Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Itbarlayout


  • Please log in to reply
8 replies to this topic

#1 pumbaa

pumbaa

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 05 September 2006 - 06:03 PM

Hi,
I believe I have a malware problem. All of a sudden, I got a pop-up from Spybot that a value was deleted: Old Value: (nothing); New Value: ITBarLayout. Of course, I denied the change, because I have not installed anything that should be using that. I immediate got recycling pop-ups from Spybot about the change, to the point that I couldnít open anything else. I shut down the computer and restarted. Now, when I open internet explorer, I get one pop-up from spybot, that it denied the change per white list. The original window in internet explorer has my google toolbar in it. But if I open a new window from the original window, my google toolbar has been removed from it. I ran Panda, Ewido, BitDefender, and Stinger, with all of them not finding anything. I updated and ran AdAwareSE and Spybot, with both of them finding nothing. Attached is my hijackthis log.
Logfile of HijackThis v1.99.1
Scan saved at 3:02:39 PM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\LTMSG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Mary\Desktop\RegmonNt\Regmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijerkerthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oca.microsoft.com/resredir.aspx?sid....2.00010300.2.0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio.../qdiagh.cab?326
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Any help will be appreciated. Thanks, pumbaa

BC AdBot (Login to Remove)

 


#2 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 12 September 2006 - 10:20 PM

Hi pumbaa,

Our apologies for the delay. If you still require help, please post a new fresh log so I can see if anything has changed.

From this log i don't see any malware. Are you sure you made no settings changes or customizations to the Google toolbar or IE's?

The thing about people

is they change

when they walk away.--Mipso


#3 pumbaa

pumbaa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 13 September 2006 - 01:11 AM

Hi,
That's kinda what I figured too. The only thing that really looks strange to me is the R1 entry. And, I have not made any changes to the toolbar or settings that I am aware of. It just popped up when I was browsing the internet. Here is a fresh hijackthis log.

Logfile of HijackThis v1.99.1
Scan saved at 1:03:37 AM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\LTMSG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Games\Dynamite\Dynomite Deluxe\Dynomite.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Games\Dynamite\Dynomite Deluxe\popcapgame1.exe
C:\Documents and Settings\Mary\Desktop\runescape.exe
C:\Program Files\Microsoft Office\Office\outlook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\hijerkerthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oca.microsoft.com/resredir.aspx?sid....2.00010300.2.0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio.../qdiagh.cab?326
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


Thanks,
pumbaa

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 13 September 2006 - 01:05 PM

OK, well, I don't think there is anything suspicious trying to alter your toolbars, should be something legitimate. Lots of things want to put buttons on there that you may not ever use but they should be harmless. The attempt to change is probably the result of something set to update automatically or you've allowed an ActiveX to run that wants to install a change which I believe is happening here since you say it happens when surfing the web.

That R1 is strange. It shows what your homepage will be reset to when you tell Internet Explorer to Reset Web Settings. I don't believe I've ever seen that set to an Online Crash Analyses page. Not sure if it is related to the toolbar issue but it could well be. This line indicates a crash or other problem and is set to send an error report to Microsoft:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

I suppose it is possible that having TeaTimer (Spybot) deny a change to the toolbar caused IE to crash and it reset itself to the crash analysis site. Or do you remember resetting your web settings yourself?

It is hard to say for sure, but I suspect the culprit is related to some HP software or drivers. It is common to see fault checks in logs where there are entries related to HP, especially when there is a lot of them as in your log. HP puts a lot of files on your PC, even if you just install a printer or other peripheral. The more files on a PC the more chance for some kind of conflict and it is very diffecult to troubleshoot; from my experience I don't even think HP techs know. Altho there are some known conflicts: HP Share to Web is known to cause problems with an MS update.

In any event, two of HP related ActiveX controls show in your log, one an updater of some sort:

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio.../qdiagh.cab?326

The other 016 is considered bad by some programs like ewido, but I have it on my PC and it doesn't appear to cause a problem and will just get redownloaded the next time you go to MSN or other sites to play some online games. For now, let's not fix anything and troubleshoot your issue this way.

