Most of these posts read like Greek to me…I’ve got some major problems with my computer…I hope you can help me…

My computer started acting up like it had spyware problems…when I clicked on a link it would go to the Google search page instead of the web page…it would also change my load up page to Google from MSN…sometimes when clicking on a link it would take me to some search page I had never heard of instead of the web page…a message reading “Windows Security Alert Warning, Potential Spyware Operation…etc Click here to download Spyware Remover” pops up like every 3 minutes…I downloaded AD-Aware 2007 and ran it…it deleted some files but I’m still having the same problems…someone told me not to use Ad-aware so I have deleted it from my computer. I downloaded Windows Defender and it also deleted some files, but I’m still having the same problems…Then my control panel quit working, when I click on any icon I get “The operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator”…I rebooted and now my control panel is gone, it is not on Start Menu or in My Computer…

I downloaded Avast 4.7 and ran it last night…it found quite a few infected files…I moved them to the Virus Chest. I ran the program again today and it found 8 more infected files…when the infected file “C:\WINDOWS\system32\kdhpm.exe” came up and I clicked Move to Chest I got this error message “Virus Chest server is not running. RPC communication failed.” It seemed to move the other files to the chest, at least I did not get a message saying it wouldn’t. After it finished running I clicked on Virus Chest and it comes up but has red writing stating “Initialization of Chest files Action was completed with errors!” Errors report tab reads “Program cannot use Chest client: (null) —>Description: Virus chest server is not running. RPC communication failed.” The detailed information tab reads "Initialization of Chest files

Program will try to load all Chest files from the following server: (null)

Action was completed with errors!"

The infected files Avast has moved to the chest have been “C:\System Volume Information_restore…” mostly. A file that it moved today but not last night was “Win32:Wixad-B [trj]”

I’ve also been getting 2 different messages that pop when I first boot up and then when I go to web sites…they read:
“persistence Module has encountered a problem and needs to close…” with an error signature igfxpers.exe
The other one reads “KernelDrv.exe has encountered a problem and needs to close.” When I click “don’t send” I seem to be able to continue without problems…

I hope you can make heads or tails out of my post…I need some help!!!

You need something with a little mor punch than Adaware.

Download superantispyware

First update SAS

Then reboot to safe mode and follow the remaining instructions. You may want to print this out as you will not have internet access in safe mode.

After you are in safe mode set SAS up like this

Under Configuration and Preferences, click the Preferences button.
Then click the Scanning Control tab.

Under Scanner Options make sure the following are checked

• CHECK ALL BOXES

Return to the main page by clicking close on that screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive.(and other fixed drives)
Under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan.

When the scan is done, quarentine everything found . Reboot if asked. You can post the log in your next reply if you wish.

I downloaded SUPERAntiSpyware and ran it per your instructions…
It did ask me to reboot and when my system booted back up a message came up from SAS detecting home page change from MSN to Google…I, of course, checked for it not to allow it…my control panel is still gone…

I tried clicking on some web sites that I Googled and up pops a message wanting me to download MalwareAlarm…it is in a box headed with Microsoft Internet Explorer…when I click cancel it takes me to MalwareAlarm web page and begins running what looks to be a scan…I X’d out of it…another address took me to a Days Inn web site, I had clicked on an origami link…sometimes it will take you to the correct page.

The message warning me I have Spyware and should download a program is still popping up…

The Virus Chest is still empty with the same messages I reported before…should I run another scan with Avast?

Here is the log from the SAS scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/31/2007 at 04:10 PM

Application Version : 3.9.1008

Core Rules Database Version : 3371
Trace Rules Database Version: 1366

Scan type : Complete Scan
Total Scan Time : 01:28:18

Memory items scanned : 179
Memory threats detected : 0
Registry items scanned : 6492
Registry threats detected : 5
File items scanned : 33357
File threats detected : 197

Trojan.Downloader-Gen/Suspicious
[lanmanwrk.exe] C:\WINDOWS\SYSTEM32\LANMANWRK.EXE
C:\WINDOWS\SYSTEM32\LANMANWRK.EXE
[KernelDrv.exe] C:\WINDOWS\SYSTEM32\KERNELDRV.EXE
C:\WINDOWS\SYSTEM32\KERNELDRV.EXE
C:\WINDOWS\SYSTEM32\90665.EXE
C:\WINDOWS\SYSTEM32\96312.EXE
C:\WINDOWS\Prefetch\90665.EXE-33432A3F.pf
C:\WINDOWS\Prefetch\LANMANWRK.EXE-12FB2801.pf

