Solved lots of pop up in windows xp, lots of infection not sure what kind yet

cont:Settings\HP_Owner\Local Settings\Temp\791094_3440_6116_4848_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\791164_3388_3952_5972_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\791164_3388_6032_3564_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\791310_2052_2024_1824_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\791492_3388_6032_3092_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\791622_4020_5748_5280_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\791622_4020_6112_1676_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\791690_3388_6032_5896_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\791802_3440_5124_3544_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\791802_3440_6116_1696_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\792294_3388_6032_5704_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\808848056_4272_5108_2344_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\8454344_4940_4068_1756_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\8455654_2396_3536_5684_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\8520252_4172_2700_5064_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\852298_5656_3460_6104_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\852298_5656_4984_432_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\852298_5656_6136_500_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\852508_8798752_3812_3540_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\85332384_2836_2932_240_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\853452_1772_2600_4284_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\853496_1772_5696_3956_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\854058_2052_2024_5412_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\854062_4044_2620_4948_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\854260_3440_3732_5184_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\854260_3440_5124_200_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\854260_3440_6116_4320_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\854636_1276_3760_3224_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\854650_1276_1160_5728_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\854806_3440_3732_788_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\854806_3440_5124_2760_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\854806_3440_6116_3860_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\854900_5936_3260_3576_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\855008_3388_3952_3632_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\855008_3388_6032_352_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\855122_1832_3428_11600_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\855440_2616_5084_5112_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\855572_4020_5748_4608_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\855572_4020_6112_4188_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\856028_1276_3760_4064_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\856266_3388_3952_6104_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\856266_3388_6032_1496_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\858296_3188_3892_4168_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\8587228_3276_2816_2440_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\8782294_4884_3472_2592_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\8783378_2568_188_696_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\90703508_2528_996_2864_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\90703508_2528_996_5776_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\90703508_2528_996_6072_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\91363876_11344_2924_13580_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\917834_1424_3636_4336_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\918132_2616_3884_5560_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\918132_2616_5084_4504_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\918138_8819296_3500_2380_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\918160_2944_1456_2960_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\918174_2944_1456_2920_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\918270_1276_1160_3816_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\918622_8798752_3812_2120_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\918932_3792_3780_2812_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\919112_3636_3624_4996_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\919366_3576_3040_2976_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\919406_4024_9724_9644_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\920334_1048_1860_1032_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\920826_4020_5748_5644_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\920826_4020_6112_2248_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\921414_3388_3952_3324_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\921414_3388_6032_4144_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\922554_4404_3140_3488_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\9245162_5400_3136_988_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\9506040_3388_3952_6016_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\9506040_3388_6032_4824_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\9572724_3188_3892_1216_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\983224_7004_3896_5576_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\983250_436_3328_2992_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\983536_3996_3260_208_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\983612_2556_376_3312_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\983688_1048_1860_2604_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\984444_1644_3468_2756_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\984794_3188_3892_2040_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\985900_10016_180_13352_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\985992_1276_3760_3148_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\985992_1276_4924_5868_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\985992_1276_6120_2220_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\986074_3776_1172_5896_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\986074_3776_5804_4992_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\986080_5400_3136_3672_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\986080_5400_3416_4804_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\986716_11344_2924_2092_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\987784_2616_5084_5588_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\989446_3388_6032_3832_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\IRMJW5I1\setup_file[1].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4QX9KSAG\setup_file[3].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4QX9KSAG\setup_file[5].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XEBDQ1E\setup_file[1].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8XEBDQ1E\setup_file[2].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C24V5G6Y\setup_file[1].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C24V5G6Y\setup_file[2].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C24V5G6Y\setup_file[4].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\F23X90V9\setup_file[1].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP734\A0303108.exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP735\A0304100.dll -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP735\A0304114.exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP735\A0304115.exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP750\A0305100.dll -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0310296.dll -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0310313.exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YW9GSND\setup_file[1].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YW9GSND\setup_file[2].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YW9GSND\setup_file[3].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YW9GSND\setup_file[4].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YW9GSND\setup_file[5].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6YW9GSND\setup_file[6].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8P0DL0NM\setup_file[1].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8P0DL0NM\setup_file[2].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EIWBGMY5\setup_file[1].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EIWBGMY5\setup_file[2].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EIWBGMY5\setup_file[3].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FO4WG4XQ\setup_file[1].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FO4WG4XQ\setup_file[2].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FO4WG4XQ\setup_file[3].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FO4WG4XQ\setup_file[4].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FO4WG4XQ\setup_file[5].exe -> Trojan.EliteBar.h : Cleaned with backup (quarantined).