First let me say I don't use TeaTimer or Google toolbar myself, but am basing this adivce on knowing how it works and this thread that you may already have seen: http://64.233.187.104/search?q=cache:eL6Du...t=clnk&cd=2

Step 1: Reset TeaTimer's list:

Assuming you have told it to remember your decision, the registry change should be on the white or black list. There is a setting somewhere in Spybot where you can tell it to not give you a notice every time it blocks that change, but I can't find it at the moment and I want to get it set to where you allow the change so we can see what it is exactly.

* Right click on the TeaTimer system tray icon and select Settings. This will bring up TeaTimer's "White & Black List". There are four (4) Buttons across the top of the "White & Black List":
o Allowed processes
o Blocked processes
o Allowed registry changes
o Blocked registry changes

Note: If you don't see all four buttons, try expanding the window to the right.

* You can review all the entries that you have stored by clicking on these buttons. The entries that you should review are in "Denied registry changes". You can delete entries by clicking on the scripted black "X" to the right of the entry that you want to delete and then clicking the "OK" button when you're done. This will in effect make TeaTimer forget what you told it to remember so that during future changes to these items TeaTimer will issue a pop-up dialog rather then just a notification pop-up.


Reboot when done.

Step 2: Allow the change:

After reboot surf the web and if asked about a registry change to ITBarLayout, allow it. Let me know if a new button or icon apppears on IE's toolbar and what it is for and if Google toolbar comes back or what happens with it, etc. To get the change to initiate, it might help to surf to where it happened before if you can remember, or go to an HP site such as their photosharing service or whatever you might be in the habit of visiting there to see if I'm right about it being related.

Step 3: Post a new log.

If we are successful in getting the change to initiate and approve it, there should be an entry in HijackThis that will show up to give an idea of what it is and can be fixed from there if you decide you don't want it. So please post a new log.

Step 4: Post a WinPFind log:

Whether the change comes back or not, please do the following and post the log in your next reply as it will contain some more information that may help further troubleshoot the issue(s).

Download WinPFind2.zip and unzip it to your Desktop. It will create a folder named WinPFind2. Do NOT run the program directly from the zip file.
  • Open the WinPFind2 folder and double-click on winpfind2.exe to start the program.
  • In the File Options section click the checkboxs next to:

    All-Users Startup Folder
    Current-User Startup Folder


    In the AddOn-Options box click the checkboxes for
    • DPF.def
    • Jobs.def
    to select them.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it, then copy and paste the contents of that report into your next post.
Some questions. Your last log is showing a serivce for Trend Micro's antivirus running that wasn't in your first log. Did you run an online scan or install something from there? If so please link me to the page where it came from.

Sorry for the long post. Please do exactly as I've instructed so I can try to figure this all out and go no farther with it. Once you've posted back we'll take it from there. Let me know of any problems and if there is any other info you can think of. Also is this an HP machine and what HP products, such as printers, do you use?

The thing about people

is they change

when they walk away.--Mipso


#5 pumbaa

pumbaa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 13 September 2006 - 03:48 PM

Hi,
I did find and already read the link you listed referencing the ITBarLayout problem, and a few other web pages concerning the same. I was visiting the MarthaStewart.com website, searching the TV program page for recipes. But I suspicion the problem just appeared at that time, and is not associated with that website. After Spybot alerted me to the ITBarLayout problem, I ran a hijackthis log and noticed the R1 line. I did go into Control Panel, and reset the web settings to the default, but it didnít make any difference, since R1 on both logs are the same. But, like you said, I donít believe that is supposed to be the default web setting. On the 016 lines, I think the first one is for Java to update. And the second one is definitely for my HP printer. I probably downloaded it so I could update my driver for my printer. I have an HP 6110 All-in-one deskjet printer, and I use an HP digital camera. I use a logitech keyboard, and logitech webcam, and microsoft mouse. When I first set it up, I had a problem connecting with my Outlook to send pictures, and had to restart the program, but finally got the problem resolved. The problem may have something to do with my problem with the HP digital camera.

