[Help in removing coolwwwsearch - HJT log]

I have tried on my own to correct a virus relating to the coolwwwsearch blah blah blah. I have failed and usualy don't. I would appreciate any help to get me straightened out.

Logfile of HijackThis v1.99.1
Scan saved at 11:32:50 PM, on 12/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {1B849856-C2B0-C16F-7AA2-AF1A44A6BEDA} - C:\WINDOWS\system32\ipma32.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Gmail - {3CD12856-7A7B-4e4c-B53E-92DFDD44AFDE} - https://gmail.google.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://vsa1.21stcsi.com/inc/kaxRemote.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

Check these

Is it removed/repaired?
I dont know it all but check these items:
O2 - BHO: Class - {1B849856-C2B0-C16F-7AA2-AF1A44A6BEDA} - C:\WINDOWS\system32\ipma32.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install <is this needed with your video?>
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Make sure windows messenger is disabled if you dont have to have it.
also you might check out this program. I have used it for many eons and no troubles to date.
http://www.av-free.com
actually I use the premium but this is kick a** program

hope this helps

 

Logfile of HijackThis v1.99.1
Scan saved at 8:31:19 AM, on 12/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe "
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Gmail - {3CD12856-7A7B-4e4c-B53E-92DFDD44AFDE} - https://gmail.google.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://vsa1.21stcsi.com/inc/kaxRemote.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


Nwiz is for my video card.
Do not see windows messenger in taskbar,startup folder or in progams.

My appolgies for not following the rules about meaningful thread titles as I was tired and fed up last night but still no excuse..I'm sorry.

 

Did you run these?

Ad-Aware® SE Personal Edition
obviously u have SD Search and Destroy
CWShredder

make sure your folder options are set to show all hidden.

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {1B849856-C2B0-C16F-7AA2-AF1A44A6BEDA} - C:\WINDOWS\system32\ipma32.dll (file missing) > Adware:Adware/Startpage.VQ C:\WINDOWS\SYSTEM\ipma32.dll


Questionable as to if you really need these items:
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE > not bad but not needed under normal conditions. I have office XP w SP3 and use microsoft outlook/word/excell,etc. daily. dont see it anywhere in my log.
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack> Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. If used is it required?
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install > 3rd party driver posible replacement?

Keep your tracks clean. if you dont know or want to manually use http://www.ccleaner.com
how about firewall?
user friendly www.zonelabs.com (free and pro but dont use suites. each company excells at 1 area. not all.)
my fav is sygate pro but symantec bought them out so we shall see what happens there. discontinued the personal firewall and moving forward with the Norton cr*p they say. hope to see something good develop but I have always disliked symantec/norton. how they have stayed in business so long is beside me. you can stiil get the free version of sygate at www.pcworld.com if you want the free version.
last report I saw showed microsoft as only a 66% find and remove rate. so these other scanners are important.
you can do manual settings that will stop alot instead of real time protection. like disableing java will block most adds. also java is a security risk anyways. also, the more you have running the slower you go. . even with Pent D and sata 2 - 4 drive raid config, 1 millisecond matters to me.
I have an HP PSC also but dont use the Digital Imaging Monitor. only dif is you have to open the director. whoopie. Id rather cruise if you know what I mean.

worst case senario if you still cant get it all out you can use KillBox and/or Brute Force Uninstaller. the BFU is a command line interface. DOS.
dont know if any of this helps but I hope so.

 

sorry I forgot. was in a hurry. sorry.
you can also disable active x if you dont need it or you can install spyware blaster and make sure all boxes are checked and all protection is enabled.
www.javacoolsoftware.com

 

Thank you for your response and your time,I do appreciate your help.

Starting from your first post,

"Is it removed/repaired? "
I don't think that I am out of the woods yet as when this first started and I thought it was taken care of -2-3 days later I started seeing avg telling me that multiple files were infected that I didn't recognize and deleted...no I didn't write them down. So i came here for help.

"Make sure windows messenger is disabled if you dont have to have it. "
Do not see windows messenger in taskbar,startup folder(msconfig) or in add/remove progams. Is it safe to delete from-c:\program files\messenger?-I do not use it.

"also you might check out this program. I have used it for many eons and no troubles to date.
http://www.av-free.com "
That site leads to many different programs..any one specific?

Your second post,


"Did you run these? "
Yes and as of today 12-17 before noon I have run:
shredder
cr-p cleaner
spybot
ad-aware
avg
installed spywareblaster per your recomendation.
Then avg popped up later and said something about infected file:
c -system volume -information/_ ....(then the 20 second timer ran out as i was writing it down) I remember it reffering to "system restore ".