Trojan.LanMan/Rootkit
HKLM\System\ControlSet001\Services\lanmandrv
C:\WINDOWS\SYSTEM32\LANMANDRV.SYS
HKLM\System\ControlSet003\Services\lanmandrv
HKLM\System\CurrentControlSet\Services\lanmandrv

Adware.Tracking Cookie
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@trustedantivirus[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@msnportal.112.2o7[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@atdmt[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@partner2profit[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@sale.trustedantivirus[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@metacafe.122.2o7[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.burstnet[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@revsci[3].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@questionmarket[3].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@advertising[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@rotator.adjuggler[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@burstnet[3].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@secure.advancedcleaner[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ad.yieldmanager[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@overture[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@gomyhit[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@2o7[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@tacoda[3].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@552[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@zedo[3].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@edge.ru4[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@eyewonder[3].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@atwola[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@advancedcleaner[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@media.adrevolver[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@specificclick[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@doubleclick[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@spylog[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@casalemedia[4].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy (2) of jon faulkner@2o7[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy (2) of jon faulkner@ad.yieldmanager[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy (2) of jon faulkner@adbrite[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy (2) of jon faulkner@adecn[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy (3) of jon faulkner@2o7[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@2o7[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@ad.yieldmanager[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@adbrite[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@adecn[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@adinterax[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@adopt.specificclick[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@adrevolver[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@adrevolver[3].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@atlas.entrepreneur[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@atwola[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\Copy of jon faulkner@azjmp[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ad.yieldmanager[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adopt.specificclick[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adrevolver[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adrevolver[2].txt

More of log…too long for a single post…

C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adrevolver[4].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.cluster02.oasis.zmh.zope[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.cluster02.oasis.zmh.zope[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.domainsuite[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.domainsuite[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.e-planning[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.expedia[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ads.treehugger[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adsby.zwoops[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adserver[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@adultadworld[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@atdmt[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@atdmt[3].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@atwola[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@azjmp[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@bluestreak[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@brightcove.112.2o7[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@bs.serving-sys[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@burstnet[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@casalemedia[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@casalemedia[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@chokertraffic[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@click-to-download[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@clickaider[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@counter.plugin[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@counter3.sextracker[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@counter4.sextracker[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@e-2dj6wjkyqpcjmbo.stats.esomniture[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@e-2dj6wjny-1gcjmb.stats.esomniture[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@e-2dj6wjny-1ndjcf.stats.esomniture[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@e-2dj6wjnycpajolo.stats.esomniture[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@ehg-hollywood.hitbox[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@enhance[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@entrepreneur.122.2o7[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@entrepreneur[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@exitexchange[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@exitexchange[3].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@eyewonder[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@fastclick[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@fastfindrequest[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@findlinks.addresses[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@findmyinsurancepolicy[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@fucktgp[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@gettyimages.122.2o7[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@goclick[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@h.starware[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@heavycom.122.2o7[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@heavycom.122.2o7[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@hg1.hitbox[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@hitbox[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@hitbox[3].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@hornymatches[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@image.masterstats[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@interclick[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@klik.klikadvertising[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@linksynergy[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@media.adrevolver[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@media.adrevolver[3].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@media.mtvnservices[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@mediamatters[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@mediaplex[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@mediaplex[3].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@network.rpowermedia[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@oceanporno[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@perf.overture[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@phg.hitbox[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@questionmarket[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@questionmarket[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@questionmarket[4].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@research.backchannelmedia[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@revsci[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@semdirector.112.2o7[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@serving-sys[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@sexlist[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@soapteens[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@soundtrackcollector[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@specificclick[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@statse.webtrendslive[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@tacoda[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@teenmoviegalls[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@toseeka[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@tracking.pulse360[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@tremor.adbureau[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@try.screensavers[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@try.starware[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@try.starware[3].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@twelvefifteen[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@veryniceteens[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@webstats[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.bigfreeporn[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.boyporn-mechanics[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.burstbeacon[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.burstnet[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.clckm[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.findit-quick[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.ideal-teens[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.insex[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.inthecrack[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.soapteens[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.teenrussianboys[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.xctrk[2].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@www.young-teen-video[2].txt