I went into Spybot and deleted the line concerning the ITBarLayout, and restarted my computer. I then allowed the change. Everything is working correctly as far as I can see. My google toolbar is still there when I open a new window from the original window. I do not see anything different in my tools on the Internet Explorer bar, nor on the Google toolbar. When I got the first notification from Spybot, I ran a hijackthis log to see if I could see anything that looked unusual. When I couldnít really find anything, I went to your website, and did all the scans as advised, except, I realized later, I downloaded Ewido and installed it, instead of just doing an online scan. I disable ewido when I restart my computer to avoid a conflict because I use McAfee, and I will uninstall it when this is resolved, or you tell me to do so. I just clicked on the link that is in your website, about ďIf you have a problem, do this beforeÖĒ Here is the log from WinPFind2:

Logfile created on: 09/13/2006 15:31
WinPFind2 by OldTimer - Version 1.0.8 Folder = C:\Documents and Settings\Mary\Desktop\winpfind2\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)


< Processes (Non-Microsoft Only) >
c:\program files\softwin\bitdefender8\bdmcon.exe - (SOFTWIN S.R.L. )
c:\program files\softwin\bitdefender8\bdnagent.exe - ( )
c:\program files\common files\softwin\bitdefender scan server\bdss.exe - ( )
c:\program files\logitech\video\fxsvr2.exe - (Logitech Inc. )
c:\program files\google\googletoolbarnotifier\1.0.720.3640\googletoolbarnotifier.exe - (Google Inc. )
c:\program files\ewido anti-spyware 4.0\guard.exe - (Anti-Malware Development a.s. )
c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe - (Hewlett-Packard )
c:\program files\hewlett-packard\hp share-to-web\hpgs2wnf.exe - ( )
c:\program files\hewlett-packard\digital imaging\bin\hpoevm08.exe - (Hewlett-Packard Co. )
c:\program files\hewlett-packard\digital imaging\bin\hposol08.exe - (Hewlett-Packard Co. )
c:\program files\hewlett-packard\digital imaging\bin\hposts08.exe - (Hewlett-Packard Co. )
c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe - (Hewlett-Packard )
c:\program files\hewlett-packard\digital imaging\unload\hpqcmon.exe - ( )
c:\windows\system32\hpzipm12.exe - (HP )
c:\program files\java\jre1.5.0_08\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\program files\logitech\setpoint\kem.exe - (Logitech Inc. )
c:\program files\logitech\setpoint\khalmnpr.exe - (Logitech Inc. )
c:\program files\logitech\video\logitray.exe - (Logitech Inc. )
c:\windows\ltmsg.exe - (Agere Systems )
c:\windows\system32\lvcomsx.exe - (Logitech Inc. )
c:\progra~1\mcafee.com\agent\mcagent.exe - (McAfee, Inc )
c:\program files\mcafee.com\agent\mcdetect.exe - (McAfee, Inc )
c:\progra~1\mcafee.com\vso\mcshield.exe - (McAfee Inc. )
c:\progra~1\mcafee.com\agent\mctskshd.exe - (McAfee, Inc )
c:\progra~1\mcafee.com\vso\mcvsescn.exe - (McAfee, Inc. )
c:\program files\mcafee.com\vso\mcvsshld.exe - (McAfee, Inc. )
c:\progra~1\mcafee.com\person~1\mpfagent.exe - (McAfee Security )
c:\progra~1\mcafee.com\person~1\mpfservice.exe - (McAfee Corporation )
c:\progra~1\mcafee.com\person~1\mpftray.exe - (McAfee Security )
c:\windows\system32\nvsvc32.exe - (NVIDIA Corporation )
c:\program files\mcafee.com\vso\oasclnt.exe - (McAfee, Inc. )
c:\program files\microsoft office\office\osa.exe - ( )
c:\windows\soundman.exe - (Realtek Semiconductor Corp. )
c:\program files\spybot - search & destroy\teatimer.exe - (Safer Networking Limited )
c:\documents and settings\mary\desktop\winpfind2\winpfind2\winpfind2.exe - (OldTimer Tools )
c:\program files\microsoft office\office\winword.exe - ( )
c:\program files\common files\softwin\bitdefender communicator\xcommsvr.exe - (Softwin )
c:\program files\yahoo!\messenger\yahoomessenger.exe - (Yahoo! Inc. )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
HKLM->Main\\Search Page - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM->Main\\Default_Page_URL - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKLM->Main\\Default_Search_URL - http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page - http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
HKCU->Main\\Search Bar - http://www.google.com/ie
HKCU->Main\\Search Page - http://www.google.com
HKCU->Main\\Local Page - C:\WINDOWS\system32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM->Search\\SearchAssistant - http://www.google.com/ie
HKCU->Search\\CustomizeSearch - Reg Data missing or invalid
HKCU->Search\\SearchAssistant - Reg Data missing or invalid
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride -

[>> BHO's <<]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated )
{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited )
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc. )
{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc. )

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\system32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc. )
{BA52B914-B692-46c4-B683-905236F6F655} - McAfee VirusScan = c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc. )

[HKCU-> Internet Explorer ToolBars]
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc. )

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8194 - Sun Java Console
{A75C6120-9B36-11d4-A3F0-009027427750} - 8195 - Reg Data missing or invalid
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - 8193 - Yahoo! Messenger
{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8192 - Windows Messenger
NextId - 8196

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll (Sun Microsystems, Inc. )
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - ButtonText: Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc. )
{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - Autoplay for SlideShow = Reg Data missing or invalid (File not found))
{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = Reg Data missing or invalid (File not found))
{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation )
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation )
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation )
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} - My Logitech Pictures = C:\Program Files\Logitech\Video\Namespc2.dll (Logitech Inc. )
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found))
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data missing or invalid (File not found))
{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = Reg Data missing or invalid (File not found))
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data missing or invalid (File not found))
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\system32\hticons.dll (Hilgraeve, Inc. )
{A4DF5659-0801-4A60-9607-1C48695EFDA9} - Share-to-Web Upload Folder = C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL (Hewlett-Packard )
{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation )
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} - BitDefender Antivirus v8 = C:\Program Files\Softwin\BitDefender8\bdshelxt.dll (SOFTWIN S.R.L. )
{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - {CFC7205E-2792-4378-9591-3879CC6C9022} - = c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc. )
* - BitDefender Antivirus v8 - {D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender8\bdshelxt.dll (SOFTWIN S.R.L. )
* - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
Directory - ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s. )
Directory\Background - 00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation )
Directory\Background - NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation )
Folder - {CFC7205E-2792-4378-9591-3879CC6C9022} - = c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc. )
Folder - BitDefender Antivirus v8 - {D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender8\bdshelxt.dll (SOFTWIN S.R.L. )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]
Folder - {F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Shell Extension = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc. )

[>> Registry Run Keys <<]
HKLM->Run\\!ewido - "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized (Anti-Malware Development a.s. )
HKLM->Run\\BDMCon - "C:\Program Files\Softwin\BitDefender8\bdmcon.exe" (SOFTWIN S.R.L. )
HKLM->Run\\BDNewsAgent - "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" ( )
HKLM->Run\\CamMonitor - C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe ( )
HKLM->Run\\KernelFaultCheck - %systemroot%\system32\dumprep 0 -k (File not found))
HKLM->Run\\LogitechVideoRepair - C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc. )
HKLM->Run\\LogitechVideoTray - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc. )
HKLM->Run\\LTMSG - LTMSG.exe 7 (Agere Systems )
HKLM->Run\\LVCOMSX - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc. )
HKLM->Run\\MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc )
HKLM->Run\\MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe (McAfee, Inc )
HKLM->Run\\MPFExe - C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe (McAfee Security )
HKLM->Run\\NvCplDaemon - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (File not found))
HKLM->Run\\NvMediaCenter - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (File not found))
HKLM->Run\\nwiz - nwiz.exe /install (NVIDIA Corporation )
HKLM->Run\\OASClnt - C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc. )
HKLM->Run\\Share-to-Web Namespace Daemon - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard )
HKLM->Run\\SoundMan - SOUNDMAN.EXE (Realtek Semiconductor Corp. )
HKLM->Run\\SunJavaUpdateSched - "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" (Sun Microsystems, Inc. )
HKLM->Run\\VirusScan Online - C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc. )
HKLM->Run\\VSOCheckTask - "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask (McAfee, Inc. )
HKCU->Run\\LogitechSoftwareUpdate - "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (Logitech Inc. )
HKCU->Run\\SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited )
HKCU->Run\\swg - C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (Google Inc. )
HKCU->Run\\Yahoo! Pager - "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (Yahoo! Inc. )