 

cont:
C:\Documents and Settings\HP_Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-134a9cc4-57297370.zip/Xeyond.class -> Trojan.Femad : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP753\A0310312.exe -> Trojan.LowZones.dm : Cleaned with backup (quarantined).
C:\zdj.exe -> Trojan.LowZones.dm : Cleaned with backup (quarantined).


::Report end

finally the end of the report!!!


Dave,
I know you don't know me personally, but I am not a violent person...but when I see this log report I want to walk up to the 15 year old boy who this computer belongs to and smack him for being ignorant...there were I think 4400+ things that were either infected or had traces of infection on this computer. I will be printed every page of this log file out for his mother and will probably charge her for not only my time and effort but for the ink and paper necessary to print!!! (sorry I just had to vent a little, not your fault I should have chosen to remain silent as you did last night.

 

also: I ran vundofix last night, but when it tried to remove...it told me that no infection was present. I don't know whether avg should have removed this or not but ultimate defender is still popping up as well as ultimate cleaner. Also a remnant of norton keeps coming up and saying that virus protection is out of date. I tried to uninstall norton all together but it didn't allow me to (I assume I will need to download the removal tool) I am also getting a pop up from wal-mart music downloads store as well as the login for bell south (dsl) the error is that it isn't connected but when I cancel it the login just pops back up.

I think this computer is still a bit of a mess for now anyway.

 

Open Add/Remove programs and uninstall Ultimate Defender and Ultimate Cleaner, then remove their respective folders in C:\Program Files.

Download ATF Cleaner by Atribune and save it to your Desktop. (I should have had you do this prior to the AVG-AS scan ....... log would have been much smaller )

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Download and run the Norton Removal Tool.

Reboot when done.

To clean up any leftovers of the Ultimate infections, please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC now button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Select the appropriate Yes or No to receiving marketing information
• Click the Free Online Scan button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report along with a fresh HJT log.

 

ultimate defender/cleaner are not listed in add remove programs so will try the online scan to see if that helps. I am also noticing that I can't shut down windows normaly. The only way is to go through task manager and sometimes that doesn't work. I assume that once I get rid of this leftover stuff it will run better.

 

Go ahead and fix the following with HijackThis too.

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKLM\..\Run: [mav_startupmon] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe "
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [uwa7pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - Startup: .protected
O4 - Startup: HP Organize.lnk = ?
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...p1.0.0.8-2.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/EZT/Toolbar/eztdl.cab


If the Ultimate folders are present, delete them.

 

can I safely remove limewire? He wont like me for doing that but I know it is a risk

 

Yes, but get WinsockFix first. Should you lose internet connectivity after uninstalling, run it as outlined below.

• Download Winsock XP Fix.
• Close all open programs and connections.
• Run winsock XP Fix and select Fix.
• Reboot.

That's usually only an issue with removing Kazaa, but better safe than sorry.

