About:Blank and **** Re-direct

I can get up to picture 2, but on picture 3, I dont have that home image and the text. Just the box. And what do I do with IE-Spyad?

 

My recommendation would be to uninstall Spybot in add/remove programs, then re-download it, install and update, then go through the steps previously outlined to enable it's protection features. With IESpyad, you need only double click the ie-ads.reg file to merge the information to the registry. Nothing further to do with that application.

 

Okies, Here it is!


Logfile of HijackThis v1.98.2
Scan saved at 11:20:55 PM, on 9/18/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sgljim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Anti-Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [sgljim] C:\WINDOWS\System32\sgljim.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094583998764

 

Wow - does that one ever look better than the first ones did.

You have an entry that isn't harmful but is broken so might as well be removed - you can probably reload it later.

O3 - Toolbar: (no name) - {8E718888-423F-11D2-876E-00A0C9082467} - (no file)
should be
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
or something very similar but I'm guessing that one of the many critters or possibly a critter fix damaged it so might as well make it go away using HJT.

What luck with a new load of Spybot?

 

In addition to what Newt pointed out, a new enrty that should also be fixed.

O4 - HKLM\..\Run: [sgljim] C:\WINDOWS\System32\sgljim.exe

Reboot and delete the sgljim.exe file. Turn off system restore, empty temp folders and recycle bin again and reboot. Turn SR back on.

Looks as though you may still be missing some critical updates too. Not applying them may leave you open to vulnerabilities.

Would probably be a good idea to do an online virus scan too. I like RAV. Let us know what kind of results you get there please.

Now then, I still see no antivirus software running. You really need to get a good program on board, updated and running. I generally recommend eTrust, which has a free-for-a-year offer of the EZ Armor firewall/antivirus package. Having both would tighten your security tremendously. There are also free programs available from the quicklinks link in Newt's signature.

Log looking very good, but please post one more after finishing the above recommendations.

 

Heres what RAV got-

Scan started at 9/19/2004 11:11:17 AM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\sp.exe - Trojan:Win32/Spooner.F -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/bundlersi.exe - TrojanDownloader:Win32/Istbar.DH -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/instnotify.exe - Trojan:Win32/VB.KQ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/msgked.exe - Trojan:Win32/Small.I -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/polall1t.exe - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->polall1t.exe - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/~9282888548.tmp - TrojanDownloader:Win32/Siboco -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Main/Alex.OFFICE/Local Settings/Temp/EML9E.tmp->(part0000->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Main/Alex.OFFICE/Local Settings/Temp/i14.tmp - TrojanDownloader:Win32/Small.ID -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI5007.tmp/polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI5007.tmp/twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Default User\Application Data\Business Logic\UWC\Backup\J38214.6217022801.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/i5A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MNO7KXSZ\dll[1].bin - Trojan:Win32/Scagent.A -> Infected
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QFABUJWL\dll2_2708[1].bin - TrojanDownloader:Win32/Saingat -> Suspicious
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temp\Belt.cab->Belt.exe - TrojanDownloader:Win32/Stubby.A -> Infected
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temp\bi6.cab->biprep.exe - TrojanSpy/Win32.BiSpy.A -> Infected
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temp\biH.cab->biprep.exe - TrojanSpy/Win32.BiSpy.A -> Infected
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temporary Internet Files\Content.IE5\K1Q3GPQV\fsc2k[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
C:\Documents and Settings\Main\Alex.OFFICE\Local Settings\Temporary Internet Files\Content.IE5\S9UZG1EV\stc[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
C:\Documents and Settings\Main\Local Settings\Temp\Belt.cab->Belt.exe - TrojanDownloader:Win32/Stubby.A -> Infected
C:\Documents and Settings\Main\Rebecca.OFFICE\Local Settings\Temporary Internet Files\Content.IE5\8RT7AEN5\stc[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
C:\Documents and Settings\Main\Rebecca.OFFICE\Local Settings\Temporary Internet Files\Content.IE5\TF7BX5CE\fsc2k[1].htm->(OBJECT0000) - HTML/CodeBaseExec* -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/bundlersi.exe - TrojanDownloader:Win32/Istbar.DH -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/instnotify.exe - Trojan:Win32/VB.KQ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/msgked.exe - Trojan:Win32/Small.I -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/polall1t.exe - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->polall1t.exe - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/~9282888548.tmp - TrojanDownloader:Win32/Siboco -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Main/Alex.OFFICE/Local Settings/Temp/EML9E.tmp->(part0000->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Main/Alex.OFFICE/Local Settings/Temp/i14.tmp - TrojanDownloader:Win32/Small.ID -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI5007.tmp/polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI5007.tmp/twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38214.6217022801.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/i5A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.WCU->Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.WCU->Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.WCU->Documents and Settings/Owner/Local Settings/Temp/bdl14025.exe - Trojan:Win32/Revop.C -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.WCU->Documents and Settings/Owner/Local Settings/Temp/sp.html - Trojan:HTML/Starpage* -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.WCU->Documents and Settings/Owner/Local Settings/Temp/THI3869.tmp/polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\Documents and Settings\Owner\Application Data\Business Logic\UWC\Backup\J38237.9424580324.WCU->Documents and Settings/Owner/Local Settings/Temp/THI3869.tmp/twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\installer\id53.exe - Trojan:Win32/SecondThought.G -> Infected
C:\Program Files\Office97\Microsoft Office\Office\STARTUP\Startup.dot->[Ole Embedded 0]->osm32.EXE - Win95/Marburg.8582 -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP17\A0002158.hta->(EncScript) - VBS/Startpage.I* -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP18\A0002325.exe - PWS:Win32/Briss -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP18\A0003117.dll - Trojan:Win32/Krepper.Q -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP18\A0003128.dll - Trojan:Win32/Krepper.Q -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP18\A0004128.dll - Trojan:Win32/Krepper.Q -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP18\A0004135.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP18\A0004141.dll - Trojan:Win32/Scagent.A -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP18\A0004142.dll - Trojan:Win32/Scagent.A -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP18\A0005128.dll - TrojanDownloader:Win32/Saingat -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP19\A0005167.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP20\A0005244.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP21\A0005291.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP23\A0006742.exe - TrojanDownloader:Win32/Small.LE -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP23\A0006779.dll - Trojan:Win32/StartPage.IX -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP24\A0007350.exe - TrojanDownloader:Win32/Small.LE -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP25\A0017401.exe - TrojanDownloader:Win32/IstBar.FA -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP25\A0017407.exe - ToolornDialer.BP -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP25\A0017408.exe->(UPXW) - TrojanDownloader:Win32/Small.LE -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP26\A0018432.hta->(EncScript) - VBS/Startpage.I* -> Infected