[>> Startup Lnks <<]
HKLM->Common Startup - Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated )
HKLM->Common Startup - desktop.ini - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ( )
HKLM->Common Startup - hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard )
HKLM->Common Startup - Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc. )
HKLM->Common Startup - Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ( )
HKLM->Common Startup - Office Startup.lnk - C:\Program Files\Microsoft Office\Office\OSA.EXE ( )
HKLM->Common Startup - officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe (Hewlett-Packard Co. )
HKCU->Startup - desktop.ini - C:\Documents and Settings\Mary\Start Menu\Programs\Startup\desktop.ini ( )

[>> Disabled MSConfig Items <<]

[>> User Agent Post Platform <<]
SV1 -

[>> AppInit DLLs <<]

[>> Image File Execution Options <<]
Your Image File Name Here without a path - Debugger = ntsd -d

[>> Shell Service Object Delay Load <<]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll (Microsoft Corporation )

[>> Shell Execute Hooks <<]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[>> Shared Task Scheduler <<]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\system32\browseui.dll (Microsoft Corporation )

[>> Winlogon <<]
UserInit - C:\WINDOWS\system32\userinit.exe, (Microsoft Corporation )
Shell - Explorer.exe (Microsoft Corporation )
System - (File not found))
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\ScCertProp - wlnotify.dll (Microsoft Corporation )
Notify\Schedule - wlnotify.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\termsrv - wlnotify.dll (Microsoft Corporation )
Notify\WgaLogon - WgaLogon.dll (Microsoft Corporation )
Notify\wlballoon - wlnotify.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{47F57784-4329-4C11-9ED5-10B8D485653C} - (1394 Net Adapter)
{6583F503-3028-48DE-99F3-2CD1DF78E597} - (Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller)
{C1DA10B1-591A-4AF9-A3B1-FB3E9736B216} - ()
{E14993EC-B3C9-41F0-B00C-E6275925C08F} - ()

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found))
msdaipp - (File not found))

[>> Protocol Filters (Non-Microsoft only) <<]

< Services (Non-Microsoft Only) >
BitDefender Scan Server (bdss) - "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service ( ) [Automatic - Running - Win32, running in it's own process]
ewido anti-spyware 4.0 guard (ewido anti-spyware 4.0 guard) - C:\Program Files\ewido anti-spyware 4.0\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
McAfee WSC Integration (McDetect.exe) - c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc ) [Automatic - Running - Win32, running in it's own process]
McAfee.com McShield (McShield) - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (McAfee Inc. ) [Automatic - Running - Win32, running in it's own process]
McAfee Task Scheduler (McTskshd.exe) - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (McAfee, Inc ) [Automatic - Running - Win32, running in it's own process]
McAfee Personal Firewall Service (MpfService) - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe (McAfee Corporation ) [Automatic - Running - Win32, running in it's own process]
NVIDIA Display Driver Service (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation ) [Automatic - Running - Win32, running in it's own process]
Pml Driver HPZ12 (Pml Driver HPZ12) - C:\WINDOWS\system32\HPZipm12.exe (HP ) [On Demand - Running - Win32, running in it's own process]
BitDefender Communicator (XCOMM) - "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (Softwin ) [Automatic - Running - Win32, running in it's own process]

< Files >

AllUsers Startup Folder
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - ( [Ver = | Size = 1757 bytes | Date = 08/18/2006 19:16 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 08/17/2006 10:46 | Attr = HS])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk - ( [Ver = | Size = 779 bytes | Date = 08/19/2006 13:57 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk - ( [Ver = | Size = 1646 bytes | Date = 08/17/2006 11:19 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk - ( [Ver = | Size = 761 bytes | Date = 08/20/2006 13:11 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk - ( [Ver = | Size = 736 bytes | Date = 08/20/2006 13:13 | Attr = ])
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk - ( [Ver = | Size = 779 bytes | Date = 08/19/2006 13:59 | Attr = ])

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 08/17/2006 05:36 | Attr = HS])
C:\Documents and Settings\All Users\Application Data\hpzinstall.log - ( [Ver = | Size = 228 bytes | Date = 08/19/2006 13:59 | Attr = ])

CurrentUser Startup Folder
C:\Documents and Settings\Mary\Start Menu\Programs\Startup\desktop.ini - ( [Ver = | Size = 84 bytes | Date = 08/17/2006 10:46 | Attr = HS])