"Questionable as to if you really need these items:
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE > not bad but not needed under normal conditions. I have office XP w SP3 and use microsoft outlook/word/excell,etc. daily. dont see it anywhere in my log.
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack> Installed with the miniport drivers for Promise hard drive controllers in both RAID and non-RAID installations. If used is it required?
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install > 3rd party driver posible replacement? "
I think I have diabled MDM.exe
ptipbm--required till next reformat and hardware configuration-couple months
nwiz is nvidia-for my dual monitors.

"how about firewall? "
netgear router and soon linksys wireless as well (locked down).
Do not care for Norton or Zonelabs.
Do not want to disable java.

"I have an HP PSC also but dont use the Digital Imaging Monitor. only dif is you have to open the director. whoopie. Id rather cruise if you know what I mean. "
For now I have stopped hp from loading-there are three items loading at start-up and I will figure which one I need just to print but I think one of them is needed for the scanner or it's a pain in the butt to deal with my wife.
I don't know if there is a selective start-up for the Digital Imaging Monitor part of it all (hp).

Third post:

"you can also disable active x if you dont need it or you can install spyware blaster and make sure all boxes are checked and all protection is enabled. "
Want active x--installed blaster.

I move HJT to new folder-ran it and the results are:

Logfile of HijackThis v1.99.1
Scan saved at 11:40:40 AM, on 12/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe "
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Gmail - {3CD12856-7A7B-4e4c-B53E-92DFDD44AFDE} - https://gmail.google.com (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://vsa1.21stcsi.com/inc/kaxRemote.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

How am I doing so far? Again,thank you for your help.
J0hn

 

ok thank you for the info. things are lookin better. you are doin great. N/P about the java and activeX. just lettin you no about the options you have. I use active x but not java except on special occasions. simple flip of the switch.

dont worry about the windows messenger. sounds like it is disabled. Office products have the option of using in corp envirionment if necessary.
also you can go into startup and remove Digital Imaging Monitor or just shut it down by rightclicking on the systray icon and select exit when you arent using it. that will remove issues with your wife.

first, fix this item with HighjackThis
O9 - Extra button: Gmail - {3CD12856-7A7B-4e4c-B53E-92DFDD44AFDE} - https://gmail.google.com (file missing)

*To be fixed IF the entry 'Research ' is unknown.*
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
>>> refiebar.dll is a module which allows you to use the Microsoft Office Research Library and its collection of information services from Microsoft Internet Explorer

Of course reboot after.

here is exact link for the Anti Virus program you should try unless you are stuck on AVG Free.
http://www.antivir-pe.de/en/
sorry about the mix up. you can get the AntiVir Personal Edition Classic. It is free and does a great job. Premium just has a couple more options is all. first, after you download this, close all browser windows. you will want to change your setting in AVG to not start automatically. then shut it down and install this 1. it will start a scan immediately after install. click on the button at the bottom to stop it and check for updates. (right click on the umbrella in taskbar. click on internet update. other settings from here I will post separate for.) then open up the configuration settings. 1st window is scan settings. check both boot records and report unknown boot records. check all files and start with memory with medium priority. repair window. check on repair without prompt. then if not repairable select delete with prompt. this way if something you need is unrepairable you will know what it is to replace. next is unwanted programs. check the "activate all types ". you can change this later. next window is Heuristic. activate macro and win32 with medium priority. click "OK" at bottom. now at the top left of toolbar click "scan" and kick back for a bit. amount of time will depend on speed of system and how infected it is. whatever it pulls up do not delete. QUARANTINE and dont worry. This way you can see what everything is and make record.
even after (and before) scan the guard will be scanning all local drives if you hear a jingle and a window pops up, QUARANTINE.and like I said dont worry this guy will knock there socks off.
I almost forgot. whenever you have to restart make sure the little umbrella is open in the systray. if not open main program and under option>config>micellanious click load guard at sys start.

also create another hijack this log for next post please.
will create another post with further info for the AV program if you want to keep it when you are done cleaning.

as to your question, lookin good. do these things and repost please.

thanks and TTYL

 

alrighty then...lol...ok,here's where I stand now.

regarding your last post:

"go into startup and remove Digital Imaging Monitor or just shut it down by rightclicking on the systray "
Yes,I will deal with that after we (you-lol)are through,I'm thinking if memory serves me that the Imaging monitor relates to the scanner part of the printer.
I can figure that out later.
"first, fix this item with HighjackThis
O9 - Extra button: Gmail - {3CD12856-7A7B-4e4c-B53E-92DFDD44AFDE} - https://gmail.google.com (file missing) "
Done.