 

C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP26\A0018436.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP26\A0018439.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP26\A0019410.exe->(UPXW) - PWS:Win32/Briss -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP26\A0019411.dll - SpyTool:Win32/Briss.H -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP26\A0019412.dll - Trojan:Win32/Spy.Briss.H -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP26\A0019413.exe - PWS:Win32/Briss -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP26\A0019428.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP37\A0023004.dll - TrojanDownloader:Win32/WinShow.AK -> Suspicious
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP37\A0023008.exe - TrojanDownloader:Win32/VB.CW -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP37\A0023009.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP37\A0023011.exe - Backdoor:Win32/Ruledor.B -> Infected
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP37\A0023021.exe - TrojanDownloader:Win32/Agent.AE -> Infected
C:\WINDOWS\96wu19rd.exe - TrojanDropper:Win32/Small.GT -> Suspicious
C:\WINDOWS\crazykatie.exe - TrojanDropper:Win32/Siboco -> Infected
C:\WINDOWS\crgx32.new - TrojanDownloader:Win32/WinShow.AG -> Infected
C:\WINDOWS\hrtcm.exe->(ASPack 2.12) - Trojan:Win32/StartPage.IL -> Suspicious
C:\WINDOWS\httpfilter.dll - TrojanDownloader:Win32/Saingat -> Suspicious
C:\WINDOWS\httpfilter2.dll - TrojanDownloader:Win32/Saingat -> Suspicious
C:\WINDOWS\httpfilter2.dll1 - Trojan:Win32/Scagent.A -> Infected
C:\WINDOWS\infamous.exe - PWS:Win32/Briss -> Infected
C:\WINDOWS\istinstall_si.exe - TrojanDownloader:Win32/Small.GL -> Infected
C:\WINDOWS\lezgf.exe - TrojanDownloader:Win32/Agent.Z -> Infected
C:\WINDOWS\mpvsys.exe->(UPXW) - TrojanDownloader:Win32/Small.NU -> Infected
C:\WINDOWS\netha32.exe - TrojanDownloader:Win32/Agent.AL -> Infected
C:\WINDOWS\odbc.hta->(EncScript) - VBS/Startpage.I* -> Infected
C:\WINDOWS\ozhaan.dat - TrojanDownloader:Win32/Agent.BC -> Infected
C:\WINDOWS\qcawvt.dat - TrojanDownloader:Win32/Agent.AP -> Infected
C:\WINDOWS\rico.exe - TrojanDownloader:Win32/VB.DX -> Infected
C:\WINDOWS\rocky2.exe - PWS:Win32/Briss -> Infected
C:\WINDOWS\tnmng.exe - TrojanDownloader:Win32/Small.IL -> Suspicious
C:\WINDOWS\LastGood\alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\LastGood\System32\polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\WINDOWS\SYSTEM32\addxe.dll - TrojanDownloader:Win32/Agent.BC -> Infected
C:\WINDOWS\SYSTEM32\ATPartners.dll - TrojanDownloader:Win32/Rameh.C -> Infected
C:\WINDOWS\SYSTEM32\avifil32.exe - Trojan:Win32/Dialer.CE -> Suspicious
C:\WINDOWS\SYSTEM32\calsdr.dll - TrojanDownloader:Win32/Rameh.B -> Infected
C:\WINDOWS\SYSTEM32\calsdr.exe - TrojanDropper:Win32/Small.FF -> Infected
C:\WINDOWS\SYSTEM32\FM20.exe - Trojan:Win32/Dialer.CE -> Suspicious
C:\WINDOWS\SYSTEM32\infamous_downloader.exe - TrojanDownloader:Win32/Small -> Infected
C:\WINDOWS\SYSTEM32\iprc32.exe - TrojanDownloader:Win32/Agent.AP -> Infected
C:\WINDOWS\SYSTEM32\mess.exe - Clicker:Win32/Small.W -> Infected
C:\WINDOWS\SYSTEM32\mks8dvx0mojom1.dll - Trojan:Win32/Krepper.Q -> Infected