CurrentUser ApplicationData Folder
C:\Documents and Settings\Mary\Application Data\AdobeDLM.log - ( [Ver = | Size = 875 bytes | Date = 08/18/2006 19:15 | Attr = ])
C:\Documents and Settings\Mary\Application Data\desktop.ini - ( [Ver = | Size = 62 bytes | Date = 08/17/2006 05:36 | Attr = HS])
C:\Documents and Settings\Mary\Application Data\dm.ini - ( [Ver = | Size = 0 bytes | Date = 08/18/2006 19:15 | Attr = ])

DPF files
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwa...director/sw.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...ows-i586-jc.cab
{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - Get_ActiveX Control - CodeBase = https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_08 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - - CodeBase = http://www.popcap.com/games/popcaploader_v6.cab
{EB387D2F-E27B-4D36-979E-847D1036C65D} - QDiagHUpdateObj Class - CodeBase = http://h30155.www3.hp.com/ediags/hpfix/aio.../qdiagh.cab?326
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

Hosts file (Non-Standard entries only). File size = 62475 bytes. C:\WINDOWS\System32\drivers\etc\Hosts

< Add On's >

>>>>Output for AddOn file DPF.def<<<<

DIR - C:\WINDOWS\downloaded program files\*.* - Parameters = Include SubFolders
C:\WINDOWS\downloaded program files\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 08/17/2006 10:45 | Attr = H ])
C:\WINDOWS\downloaded program files\erma.inf - ( [Ver = | Size = 1793 bytes | Date = 06/25/2006 12:50 | Attr = ])
C:\WINDOWS\downloaded program files\HPGetDownloadManager.ocx - ( [Ver = | Size = 88136 bytes | Date = 08/19/2006 15:10 | Attr = ])
C:\WINDOWS\downloaded program files\jinstall-1_5_0_08.inf - ( [Ver = | Size = 896 bytes | Date = 07/26/2006 04:00 | Attr = ])
C:\WINDOWS\downloaded program files\mcfscan.inf - ( [Ver = | Size = 882 bytes | Date = 02/24/2006 12:49 | Attr = ])
C:\WINDOWS\downloaded program files\Microsoft XML Parser for Java.osd - ( [Ver = | Size = 1162 bytes | Date = 01/20/2000 15:25 | Attr = ])
C:\WINDOWS\downloaded program files\popcaploader.inf - ( [Ver = | Size = 241 bytes | Date = 08/18/2004 15:47 | Attr = ])
C:\WINDOWS\downloaded program files\qdiagh.inf - ( [Ver = | Size = 728 bytes | Date = 11/30/2004 14:17 | Attr = ])

DIR - C:\WINDOWS\downloaded installations\*.* - Parameters = Include SubFolders

>>>>Output for AddOn file Jobs.def<<<<

DIR - C:\WINDOWS\tasks\*.* - Parameters = Include SubFolders
C:\WINDOWS\tasks\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 08/04/2004 07:00 | Attr = RH ])
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 6100 series#1156013952.job - ( [Ver = | Size = 400 bytes | Date = 08/19/2006 14:00 | Attr = ])
C:\WINDOWS\tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 09/13/2006 15:10 | Attr = H ])

< End of report >

Here is my new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:23:52 PM, on 9/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\LTMSG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft Office\Office\Winword.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\hijerkerthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oca.microsoft.com/resredir.aspx?sid....2.00010300.2.0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio.../qdiagh.cab?326
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


Thank you,
pumbaa

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 14 September 2006 - 12:00 AM

OK, the WinPfind log looks OK.

I really don't think you have anything to worry about. If it were a rogue or malicious toolbar it would have shown up when you allowed the change, so it looks like IE or Google did some self-repair after a crash or some damage. In your research you probaqbly saw that toolbars disappear when ITBarLayout value in the registry is damaged. It will rewrite itself when removed, and in your original post you noted the old value was empty. More info here: http://support.microsoft.com/default.aspx?...kb;en-us;555130

That again is for when toolbars disappear--which yours did as long as you were blocking the reg change--so the solution shouldn't be used unless they disappear again.

I don't think I will be able to find an explanation for you as far as the R1 entry. It's unusual but again I don't think it is caused by anything malicious and finding out the cause would be like looking for a needle in a haystack. However is should do no harm either way to fix it. That and the Fault check are useless and should be cleaned up.