More of log…too long for post…

C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@yadro[1].txt
C:\Documents and Settings\Jon Faulkner\Cookies\jon faulkner@zedo[1].txt
C:\Documents and Settings\Jon Faulkner\Local Settings\Temp\Cookies\jon faulkner@adopt.specificclick[1].txt
C:\Documents and Settings\Jon Faulkner\Local Settings\Temp\Cookies\jon faulkner@anad.tacoda[2].txt
C:\Documents and Settings\Jon Faulkner\Local Settings\Temp\Cookies\jon faulkner@anat.tacoda[2].txt
C:\Documents and Settings\Jon Faulkner\Local Settings\Temp\Cookies\jon faulkner@burstnet[2].txt
C:\Documents and Settings\Jon Faulkner\Local Settings\Temp\Cookies\jon faulkner@richmedia.yahoo[1].txt
C:\Documents and Settings\Jon Faulkner\Local Settings\Temp\Cookies\jon faulkner@www.burstbeacon[2].txt

Trojan.Downloader-Gen/Installer
C:\WINDOWS\B111.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\LQEAMOXX\i701_spacer[1].gif
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\4XENOHUN\AC_ActiveX[1].htm
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\VR8MRNIS\i701_brd-top-1[1].gif
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\XLOC41YM\i701_line1[1].jpg
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\VR8MRNIS\i701_BG[1].jpg
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\VBPRFP8W\favicon[1].ico
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\LQEAMOXX\i701_bg2[1].gif
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\P3ZFLP8E\index[1].htm
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\C9Y7KX63[1].htm
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\5UN8RW39\i701_boton2[1].gif
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\Z6GVR1KL\i701_line2[1].jpg
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\7F5BTYA6\ajax[1].htm
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\C9Y7KX63\adc_mainstream_022_a[1].swf
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\C9Y7KX63\noflash[1].gif
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\KLEFKTMZ\i701_brd-bot-1[1].gif
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\GVHB2IVL\i701_pc[1].jpg
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\4XENOHUN\i701_bg3[1].jpg
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\7F5BTYA6\i701_cor-left-1[1].gif
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\PQXY2R7W\spacer[1].gif
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\VN72FMN0\i701_line3[1].gif
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\U9DUBMXW\errorhandler[1].htm
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\0X6ZO5UB\i701_bg4[1].jpg
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\U9DUBMXW\errorhandler[2].htm
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\XLOC41YM\ajax[1].htm
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\MAIVI7EB\i701_cor-right-1[1].gif
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\P3ZFLP8E\stats[1].jpg
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\U9DUBMXW\data[1].htm
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\U9DUBMXW\i701_boton1[1].gif
C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\LQEAMOXX\stats[1].jpg

This is good all purpose cleaner if you don’t all ready have one. When first run, it is in demo mode to show you what it will remove. When you run it the second time make sure it’s not still in demo mode.

download from here http://www.stevengould.org/downloads/cleanup/

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall.

please note:

Combofix should never take more that 20 minutes including the reboot if malware is detected.

Do the following only if combofix stalls after 20 or so minutes and you are sure it has stalled, ie no hard drive light or noise.

If it does, open Task Manager (press ctrl, alt and del at the same time) then Processes tab and end any processes of findstr, find, sed or swreg, then combofix should continue.

End one at a time and see if combofix resumes.

Click here to download HJTsetup.exe

[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Please run in the order I posted them and post the combofix and hijackthis log in your next reply.

ComboFix log…Hjt log to follow…

ComboFix 07-12-31.4 - Jon Faulkner 2007-12-31 20:24:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.103 [GMT -6:00]
Running from: C:\Documents and Settings\Jon Faulkner\Local Settings\Temporary Internet Files\Content.IE5\P3ZFLP8E\ComboFix[1].exe

• Created a new restore point
  .

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\drivers\beep.sys
C:\Documents and Settings\All Users.\documents\settings
C:\Documents and Settings\All Users.\documents\settings\desktop.ini
C:\Documents and Settings\Jon Faulkner\Application Data\inst.exe
C:\Program Files\inetget2
C:\WINDOWS\medichi.exe
C:\WINDOWS\medichi2.exe
C:\WINDOWS\murka.dat
C:\WINDOWS\sks~1
C:\WINDOWS\system32\install.exe
C:\WINDOWS\system32\qmopt.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_LANMANDRV

((((((((((((((((((((((((( Files Created from 2007-12-01 to 2008-01-01 )))))))))))))))))))))))))))))))
.