 

I have fixed the entries with hjt, ran a scan with panda, but had a problem with the report file. It said there were 10 viruses scanned and disinfected but I have no idea what they were. Ran panda a second time as well as installed and ran avg free. Here are the log files from hjt and panda:

hjt log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:16 AM, on 9/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\java\javaw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1147061569\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1147061569\ee\AOLServiceHost.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Ultimate Defender\App.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ultimate Cleaner\App.exe
C:\Program Files\BellSouth Internet Tools\blsloader.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aimtoday.aim.com/today/aimtoday.adp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://empnads.com/servlet/ajrotator/121229/0/viewHTML?zone=enternet
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147061569\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide
O4 - HKLM\..\Run: [Ultimate Cleaner] C:\Program Files\Ultimate Cleaner\App.exe
O4 - HKLM\..\Run: [blspcloader] "C:\Program Files\BellSouth Internet Tools\blsloader.exe "
O4 - HKLM\..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [mav_startupmon] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe "
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [uwa7pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - Startup: .protected
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: v3cab - http://searchmiracle.com/cab/v3cab.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://eztracks.aavalue.com/EZT/Toolbar/eztdl.cab
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sun Java (SJava) - Unknown owner - C:\WINDOWS\java\javaw.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 11087 bytes

second active scan results:

Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoestb.dll
Potentially unwanted tool:application/mywebsearch Not disinfected c:\documents and settings\all users\start menu\programs\startup\MyWebSearch Email Plugin.lnk
Adware:adware/gator Not disinfected c:\windows\GatorHDPlugin.log
Adware:adware/eztracks Not disinfected c:\program files\EZTRACKS
Potentially unwanted tool:application/funweb Not disinfected c:\program files\FunWebProducts
Adware:adware/navhelper Not disinfected c:\program files\NavExcel Search Toolbar
Adware:adware/elitebar Not disinfected C:\Documents and Settings\HP_Owner\Favorites\Casino & Carrers
Adware:adware/maxifiles Not disinfected Windows Registry
Dialer:dialer.yz Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02C20140-76F8-4763-83D5-B660107B7A90}
Adware:adware/ncase Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@2o7[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@apmebf[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\HP_Owner\Cookies\hp_owner@doubleclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Virus:Generic Malware Disinfected C:\Program Files\Common Files\Companion Wizard\compwiz.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR[contents.rdf]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\Program Files\Trend Micro\HijackThis\backups\backup-20070925-212911-467.inf
Adware:Adware/Zango Not disinfected C:\WINDOWS\Downloaded Program Files\clientax.inf
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\etb\xml\images\casino.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\etb\xml\images\dating.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\etb\xml\images\drugs.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\etb\xml\images\fav.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\etb\xml\images\virus.bmp
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\WINDOWS\system32\f3PSSavr.scr

 

That HijackThis log looks like it might be an old one. Please run a new scan and post the log.

Delete the following files;
C:\WINDOWS\Downloaded Program Files\clientax.inf
C:\WINDOWS\GatorHDPlugin.log

and the following folders.

C:\Documents and Settings\HP_Owner\Favorites\Casino & Carrers
C:\Program Files\Common Files\Companion Wizard
C:\Program Files\EZTRACKS
C:\Program Files\NavExcel Search Toolbar
C:\WINDOWS\etb


Did I mention anything about MyWebSearch and FunWebProducts (MSN Messenger smilies bundle)?

Optional uninstallation/removal, IMO.

C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch

 

It's possible that it was an old one, I didn't remember what I named it. I have deleted some of the files you listed did not find the first two listed. You did not mention the myweb search/fun web ..but I remember them from the other computers so I have started removing them as well. Don't know if they are used but if they were probably not oftern.

I have noticed a large number of tmp files in the c drive...approximately 1,000 files that are 4kb in size. The number of files are growing. they dos batch files. I have noticed that when I start the computer in the startup process a command prompt is coming up repeatedly but it goes away.each time there is a message about microsoft framenet, but it goes away so quickly I can't read it any suggestions?