Before fixing with HijackThis you should disable TeaTimer.

Scan again with HijackThis and check the following:

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://oca.microsoft.com/resredir.aspx?sid....2.00010300.2.0
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k


The following are known resource hogs. The programs can be accesed thru the Start menu so I suggest you fix them as well:

O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE


If you don't use HP's share to web, I suggest you fix this as well--in fact you don't need it running at startup even if you do use it:

O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

You have several other items running at startup that aren't necessary or depend on how much you use or like the convenience of having access to them in the system tray. If you are interested in speeding up your startups I can give you some pointers on how to determine what you can safely fix or disable in my next post. But i would suggest fixing the following. This is actually your Java Updater and I prefer to update Java manually.

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"


When you have made your choices in HijackThis, close all other windows so that only HijackThis appears on your desktop and taskbar, then click Fix checked.

Reboot and post a new log, please.

As far as the faultcheck, if it reoccurs again, I have seen cases where fixing HP related startups has solved the problem. Especially these global startups:

O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?

Not real sure what the first one does, but the second is for your printer. You should still be able to access the printer if this were fixed, but I wouldn't do it with HijackThis. Disable them thru msconfig or install Mike Linn's Startup Control Panel which is much more convenient. Just disable long enough to determine if they are the culprit or delete if you believe they aren't needed.

On the 016 lines, I think the first one is for Java to update. And the second one is definitely for my HP printer. I probably downloaded it so I could update my driver for my printer.

Actually that first one is HP's Download Manager. Note the hp.com domain in the url. It uses Java in some way is why that appears.

The other hp one allows you to interact with HP support, whether to download updates or use live chat, etc. So it's not directly related to the function of your printer.

All 016's can be safely fixed with HijackThis, or deleted from the C:\WINDOWS\Downloaded Programs Files folder. Most ActiveX allows you to interact in some way with web pages and some are used to download and install complete programs on your PC. Any of these can be redownloaded when you visit the appropriate web page as needed.

As far as Ewido, personally, I would keep it. It is a very effective anti-trojan that will still scan and clean even after the trial runs out. It is not known to conflict with antivirus software, altho McAfee may be an exception, so I leave that up to you.

Lastly, you didn't let me know where the BitDefender lines came from. They should be nothing to worry about either, it's just that if that is the online scanner it is an entry I haven't seen before (and there should be a corresponding 016) and if it is a resident antivirus it is more likely to conflict than ewido would.

So please post a new log after fixing and let me know how it goes. Notice any increase in speed or any problems?

The thing about people

is they change

when they walk away.--Mipso


#7 pumbaa

pumbaa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 14 September 2006 - 02:10 PM

Hi,
Yes, I did find that webpage about the ITBarLayout value being rewritten if it was deleted. I missed the question about BitDefender. I clicked on the link from your website. But, Iím getting old and my eyesight isnít what it used to be, and I probably didnít read it good enough. What I downloaded was the BitDefender 8 Free Edition. I do not have the VirusShield in BitDefender turned on, so it is kinda just sitting there to run scans with. I evidently downloaded their scanner instead of doing the online scan. Is the BitDefender VirusShield compatible with Ewido? My McAfee subscription runs out in November, so I will probably just keep Ewido on here til then, and then uninstall McAfee and use Ewido. I really appreciate your help, and have learned lots more. The problem with the faultcheck did not show up again on the hijackthis log. I downloaded the little Startup program, but since the faultcheck didnít show back up, I didnít use it. I know I do have a lot of stuff running on startup, but just not sure what really needs to be there. Any help on getting rid of some of the startup stuff would be appreciated. Here is my new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:59:21 PM, on 9/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft Office\Office\Winword.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\hijerkerthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


Thanks,
pumbaa

#8 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,614 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 PM

Posted 14 September 2006 - 09:47 PM

OK, you look in pretty good shape here. Chalk what happened with the toolbar up to experience and let's hope it is just an isolated incident. And remember that TeaTimer blocks all registry changes, whether good or bad. So when it blocks something, it doesn't mean you are necessarily having a malware problem, it is up to you to find out if it is something to be a allowed or not. Asking as you have done is always a good way to go. :thumbsup:

If it happens again and you run all those scans and find nothing, it would probably be better to ask for help in AntiVirus, Firewall and Privacy Products and Protection Methods or the XP forum. We try to keep the HijackThis forum more for removing malware even tho we can troubleshoot other issues. I'm not trying to discourage you from asking for help, but I get the feeling you are a cautious person and malware won't get by you very often if at all. Your system is well protected and, altho everyone is at risk, most of the folks who need help in this HJT forum are downloading illegal or little known software, surfing porn, are careless about opening email attachments or otherwise engage in high risk behaviour. At the end of this post I'll give you a few pointers on tightening up your security a little more and link you to some general good advice in this area.

I didn't expect the faultCheck to come back right away. If there is some basic problem or conflict on your system it may re-occur at some point in the future. So the above advice about disabling those HP Global startups--and really any startup that might cause it--may help solve the problem if it comes up again. That's basic troubleshooting.

For leaning up your startups, we got rid of the worst resource hogs and most useless in the last post. It is a bit tricky on the rest of them to give advice because I don't know what and how you might use them. In general, what you see as an 04 line in HijackThis are normal startups that will appear in msconfig or the tabs in Startup Control Panel that you downloaded. Look at the name of the file or the program name and look it up in our Startup Programs Database. Read the information on how to use the database (and don't worry about using Autoruns, unless you have more advanced knowledge of how programs start in other ways) and scroll down to the status keys.

You have some entries that are rated N (stands for No, not needed) and U (stands for User's choice). You should be able to safely disable anything rated N and decide if you use anything with a U rating enough to keep it or not. There is a bit of debate on which startup gets rated in what way. If N, then you should be able to access the program in the Start menu or Control Panel, so being in the System Tray is for your convenience. But there are some programs rated N that are for tweaking display and sound card and other hardware settings that you may lose some options for even if you have access in Control Panel. Those might better be rated U. However, you can always disable the program and if you miss it, re-enable it again. So you can play with it and use trial and error.

One last note on that: the best way to disable something you know you don't need at startup is to open the program and look for an Options menu or some other configuration settings and look for a way to prevent it from "starting when Windows starts" or some other phrase that means the same thing.

Is the BitDefender VirusShield compatible with Ewido? My McAfee subscription runs out in November, so I will probably just keep Ewido on here til then, and then uninstall McAfee and use Ewido.

OK, thanks for letting me know what the BitDefender entries are. BitDefender is another anti-virus (AV). You really don't need two. In fact I am always advising people to not run two installed AV's because most will have real-time scanning that will clash with each other causing problems and take up too many resources. (Realtime scanning runs in the background and should warn you if you try to open an infected file.) However, the free version of BitDefender does not include a realtime scanner. So it shouldn't conflict with McAfee, but you still don't need it taking up resources--it still has to keep updated.

Ewido isn't an antivirus. It is technically an antitrojan, altho it is called an anti-spyware now. It is close to an AV, but it's real time protection doesn't work in the same way as an AV and must be purchased for it to work.

If you get rid of McAfee, you'll need a true AV with real time protection and you'll also need to replace it's firewall. The following are some good free AV's that fit the bill:

Antivir
Avast Free
AVG Free

And free firewalls:

Kerio Personal Firewall
OutPost Firewall Free
ZoneAlarm
Sygate Personal Firewall

One good AV and one good firewall, along with two or three anti-spyware/antitrojan will give you a very effective protection against most threats. BTW, you can run more than one anti-spywares because their realtime protection is either optional or doesn't work in quite the same way as an AV's. They will occasionally clash, so don't over do it with them either by running more than three. You have ewido, Spybot and Ad-Aware, which should be just right.

Below is a link to a mini tutorial on how to prevent infections. The only other tool that I recommend you add to what you already have is SpywareBlaster. With all those tools in your arsenal and if you make sure to keep Windows updated, your chance of getting infected is reduced dramatically.

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there are any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

If you have any other questions don't hesitate to post back. :flowers:

The thing about people

is they change

when they walk away.--Mipso


#9 pumbaa

pumbaa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:28 PM

Posted 14 September 2006 - 10:59 PM

Thank you so much for your help. BTW, I tell all of my friends who have malware problems with their computer, to check out your website. Kudos. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users