2007-12-31 20:23 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-12-31 14:34 . 2007-12-31 14:34 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 14:33 . 2007-12-31 17:47 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-31 14:33 . 2007-12-31 14:33 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-31 14:33 . 2007-12-31 14:33 d-------- C:\Documents and Settings\Jon Faulkner\Application Data\SUPERAntiSpyware.com
2007-12-30 22:26 . 2007-12-30 22:26 d-------- C:\Program Files\Alwil Software
2007-12-30 22:26 . 2007-12-04 07:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-30 22:26 . 2004-01-09 03:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-30 22:26 . 2007-12-04 06:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-30 22:26 . 2007-12-04 08:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-30 22:26 . 2007-12-04 08:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-30 22:26 . 2007-12-04 08:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-30 22:26 . 2007-12-04 08:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-30 22:26 . 2007-12-04 08:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-30 22:02 . 2007-12-30 22:02 d-------- C:\Program Files\Windows Defender
2007-12-30 21:57 . 2007-12-30 21:57 9,216 --a------ C:\WINDOWS\system32\susp32.exe
2007-12-30 21:06 . 2007-12-30 21:06 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-28 15:05 . 2007-12-28 19:19 16,384 --a------ C:\WINDOWS\system32\users32.dat
2007-12-25 12:39 . 2007-12-30 21:28 d-------- C:\Program Files\Photo Viewer
2007-12-20 21:06 . 2007-12-20 21:08 d-------- C:\Program Files\Motorola Phone Tools
2007-12-13 15:03 . 2007-12-13 15:03 98 --a------ C:\WINDOWS\WirelessFTP.INI
2007-12-06 21:21 . 2007-12-06 21:21 d-------- C:\Program Files\Apple Software Update
2007-12-06 21:20 . 2007-10-31 14:09 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2007-12-06 20:56 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-12-06 20:56 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-01 02:19 --------- d-----w C:\Program Files\TrueAssistant
2007-12-31 13:41 42,210 ----a-w C:\Documents and Settings\Jon Faulkner\Application Data\wklnhst.dat
2007-12-31 05:08 --------- d-----w C:\Program Files\vmntoolbar
2007-12-31 03:06 --------- d-----w C:\Program Files\Lavasoft
2007-12-28 21:07 --------- d-----w C:\Program Files\ltmoh
2007-12-28 03:24 --------- d-----w C:\Documents and Settings\Jon Faulkner\Application Data\Image Zone Express
2007-12-26 18:25 --------- d-----w C:\Documents and Settings\Jon Faulkner\Application Data\Vso
2007-12-21 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-12-21 03:06 --------- d–h–w C:\Program Files\InstallShield Installation Information
2007-12-21 03:05 24,192 -c–a-w C:\Documents and Settings\Jon Faulkner\usbsermptxp.sys
2007-12-21 03:05 22,768 -c–a-w C:\Documents and Settings\Jon Faulkner\usbsermpt.sys
2007-12-21 03:05 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-12-20 03:13 --------- d-----w C:\Program Files\DVDFab Platinum 3
2007-12-08 07:01 --------- d-----w C:\Program Files\iTunes
2007-12-07 03:30 --------- d-----w C:\Documents and Settings\Jon Faulkner\Application Data\Apple Computer
2007-12-07 03:24 --------- d-----w C:\Program Files\iPod
2007-12-07 03:23 --------- d-----w C:\Program Files\QuickTime
2007-11-28 04:22 --------- d-----w C:\Program Files\STOPzilla!
2007-11-28 04:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2007-11-28 03:30 1,024 ----a-w C:\WINDOWS\system32\drivers\AF4DDDA4-BF0D-479B-A00D-F62E37030F0A.cxv
2007-11-28 03:27 2,048 ----a-w C:\WINDOWS\system32\drivers\1E648BC4-712E-4D9C-ABBE-BA2DE1381703.cxv
2007-11-28 02:38 --------- d-----w C:\Documents and Settings\Jon Faulkner\Application Data\Lavasoft
2007-11-26 11:12 --------- d-----w C:\Program Files\Logitech
2007-11-20 16:41 --------- d-----w C:\Program Files\CandleWorks
2007-11-20 16:38 7,417,077 ----a-w C:\FXTS2Install.EXE
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-03 23:48 47,360 ----a-w C:\Documents and Settings\Jon Faulkner\Application Data\pcouffin.sys
2006-08-14 21:48 19 -c–a-w C:\Program Files\Answer.txt
2006-08-14 21:29 2,609 -c–a-w C:\Program Files\index.htm
2006-07-03 13:22 26,624 -c–a-w C:\Program Files\New President ask Resignations Supreme Justices…wps
.