"*To be fixed IF the entry 'Research ' is unknown.*
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL "
After googling the dll and reading some 10-15 post from multiple sites/groups/boards-this should be ok to keep as all references point to it having to do only with the office progam (assistant). As for the word "research "-other boards reading HJT logs have left the whole string alone. If you feel different about this,please let me know.

Downloaded-installed AntiVir and rebooted. Configured program as per your instructions after I disabled AVG.
Ran program and was very suprised by the results:
First scan found 29 items including 4 infected files,traced them down-discovered that I didn't need them and deleted them.
Second scan uncovered 8 more in 5 files--repeated procedure-deleted.

I was impressed by this program (AntiVir) and think that I will continue to use it for now.Thanks for the tip.

And now...(drum-roll in the background)

Logfile of HijackThis v1.99.1
Scan saved at 10:34:22 PM, on 12/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe "
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\MasterCook 9\Web\MCIEContext.hta
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} (kasRmtHlp Class) - http://vsa1.21stcsi.com/inc/kaxRemote.dll
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Whatcha think??
Again I would like to thank you for your help.
J0hn

 

LOL right on man. so it seems your system is running good now?
log looks clean to me. looks like you was on internet (or recently on) when you ran last HJT?
best to run at fresh startup I think. but im not a pro. just keep eye on Gen Host Process for a couple days to be sure. and make sure you only run 1 of those Anti Virus Programs. shut down and uninstall the other. you can always reinstall if you think you want the other. recommend you find a good firewall.
LOL you rock. you did great. thx. here is the info on good config for that
Anti Virus program.

Anti VirXP Configuration *this is solely intended to help anyone who currently uses or wishes to use this program. It will take all the guess work out of the configuration and provide optimum protection and proper loging.*

*** Please do not rely soley on 1 company or program to protect you. This program is a very aggressive addition to ANY security arsenal. the only known confict is that the email guard does not currently support IMAP servers. coming soon. However, following the guidelines set forth below, ALL INCOMING AND OUTGOING WILL HAVE NO CHOICE BUT TO PASS THROUGH THE GUARD. here is the entry from my HJT log in reference to this.>> O10 - Broken Internet access because of LSP provider 'avsda.dll' missing <<***

*a few of these options are only available in the Premium version. 25% of the 20euro price goes to children charity.*

1. right click on the umbrella in the sys tray and click on "Configuration Guard "
1st tab is scanner. Device mode - select scan on file read and write. Files to scan - select all files. Archives - check mark unpack runtime compressed. Drives to monitor - check mark local drives.
2nd tab is action. action if not repaired - select move to quarintine directory. Notifications - check mark use event log and play a sound. quarantine directory is already specified.
3rd tab is repair. Reported files - check mark Activate repair. Backup - check mark Create backup before repair. backup directory is already specified.
4th tab is Heuristic. Macro virus heuristic - check mark Enable. Win32 file heuristic - check mark Enable and select Detection level medium.
5th tab is Logfile. Name and path of logfile is already specified. Logging level - select standard information. this will average about 5kb per file. later setings will limit amount of files kept.
6th tab is Filters. use this tab at your own risk.
7th tab is Unwanted programs. select these : Security Privacy Risk, Unusual Runtime Compression Tools, Double Extension Files, Dialer, Backdoor Client and Adware/Spyware.
click on OK button.
2. Configuration MailGuard.
1st tab is action. your choice what to do with infected mail. recommended to automatically delete. you will recieve a message from the program when you check your mail.
2nd tab is directories. everything is already specified. advanced users will be able to change these with use of help files if needed for thier email client.
3rd tab is Heuristic. Macro virus heuristic - check mark enable. Win32 file heuristic - checkmark Enable and select Detection level medium.
click on OK button.
The rest of the settings are in the main program.