C:\WINDOWS\SYSTEM32\msmk.dll - TrojanDownloader:Win32/Agent.AV -> Infected
C:\WINDOWS\SYSTEM32\msproto3.dll.$$$ - TrojanDownloader:Win32/Agent.Z -> Infected
C:\WINDOWS\SYSTEM32\msvsres.dll.$$$ - TrojanDownloader:Win32/Agent.Z -> Infected
C:\WINDOWS\SYSTEM32\msxmlpp.dll.$$$ - TrojanDownloader:Win32/Agent.Z -> Infected
C:\WINDOWS\SYSTEM32\NMKFTBSK.exe - TrojanDownloader:Win32/Small -> Infected
C:\WINDOWS\SYSTEM32\nz7clvfthueot.dll - Trojan:Win32/Krepper.Q -> Infected
C:\WINDOWS\SYSTEM32\reinstall.exe - Trojan:Win32/Dialer.CE -> Infected
C:\WINDOWS\SYSTEM32\run_dos.dll - TrojanDownloader:Win32/Agent.AV -> Infected
C:\WINDOWS\SYSTEM32\telnetxp.exe - Trojan:Win32/Dialer.CE -> Infected
C:\WINDOWS\SYSTEM32\wmscrop.exe - Trojan:Win32/StartPage.AU2 -> Infected
C:\WINDOWS\SYSTEM32\wmsfake.exe - TrojanDownloader:Win32/Small.QS -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/bundlersi.exe - TrojanDownloader:Win32/Istbar.DH -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/i19A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/instnotify.exe - Trojan:Win32/VB.KQ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/msgked.exe - Trojan:Win32/Small.I -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/polall1t.exe - TrojanDownloader:Win32/Agent.AE -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.cab->polall1t.exe - TrojanDownloader:Win32/Agent.AE -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI6A41.tmp/twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/~9282888548.tmp - TrojanDownloader:Win32/Siboco -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Main/Alex.OFFICE/Local Settings/Temp/EML9E.tmp->(part0000->(IFRAME0000) - HTML/IFrame_Exploit* -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38194.9801811921.WCU->C:/Documents and Settings/Main/Alex.OFFICE/Local Settings/Temp/i14.tmp - TrojanDownloader:Win32/Small.ID -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.cab->alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/alchem.exe - TrojanDownloader:Win32/Alchemic.A -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/fEGhYef.exe - TrojanDownloader:Win32/IstBar.FJ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/optimize.exe - TrojanDownloader:Win32/Dyfuca.CQ -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI5007.tmp/polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38200.6150772106.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/THI5007.tmp/twaintec.cab->polall1m.exe->(CExe) - TrojanDownloader:Win32/Agent.AE -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup\J38214.6217022801.WCU->C:/Documents and Settings/Owner/Local Settings/Temp/i5A.tmp - TrojanDownloader:Win32/Small.ID -> Suspicious
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp\Belt.cab->Belt.exe - TrojanDownloader:Win32/Stubby.A -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp\ddfblsgr.exe - TrojanDownloader:Win32/Small.KH -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp\Installer2.exe - TrojanDropper:Win32/Delf -> Infected
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temp\THI41DD.tmp\twaintec.cab->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected

Scanned
============================
Objects: 158762
Directories: 11967
Archives: 9919
Size(Kb): 2017817
Infected files: 143

Found
============================
Viruses found: 51
Suspicious files: 18
Disinfected files: 0
Mail files: 2655


And heres my HijackThis Log


Logfile of HijackThis v1.98.2
Scan saved at 4:54:02 PM, on 9/19/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B5DB23ED-EE57-4196-A14E-65E3F687C076} - C:\WINDOWS\System32\mcjaab.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094583998764
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan

 

Well you certainly have alot of infected files. The effects of not being current with Windows Updates and not having any Antivirus software. My advice, if you don't want to backup your personal data, reformat and reinstall, is to first turn off system restore by right clicking My Computer, select properties, and on system restore tab, check the box to turn off. Fix the following with HijackThis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us4.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {B5DB23ED-EE57-4196-A14E-65E3F687C076} - C:\WINDOWS\System32\mcjaab.dll

Reboot into safe mode.
Show hidden files and folders.
Open CWShredder and click fix.
Search the drive for temp folders, then delete everything in every one you find.
Don't know what type of backups you have in C:\WINDOWS\SYSTEM32\config\systemprofile\Application Data\Business Logic\UWC\Backup, but unless the are very important, I would delete everything in that backup folder.
Empty the recycle bin and reboot back into Windows. Then download, install and update eTrust, and run a full system scan to see how much it can clean up. Again, visit Windows Update. Then do another RAV scan to see what is left to do.

 

Hijack help

I need help discerning what i should/shouldn't remove with Hijack, please help, it's greatly appreciated!!
Here is my log:

jamesd123 Your post has a thread of its own way, Its to confusing to help more than one person per thread.

http://www.windowsbbs.com/showthread.php?p=187364#post187364

 

Well, heres my log, but for some reason, I cant install the Windows Update! The download icon never comes up!

Logfile of HijackThis v1.98.2
Scan saved at 6:02:31 PM, on 9/24/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Hijack This\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\EarthLink TotalAccess\MailClnt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://start.earthlink.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {F85FFCD0-78F2-4798-B172-6E7E2DA20F6B} - C:\WINDOWS\System32\bdpmh.dll
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [zSPGuard] c:\program files\pjw\spguard\spguard.exe /s /r
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1094583998764
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

 

Never seen any R1 and R0 entries like these..

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = NOT USED (OK)

Would suggest fixing them, along with this one.

O2 - BHO: (no name) - {F85FFCD0-78F2-4798-B172-6E7E2DA20F6B} - C:\WINDOWS\System32\bdpmh.dll


Still no antivirus software! What have you done about the infected files? Need another RAV scan to see where we're at, AFTER you install, update and run an antivirus program. Those viruses could be a big part of the inability to get the Windows Updates.

 

I have Norton AntiVirus, do you think I should intsall that? I dont wanna download anything with a "free 1 year trial ".

And I will do another RAV virus scan tonite, but it takes like 3 hours for it to go through everything. ANd I dont know how to fix the infected files. Should I check the box on RAV that says "Autoclean "?

 

If you are against downloading a 'free 1 year trial', which I recommend (it's a very good program and has a firewall too, which you need), then yes, install Norton. Or download a 'free' AVG and run it. It doesn't really matter which one, just get one installed, updated and ran! Empty the temp folders, disable system restore, delete the infected backups if you don't need them and empty the recycle bin, BEFORE you run the AV program. It should be able to take care of most of the infected files for you. Do a RAV scan when done. It won't hurt to check the autoclean box, but not sure it will help.

 

The reason you are having problems installing the Windows Update control is because it is already installed. It is the below item.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1094583998764. Perhaps removing it and then go to the site to reload it.

Yes, you should check the box for Autoclean.

 

So I already have the most recent update, and dont need to run windows update?


And Noah, I'll get that RAV scan and Norton up by tomorrow.

 

No, you don't have the most recent. The bolded part of this entry from your log tells us that.
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Try again after you clean out the viri.