2nd page of ComboFix log…

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“TOSCDSPD”=“C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe” [2007-12-28 15:05 65536]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 06:00 15360]
“LDM”=“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe” [2007-12-28 15:05 36864]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 10:24 1694208]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2007-12-28 15:05 68856]
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“Tvs”=“C:\Program Files\Toshiba\Tvs\TvsTray.exe” [2007-12-28 15:05 73728]
“THotkey”=“C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe” [2005-08-10 12:23 356352]
“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2007-12-28 15:05 94208]
“HotKeysCmds”=“C:\WINDOWS\system32\hkcmd.exe” [2007-12-28 15:05 77824]
“Persistence”=“C:\WINDOWS\system32\igfxpers.exe” [2007-12-28 15:05 114688]
“LtMoh”=“C:\Program Files\ltmoh\Ltmoh.exe” [2007-12-28 15:05 184320]
“AGRSMMSG”=“AGRSMMSG.exe” [2005-04-12 17:17 88358 C:\WINDOWS\agrsmmsg.exe]
“SynTPLpr”=“C:\Program Files\Synaptics\SynTP\SynTPLpr.exe” [2007-12-28 15:05 98394]
“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-12-28 15:05 688218]
“TFncKy”=“TFncKy.exe”
“TPSMain”=“TPSMain.exe” [2005-05-31 22:00 282624 C:\WINDOWS\system32\TPSMain.exe]
“NDSTray.exe”=“NDSTray.exe”
“PadTouch”=“C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe” [2007-12-28 15:05 1077301]
“SmoothView”=“C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe” [2007-12-28 15:05 122880]
“Pinger”=“c:\toshiba\ivp\ism\pinger.exe” [2007-12-28 15:05 151552]
“dla”=“C:\WINDOWS\system32\dla\tfswctrl.exe” [2007-12-28 15:05 122941]
“IntelWireless”=“C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe” [2007-12-28 15:05 385024]
“Logitech Utility”=“Logi_MwX.Exe” [2003-12-17 03:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2007-12-28 15:05 49152]
“Notebook Maximizer”=“C:\Program Files\Notebook Maximizer\maximizer_startup.exe” [2004-05-25 15:35 28672]
“MimBoot”=“C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe” [2006-11-07 15:41 8192]
“CFSServ.exe”=“CFSServ.exe”
“ReminderApp”=“C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe” [2007-12-28 15:05 156160]
“QuickTime Task”=“C:\Program Files\QuickTime\QTTask.exe” [2007-11-14 23:43 286720]
“Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20 866584]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 07:00 79224]

C:\Documents and Settings\Jon Faulkner\Start Menu\Programs\Startup
TrueAssistant.lnk - C:\Program Files\TrueAssistant\TrueAssistant.exe [2006-11-17 03:45:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-08-08 01:38:41]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-07-28 14:56:17]
ymetray.lnk - C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe [2007-07-24 15:58:00]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 13:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

R0 KR10N;KR10N;C:\WINDOWS\system32\drivers\KR10N.sys [2005-01-11 11:05]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS
S3 SEMWModem;Sony Ericsson SEMWModem;C:\WINDOWS\system32\DRIVERS\GCXX.sys [2005-01-03 01:32]
S3 SEMWWNIC;Sony Ericsson SEMWWNIC;C:\WINDOWS\system32\DRIVERS\GCXXNet.sys [2005-01-03 01:32]
S3 STVqx3;Intel Play QX3 Microscope;C:\WINDOWS\system32\drivers\STVqx3.sys [2001-04-12 13:04]
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-05-30 19:28]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.
Contents of the ‘Scheduled Tasks’ folder
“2008-01-01 02:33:51 C:\WINDOWS\Tasks\MP Scheduled Scan.job”

• C:\Program Files\Windows Defender\MpCmdRun.exe
  .