here is the new hjt log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:06 AM, on 9/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
C:\Program Files\WildTangent\Apps\GameChannel.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1147061569\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1147061569\ee\AOLServiceHost.exe
C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
C:\Program Files\BellSouthWCC\McciTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://empnads.com/servlet/ajrotator/121229/0/viewHTML?zone=enternet
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1147061569\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [ViewpointPhotosDeviceConnect] C:\Program Files\Viewpoint\Viewpoint Toolbar V35\FotomatDeviceConnect.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [BellSouthAlertManager.exe] C:\Program Files\BellSouth\Alert Manager\BellSouthAlertManager.exe
O4 - HKLM\..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [uwa7pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe" -c
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6632A7E9-FE1F-43D2-A04A-A15951ED63E0} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sun Java (SJava) - Unknown owner - C:\WINDOWS\java\javaw.exe (file missing)
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9162 bytes

 

Fix these with HJT.

O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [uwa7pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe" -c


You can delete all .tmp files in C:\
You called them dos batch files ...... are they .tmp files with a batch file icon?
If any get recreated after deleting them all, please zip up a few and upload the zip to my submission channel. Leave a link back to this topic.

How's the computer running now?

 

yes they have names like temp422750...when I looked at properties under type of files it says ms-dos batch file and yes it has the batch file icon. they are all the same size and the date created ranges from feb 2007 until as recent as monday sept 24,2007. I think they are from the walmart music download program that is trying to install but can't complete because of no internet connection. The computer is still having some issues. 1. The walmart thing will not stop even with ctrl,alt,delete. If I close it, it just restarts again. 2. It is not shutting down normally, sometimes it will sometime I have to turn it off. I have notice excessive action (and noise) from the hard drive, not all the time just seems to be working alot. I have already opened the case to remove dust and check all the cable. Now it is quiet again (I just rebooted), I have noticed the noise increase when I try to close the walmart music downloads store.

 

I think I have managed to remove the music downloads (walmart). But the hd is making alot more spinning noises. It started during the uninstall and continued through shutting down and rebooting and is stlll going even though walmart was removed through add/remove programs. not sure what is happening (hopefully not the hd about to die) . Calling it quits for the night will start again in the am. Thanks again

 

If you haven't deleted all of those temp*** files yet, I'd like to see a couple of them (unless you can determine what they are doing). You should be able to right click>Edit to open them with notepad.

Is the hard drive still noisy today?

 

I have already deleted them but I do have an idea what was going on. When the walmart music downloads window came up I clicked on cancel, another window with an error msg that it couldn't find a valid location to download from, but I did get rid of the program so none of the temps have reappeared (keeping fingers crossed that they will stay gone). Hd is not as noisy today hasn't been much since I got rid of the walmart program. I have been doing a bit of cleaning out today...trying to remove some of the xrated things. I noticed with one file when I tried to delete it, instead of deleting it created a shortcut. I also ran disk defrag and disk clean up to remove unnecessary files. I need to run another online scan to see what might still be lurking. Tried to run deckard but it froze again.

 

Where did dss hang?

Try using MoveOnBoot for that stubborn file (link is a direct download). Once installed, it will give you a right click option on files to delete on the next boot. Tag the file and reboot.

 

downloading file. It hangs at cleaning temporary files. It tells me dss has encountered and error and needs to close, no option for further information Is there another program I can use that will do a similiar job?

 

Download ATF Cleaner by Atribune and save it to your Desktop.

• Double click ATF-Cleaner.exe to run the program.
• Check the boxes to the left of:
  
  
  • Windows Temp
  • Current User Temp
  • All Users Temp
  • Temporary Internet Files
  • Prefetch
  • Java Cache
  • Recycle bin
  
  
• The rest are optional - if you want it to remove everything check "Select All ".
• Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

Reboot

Try dss again.


You can also instruct dss to skip cleaning the temp files. Assuming dss.exe is on the desktop, copy the command below then click Start>Run and paste it in, then hit enter.

"%userprofile%\Desktop\dss.exe" /config

The dss interface should open. Uncheck Temp Cleanup then click Scan.

 

It got a little further this time but it stopped at examining drivers...dss.exe has encountered a problem and needs to close we are sorry for the inconvenience. options are to debug or close