3. Start main program from the sys tray icon or desktop shortcut.
at the top, click on options > configuration.
1st window is Search. Boot Records - check mark Boot records of selected drives and Report unknown boot records. Files - select all files. Memory - check mark Begin scan with memory and select medium priority.
at the left top you will see a plus sign next to Search. click that. now you can list files or folders to omit(use at your own risk). click on Archives. check mark Search archives and All archives.
Now click on repair( in the coulum on the left).
Reported items - select repair without prompt. Not repairable items - select delete with prompt. Date/time - select No change. Acoustic warning - checkmark Acoustic warning. click on the button to hear it so you know how it sounds. change it here if you dont like it.
Now click on Unwanted programs. (left column)
check mark Adware/Spyware, Backdoor Client, Dialer, Double extension Files, Unusual Runtime Compression Tools and Security Privacy Risk.
Now click on Heuristic(left column)
Macro virus - checkmark Enable. Win32 file - check mark Enable and select Detection level medium.
Now click on Drag & Drop.(left column)
you can check mark this if you like but read the note. an AntiVir Search context will be added to your windows explorer right click menu which is very affective for large folders. an infected file will imediatly sound an alarm by simply hovering your mouse cursor over the file.
Now click on Report and the plus sign next to it.(left column)
Mode - select overwrite report or append report. Data to be logged - select Reported files. advanced users will be able to select other warnings by clicking the Warnings button. All others please leave default settings as to not unnecessarily alarm you.
Now click on the subfolder Summary Report.(left column)
checkmark - Create summary report and select max # of entries you wish to have. when this # is reached it will start overwriting older reports from oldest to newest. these are all small reports so they wont use up your HDD space.
Now click on Internet Updater. Hopefully you have an internet conection for updates. these should be displayed here. If not you will have to make sure you are connected to the internet after you finish the rest of these settings or enter them manually here. then click on the test button.
Also checkmark on Allow automatic internet updates and click on the settings button for basic settings. depending on your connection if you need to hang up a dial up or whatever but you should checkmark on Automatically install after download and the program will check file integrity before installation, etc.
Now click on Miscellaneous. (left column)
temporary path for updates is already specified. Interuption allowed (by user) is optional. Checkmark Overwrite deleted files to ensure proper destruction of any infected files. Checkmark Load the Guard at system start and Email Guard at system start(except IMAP servers). checkmark Check for old virus definitions and set to warn the time limit in # of days. recommend 7 days. the less the better. 99.99% of the time at least 1 new update will be available within any given 24 hour period. so please set days to warn as low as possible. You can use the scheduler if you like to do it automatically for you at least once a day so you dont forget. you dont have to leave the scheduler running either. use task scheduler to fire up and shut down the scheduler for you.
Now click on OK button.

once you see the Guard in action you will realize how aggressive it really is and you will feel secure in knowing that you have the best Active protection available. (in my humble opinion) If you dont believe it try it. test it. surf the known virus/trojan/etc. websites and when you are instantly alerted, DENY ACCESS!

SAFE AND HAPPY SURFING TO ALL!!!

 

Thanks for your assistance in helping me to resolve these issues.It is very easy for me and others to sit behind our monitors and be spoon fed and wait for answers from more knowledgable people.I want to take this opportunity to let you know that I really do appreciate your time/patience and understanding when dealing with us and using your time to help others in need.

"just keep eye on Gen Host Process for a couple days to be sure. "
I will keep an eye on Host Process for awhile as I had a reaccurance after two-three days after I thought I had beat it.

"only run 1 of those Anti Virus Programs "
uninstalled all antivirus programs ran nod32 and found some more files that were infected. Plan on uninstalling nod32 and reinstalling AntiVr as I was impressed with its function and results.

"recommend you find a good firewall "
Yes, I have been lucky till now running only a hardware firewall.
I think it is time to step up and research on one of the better software firewalls available for my habits / applications.

"here is the info on good config for that
Anti Virus program. "
10-4.....I'm saving that and the text from our first setup and scan.

"LOL you rock. you did great "
No...You...Rock..I just followed advice and direction,that was easy...lol

Again, thank you very much and keep up the good work,not many people devote their time and knowledge to help others...especially for free.

J0hn.

 

thank you but you did all the work

hey JOhn,
I wanted to thank you for your input. I believe that you did all the work so the credit goes to you. I just tried to give the information to you. questionable listings were for you to research and decide. you did perfectly.I only listed them so you would know that they pose a potential risk. You should at least have windows firewall running until you find a good replacement.
NOD32 might have picked up traces of left over remnants of the AntiVir definition file after you uninstalled it or it could be that they were missed and would have needed a few more passes to find them all. who knows? data is still on harddrives after you delete so best thing is to "wipe" files found. this ensures proper destruction. Also, not any 1 program is 100% guaranteed. best to have 1 for active and aggressive security and 1 or more scanners to pic up anything the initial defense might miss. keeping them from getting in in the 1st place is the trick. once you get infected it is best to use all of the top 3 - 5 programs available to clean the dirt back out.
also, you need to do 1 more thing. Please do this as soon as possible.
when you are finished reinstalling AntiVir and everything is set up proper for you, under the all programs menu you will be able to find the system restore program under the accessories > system tools section. open it and create a new restore point. name it whatever you like (like "ROCK AND ROLL BRA!!!) LOL or whatever you like. now in the same area open up the disk cleanup and under the more options tab you will see system restore. click on the clean up button and when it asks click yes.
now run the Cr*p Cleaner again. and last but not least. shut down the puter. wait about 10 - 15 seconds and turn it back on.
YOU ARE NOW COMPLETE!!!
anyways, great job bro. hope to see you around surfing in harmony.
LOL
D