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-31 20:31:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

.
Completion time: 2007-12-31 20:35:52 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-01 02:35:48
.
2007-12-23 07:06:39 — E O F —

1st of HiJackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:09 PM, on 12/31/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jon Faulkner\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM..\Run: [TFncKy] TFncKy.exe
O4 - HKLM..\Run: [TPSMain] TPSMain.exe
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM..\Run: [Windows Defender] “C:\Program Files\Windows Defender\MSASCui.exe” -hide
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

2nd part of HIJackthis log:

O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.sonypictures.com/games/zuma/popcaploader_v6.cab
O18 - Protocol: bw+0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

3rd part of HIJackthis log:

O18 - Protocol: bwd0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {32BA2C22-8A53-4436-B82F-C38D152E30BE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O24 - Desktop Component 0: (no name) - http://www.seawindsna.com/seawind/seawind23.gif
O24 - Desktop Component 1: (no name) - http://www.uscg.mil/History/webcutters/Cutter_5HECs_Color.jpg

–
End of file - 23134 bytes

How are things going for you now? I’m just having a look. Do you have any pictures, images on your desktop that you want to keep?

Is your control panel back?

My control panel is back and I can click on the items…my desktop is full of folders and shortcut icons…I also save alot of my word documents straight to desktop…I don’t have any images though…why? (I’m almost afraid to ask!!!)

When I do a google search, for example origami, and then click on a link that comes up, it sometimes takes me to the google search page again and just now it took me to a search engine called MonsterMarketplace…then next time I click it goes to the correct site…

The box that popped every 3 or 4 minutes about Spyware, has not popped up for awhile now!!! I’m holding my breath…

The Virus Chest in Avast is once again working…do I just leave all those files in there forever?

Just look at the 024 lines in the HJT log. We can fix 'em if you don’t want them. ;D

Yes, I would like to fix them…what do I need to do? And that pesky box still has not popped up…I’m starting to believe there is hope…

Open hijackthis, run a system scan only and place a checkmark next to these lines

[b]
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll (file missing)

checkmark all the 018 lines

O24 - Desktop Component 0: (no name) - http://www.seawindsna.com/seawind/seawind23.gif
O24 - Desktop Component 1: (no name) - http://www.uscg.mil/History/webcutters/Cutter_5HECs_Color.jpg
[/b]

Close all browsers/windows, click fix. close hjt

Upload these files to www.virustotal.com and please post the results. Just copy and paste them one at a time and wait for the results.

C:\WINDOWS\system32\susp32.exe
C:\FXTS2Install.EXE
C:\WINDOWS\system32\users32.dat

Post back the virus total results for each file and a new HJT log in your next reply and let me know how things are.

As for the files in the chest, you can leave them for now, they are safe there and can’t be run or accessed from out side.

Happy NewYear, I must sign off for a bit now.

I followed your directions with the following problems…

The C:\WINDOWS\system32\susp32.exe is in the Virus Chest…I could not locate it…I located some files with numbered names in the folder named chest and when I ran the one I deduced would be the susp32.exe file (I tried several) it came up clean…so I restored it. Then I loaded it up in virustotal and it told me it was an empty file…I went back and right clicked on it to look at properties and the Avast virus alert came up (by the way, the properties did show it was not empty)…I put it back in the chest…according to Avast it has the Win32:Wixud-B [trj] Trojan Horse.
Here are the logs for the other 2 files I ran through virustotal and HJT log from a new scan…I only cut and pasted the lines that showed a virus on the virustotal…

File FXTS2Install.EXE received on 01.01.2008 22:44:41 (CET)
Result: 1/32 (3.13%)

Prevx1 V2 2008.01.01 Heuristic: Suspicious Hijacker

Additional information
File size: 7417077 bytes
MD5: ae98a84356c9a7446337db060462b036
SHA1: 216aade16ba25161269335185656c1c0976bc49c
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=3F725D7FF50B04F42C67716C838523003DC418FE

File users32.dat received on 01.01.2008 23:06:57 (CET)
Result: 6/32 (18.75%)

Avast 4.7.1098.0 2008.01.01 Win32:Agent-PDP
AVG 7.5.0.516 2008.01.01 Adware Generic2.ZKV
BitDefender 7.2 2008.01.01 Trojan.Agent.AGHH
CAT-QuickHeal 9.00 2007.12.31 AdWare.Agent.zb (Not a Virus)
Ikarus T3.1.1.15 2008.01.01 not-a-virus:AdWare.Win32.Agent.zb
Kaspersky 7.0.0.125 2008.01.01 not-a-virus:AdWare.Win32.Agent.zb
Additional information
File size: 16384 bytes
MD5: 17db211a5b00c19c5c85b4ac7c3af8d2
SHA1: 254cdf4e8579407f98a4e1f271e0ef8421944e5e
PEiD: -

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:29:55 PM, on 1/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe