many have bounced back to my inbox. Below is the Hijack This Log. I am not a computer whiz. Please help Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 9:42:24 AM, on 3/31/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpWareSE4.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files (x86)\AVG\AVG9\avgui.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\sysWow64\SearchProtocolHost.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Startup: ImpulseNow.lnk = C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\SPLASH.SYS\config\DVMExportService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.0.0.136\ccSvcHst.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_14e7194c26fb7998\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14189 bytes
Hi rmano, Looks like you’re running Win 7 in the 64bit mode….. HJT is not compatible with x64 therefore, it looks clean, but probably not…….?? Try this and post a Log, maybe we can find something: Run MalwareBytes’ Anti-malware Download Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. • If an update is found, it will download and install the latest version. • Once the program has loaded, select Perform full scan, then click Scan. • When the scan is complete, click OK, then Show Results to view the results. • Make sure that everything is checked, and click Remove Selected. <-- Don't forget this. • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt • Please post the MBAM Log in your next reply..… 2oG
Here you go, a quick scan (which I then removed the malware) and then the full scan: Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3938 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 3/31/2010 10:40:01 AM mbam-log-2010-03-31 (10-40-01).txt Scan type: Quick scan Objects scanned: 104531 Time elapsed: 2 minute(s), 47 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Malwarebytes' Anti-Malware 1.45 www.malwarebytes.org Database version: 3938 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 3/31/2010 11:49:35 AM mbam-log-2010-03-31 (11-49-35).txt Scan type: Full scan (C:\|D:\|E:\|) Objects scanned: 305631 Time elapsed: 1 hour(s), 1 minute(s), 54 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Looks good, Please run a scan with SuperAntiSpyware and it should clean up any leftovers and maybe find something that was missed in your first scan: Vista and 7 users - to turn off UAC ( UAC = User Account Control ) 1. Click Start, and then click Control Panel. 2. In Control Panel, click User Accounts. 3. In the User Accounts window, click User Accounts. 4. In the User Accounts tasks window, click Turn User Account Control on or off. 5. If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue. 6. Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK. If it is already uncheck, then you should also notice a red shield with an X in it located in your system tray. Ignore any mesages about UAC being disabled. 7. Click Restart Now to apply the change right away. (Restart even if you did not make the above change, we need to be sure that a reboot has occurred since the first time that UAC was disabled.) NOTE: DO NOT CONTINUE UNTIL UAC has been disabled and you have rebooted. Reverse the process to turn UAC back on after completing your scans: Download SUPERAntispyware Free Edition (SAS) • Double-click the icon on your desktop to run the installer. • When asked to Update the program definitions, click Yes • If you encounter any problems while downloading the updates, manually download and unzip them from HERE. • Next click the Preferences button. • Click the Scanning Control tab. • Under Scanner Options make sure only the following are checked: o Close browsers before scanning o Scan for tracking cookies o Terminate memory threats before quarantining o Please leave the others unchecked. • Click the Close button to leave the control center screen. • On the main screen click Scan your computer • On the left check the box for the drive you are scanning. • On the right choose Perform Complete Scan • Click Next to start the scan. Please be patient while it scans your computer. • After the scan is complete a summary box will appear. Click OK • Make sure everything in the white box has a check next to it, then click Next • It will quarantine what it found and if it asks if you want to reboot, click Yes • To retrieve the removal information please do the following: o After reboot, double-click the SUPERAntiSpyware icon on your desktop. o Click Preferences. Click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o It will open in your default text editor (preferably Notepad). o Save the notepad file to your desktop by clicking (in notepad) File > Save As... • Click close and close again to exit the program. • Please copy and then paste the log in your next post. 2oG
Sorry, my bad… I was thinking Vista instructions instead of 7… ( too dam many OS’s to keep up with, lol. ) For Windows 7 users - to turn off UAC ( UAC = User Account Control ) 1. Click Start, and then click Control Panel. 2. Click User Accounts 3. In the User Accounts and Family Safety window click Change User Account Control Settings 4. Then move the Slider all the way to the bottom to Never Notify 5. Click OK and then Yes to the popup warning that you are turning off UAC 6. If it is already unchecked, then you should also notice a red shield with an X in it located in your system tray. Ignore any mesages about UAC being disabled. 7. Click Restart Now to apply the change right away. (Restart even if you did not make the above change, we need to be sure that a reboot has occurred since the first time that UAC was disabled.) NOTE: DO NOT CONTINUE UNTIL UAC has been disabled and you have rebooted. Try that : ) 2oG.
Figured it out. SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 03/31/2010 at 04:37 PM Application Version : 4.35.1000 Core Rules Database Version : 4755 Trace Rules Database Version: 2567 Scan type : Complete Scan Total Scan Time : 00:34:44 Memory items scanned : 556 Memory threats detected : 0 Registry items scanned : 7233 Registry threats detected : 0 File items scanned : 33380 File threats detected : 67 Adware.Tracking Cookie C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\baby@atdmt[2].txt C:\Users\AppData\Local\Temp\Cookies\@atdmt[2].txt C:\Users\AppData\Local\Temp\Low\Cookies\@ad.wsod[2].txt C:\Users\AppData\Local\Temp\Low\Cookies\@ads.cnn[1].txt C:\Users\AppData\Local\Temp\Low\Cookies\@atdmt[2].txt C:\Users\AppData\Local\Temp\Low\Cookies\@bs.serving-sys[2].txt C:\Users\AppData\Local\Temp\Low\Cookies\@doubleclick[1].txt C:\Users\AppData\Local\Temp\Low\Cookies\@msnportal.112.2o7[1].txt C:\Users\AppData\Local\Temp\Low\Cookies\@openxxx.viragemedia[1].txt C:\Users\AppData\Local\Temp\Low\Cookies\@revsci[1].txt C:\Users\AppData\Local\Temp\Low\Cookies\@serving-sys[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@adserver.adtechus[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@tribalfusion[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@cdn4.specificclick[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@apmebf[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@specificclick[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@adecn[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@media6degrees[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@ads.bleepingcomputer[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@ads.gmodules[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@serving-sys[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@counter.rewardsnetwork[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@tacoda[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@at.atwola[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@smartadserver[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@adbrite[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@content.yieldmanager[3].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@trvlnet.adbureau[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@ads.cnn[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@247realmedia[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@2o7[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@a1.interclick[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@account.live[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@ad.wsod[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@ad.yieldmanager[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@ads.pointroll[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@ads.undertone[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@advertising[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@atdmt[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@collective-media[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@bs.serving-sys[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@chitika[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@content.yieldmanager[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@data.coremetrics[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@doubleclick[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@fastclick[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@hospitalityebusiness.112.2o7[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@imrworldwide[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@insightexpressai[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@interclick[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@invitemedia[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@kontera[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@mediaplex[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@msnaccountservices.112.2o7[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@msnportal.112.2o7[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@oasn04.247realmedia[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@pointroll[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@questionmarket[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@realmedia[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@revsci[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@richmedia.yahoo[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@specificmedia[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@statcounter[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@trafficmp[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@traveladvertising[2].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@xiti[1].txt C:\Users\AppData\Roaming\Microsoft\Windows\Cookies\Low\@zedo[2].txt
Nothing really bad there just a bunch of common cookies..... It might be worth your time to run through the following for some basic cleaning that most users neglect: http://www.malwareremoval.com/tutorials/runningslowly.php Hope you don't have the problems, now.... You appear to be clean of malware.. Let me know if there is anything else I can do to help.. 2oG
Thanks so much for your help! I have also taken some of the steps listed for the computer clean-up file you suggested.
