7/6/2007 11:41:36 AM SYSTEM 1868 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/6/2007 11:41:36 AM SYSTEM 1868 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/6/2007 11:41:36 AM SYSTEM 1868 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/7/2007 4:49:33 AM SYSTEM 428 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/7/2007 4:49:33 AM SYSTEM 428 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/7/2007 4:49:33 AM SYSTEM 428 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/7/2007 8:36:41 AM SYSTEM 348 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/7/2007 8:36:41 AM SYSTEM 348 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/7/2007 8:36:41 AM SYSTEM 348 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/8/2007 4:51:42 PM SYSTEM 1256 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/8/2007 4:51:43 PM SYSTEM 1256 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/8/2007 4:51:43 PM SYSTEM 1256 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/12/2007 8:02:43 AM SYSTEM 400 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/12/2007 8:02:44 AM SYSTEM 400 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/12/2007 8:02:44 AM SYSTEM 400 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.

You can’t install two antivirus at the same time in the same computer.
Also, disabling is not enough. You need full uninstallation of NAV:

1. Remove NAV through Add/Remove programs from Control Panel. Boot.
2. Use Norton Removal Tool for Windows 2000/XP/Vista.
3. Boot.
4. Install avast! Boot.
5. See what you get.

The summary with Norton was old…Norton has been deleted.
I got a trojan and adware screaming warning from avast. All I can get out of my chest is what I sent you and this balance
Where is the Trojan and adware??
7/26/2007 8:56:44 AM SYSTEM 348 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/26/2007 8:56:44 AM SYSTEM 348 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/26/2007 8:56:44 AM SYSTEM 348 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/27/2007 6:27:47 AM SYSTEM 360 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/27/2007 6:27:47 AM SYSTEM 360 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/27/2007 6:27:47 AM SYSTEM 360 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/31/2007 7:51:43 AM SYSTEM 356 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/31/2007 7:51:43 AM SYSTEM 356 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
7/31/2007 7:51:43 AM SYSTEM 356 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/6/2007 7:45:59 AM SYSTEM 356 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/6/2007 7:45:59 AM SYSTEM 356 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/6/2007 7:45:59 AM SYSTEM 356 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/6/2007 9:41:08 AM SYSTEM 344 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/6/2007 9:41:08 AM SYSTEM 344 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/6/2007 9:41:08 AM SYSTEM 344 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/7/2007 4:31:05 PM SYSTEM 412 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/7/2007 4:31:05 PM SYSTEM 412 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/7/2007 4:31:05 PM SYSTEM 412 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/12/2007 2:34:51 AM SYSTEM 388 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/12/2007 2:34:52 AM SYSTEM 388 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/12/2007 2:34:53 AM SYSTEM 388 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/12/2007 2:49:45 AM SYSTEM 408 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/12/2007 2:49:45 AM SYSTEM 408 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/12/2007 2:49:45 AM SYSTEM 408 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/12/2007 3:31:16 AM SYSTEM 352 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/12/2007 3:31:16 AM SYSTEM 352 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/12/2007 3:31:16 AM SYSTEM 352 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/13/2007 7:54:49 AM SYSTEM 248 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/13/2007 7:54:50 AM SYSTEM 248 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/13/2007 7:54:50 AM SYSTEM 248 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/14/2007 1:18:35 PM SYSTEM 416 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/14/2007 1:18:35 PM SYSTEM 416 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/14/2007 1:18:35 PM SYSTEM 416 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/14/2007 8:07:17 PM SYSTEM 348 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/14/2007 8:07:18 PM SYSTEM 348 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/14/2007 8:07:18 PM SYSTEM 348 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/15/2007 7:20:58 AM SYSTEM 360 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/15/2007 7:20:58 AM SYSTEM 360 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/15/2007 7:20:58 AM SYSTEM 360 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/16/2007 4:15:24 PM SYSTEM 408 AAVM - initialization error: Instant Messaging provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/16/2007 4:15:24 PM SYSTEM 408 AAVM - initialization error: P2P provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
8/16/2007 4:15:24 PM SYSTEM 408 AAVM - initialization error: Standard Shield provider: cannot start because ‘Norton Antivirus / Symantec Antivirus’ is active!, 00000000.
9/26/2007 11:52:02 AM È‘|(
4
@æ 372 AAVM - initialization error: Unhandled exception in AavmProviderStop, STANDARD.
10/17/2007 5:05:08 PM SYSTEM 1932 AAVM - initialization error: Unhandled exception in AavmProviderStop, STANDARD.
11/25/2007 7:13:58 PM SYSTEM 972 AAVM - scanning error: Aavm: FetchGlobalCounters cannot open mapping - server DOWN???, 00000002.

at one time I was running Norton couldn’t find disc than deleted it seems this is all related to norton so where is the trojan and adware that is supposed to be in my chest???
The end I hope

Norton shouldn’t be deleted, but uninstalled.
Even so, you need to run the specific tool to get rid of tons of leftovers from Norton. It’s more difficult to remove than a virus… Please, follow:

1. Remove NAV through Add/Remove programs from Control Panel. Boot.
2. Use Norton Removal Tool for Windows 2000/XP/Vista.
3. Boot.
4. Install avast! Boot.
5. See what you get.

WHOA, you are spreading your topic over a number of threads. Stick to one please. When you want to add to your thread, use the reply button by the upper or lower right corner of your thread.

We can’t follow this the way it is. Please follow Tech’s advice per norton, Right now it looks like it is your biggest problem.

sorry, said I was a newbie
Followed Norton instrux. Thanks. for all the help
Deleting all avast, spyware dr. and will PRAY both for me and you for you help TUVM

That’s okay,we all learn as we go on. Have you reinstalled avast now?

I Got rid of Norton, I trust
Tried to delete old Avast size 47.77; hit remove and got a new Avast size 67.7 OK did a scan. NO whistles and sirens YET! Got a list of stuff again, no NOrton stuff YEAH!
However, my brightred desktop that says YOUR PRIVACY IS IN DANGER is there sitting under all my files that were saved to my pretty blue desktop. How do I get rid of that?
I so want to thank y’all esp. lil ol man :-*
from lil ol lady, still struggling
xo

Hi , welcome to the forum

It would seem you have downloaded and installed a “rogue” antispy ware program. It’s a program that mauquarades as a legitimate antispyware program and wants money to remove real/imagined problems.

Let’s see if we can get rid of it.

Download superantispyware

First update SAS

Then reboot to safe mode and follow the remaining instructions. I’ll give you the instructions for getting into safe mode at the bottom of this post. You may want to print this out as you will not have internet access in safe mode.

After you are in safe mode set SAS up like this

Under Configuration and Preferences, click the Preferences button.
Then click the Scanning Control tab.

Under Scanner Options make sure the following are checked

• CHECK ALL BOXES

Return to the main page by clicking close on that screen. On the main screen, under Scan for Harmful Software click Scan your computer. On the left check C:\Fixed Drive.(and other fixed drives)
Under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan.

When the scan is done, quarentine everything found . Reboot if asked. You can post the log in your next reply if you wish.

[b]Booting to safe mode with Windows XP

Using the F8 Method

Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.
Do whatever tasks you require and when you are done reboot to boot back into normal mode[/b]

You should also do this after you do the scan with SAS

Click here to download HJTsetup.exe

[*]Save HJTsetup.exe to your desktop.
[*]Doubleclick on the HJTsetup.exe icon on your desktop.
[*]By default it will install to C:\Program Files\Hijack This.
[*]Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
[*]Put a check by Create a desktop icon then click Next again.
[*]Continue to follow the rest of the prompts from there.
[*]At the final dialogue box click Finish and it will launch Hijack This.
[*]Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
[*]Click on “Edit > Select All” then click on “Edit > Copy” to copy the entire contents of the log.
[*]Come back here to this thread and Paste the log in your next reply.
[*]DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Wow, U guys are somethin’ else.
I will start to fix this tonite and LUK what’s happening in a few days. Working and traveling.
Here, here to AVAST and it’s supporters of whom I am a big FAN. You can’t get this kind of support anywhere. TU EVER SO MUCH
Let’s see how the dummy does
Thanks for your patience
Struggling-maybe learning

;D Holy C**p, this is the coolest thing I’ve ever done in my life. I feel like I just gave birth. At first the pain was SEVERE; than I found AVAST and a WOOOONNNNNNNNNNDDDDDDDERFUL team of peopl. So here, check this out and now tell me what???
Do U need to see the SAS log. I figured I sent one too many logs already but I have it if it’s needed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:53 PM, on 12/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/notebookaccessories
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI01DA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132595256252
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = artswish
O17 - HKLM\Software..\Telephony: DomainName = artswish
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = artswish
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = artswish
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: gormet - {56ADD755-12F9-4E62-824D-BA46E9413B06} - C:\WINDOWS\gormet.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

–
End of file - 7489 bytes
Holy c**p it worked. Not only that but I got rid of my red screen I with the DANGER dork.
I also have the SAS log but I don’t know if that’s necessary at this point.
What is left so far is a message after rebooting SAS from I/E saying:
we cannot find file :///c/Windows/privacy_danger/index.htm make sure yourpath or internet access is correct HUH just looked up O24
there it is; so how do I get rid of it totally?
This is way too cool for words. My friend is a puter Geek. She sent me to a tech site and said “READ” follow instrux. That scared the livin’ ba Jesus out of me.
My desktop/shortcuts is now pure while and won’t go to pretty blue
I’m not complainin’

Hi

If you can attach the SAS log, I’d like to have a look. It would give a better idea of what has been already removed.

Just copy and paste the log into a notepad and save it to your desktop. Then use the additional options on the reply page and browse to the note pad you saved to your desk top.

There’s still a bit to to.

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.

When finished, it shall produce a log for you. Post that log and a new HJT log in your next reply
Note: Do not mouseclick combofix’s window while its running. That may cause it to stall.

Run combofix first then HJT. You can copy/paste the logs into notepad and attach if you wish.

I’ll be back with the other stuff later
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/03/2007 at 09:40 PM

Application Version : 3.9.1008

Core Rules Database Version : 3354
Trace Rules Database Version: 1352

Scan type : Complete Scan
Total Scan Time : 01:11:02

Memory items scanned : 168
Memory threats detected : 0
Registry items scanned : 5992
Registry threats detected : 35
File items scanned : 32818
File threats detected : 40

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID{85B2F289-7128-4C5A-A330-F9FC01432D3A}
HKCR\CLSID{85B2F289-7128-4C5A-A330-F9FC01432D3A}
HKCR\CLSID{85B2F289-7128-4C5A-A330-F9FC01432D3A}
HKCR\CLSID{85B2F289-7128-4C5A-A330-F9FC01432D3A}\InprocServer32
HKCR\CLSID{85B2F289-7128-4C5A-A330-F9FC01432D3A}\InprocServer32#ThreadingModel
HKCR\CLSID{85B2F289-7128-4C5A-A330-F9FC01432D3A}\ProgID
HKCR\CLSID{85B2F289-7128-4C5A-A330-F9FC01432D3A}\Programmable
HKCR\CLSID{85B2F289-7128-4C5A-A330-F9FC01432D3A}\TypeLib
HKCR\CLSID{85B2F289-7128-4C5A-A330-F9FC01432D3A}\VersionIndependentProgID
C:\WINDOWS\HDTIP.DLL
HKLM\Software\Classes\CLSID{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
HKCR\CLSID{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
HKCR\CLSID{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
HKCR\CLSID{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\InprocServer32
HKCR\CLSID{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\InprocServer32#ThreadingModel
HKCR\CLSID{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\ProgID
HKCR\CLSID{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\Programmable
HKCR\CLSID{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\TypeLib
HKCR\CLSID{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}\VersionIndependentProgID
C:\WINDOWS\WERBETDQW.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{A477EBE4-ABE9-4A9D-B1B4-0EB1D0D025CE}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{85B2F289-7128-4C5A-A330-F9FC01432D3A}
HKCR\hdtip.ToolBar.1
HKCR\hdtip.ToolBar.1\CLSID
HKCR\hdtip.ToolBar
HKCR\TypeLib{AE73C3E4-88F7-41A0-AF79-87BE6826B8DF}
HKCR\TypeLib{AE73C3E4-88F7-41A0-AF79-87BE6826B8DF}\1.0
HKCR\TypeLib{AE73C3E4-88F7-41A0-AF79-87BE6826B8DF}\1.0\0
HKCR\TypeLib{AE73C3E4-88F7-41A0-AF79-87BE6826B8DF}\1.0\0\win32
HKCR\TypeLib{AE73C3E4-88F7-41A0-AF79-87BE6826B8DF}\1.0\FLAGS
HKCR\TypeLib{AE73C3E4-88F7-41A0-AF79-87BE6826B8DF}\1.0\HELPDIR

Adware.Tracking Cookie
c:\documents and settings\carol\cookies\carol@media.adrevolver[1].txt
c:\documents and settings\carol\cookies\carol@ad.yieldmanager[1].txt
c:\documents and settings\carol\cookies\carol@atdmt[2].txt
c:\documents and settings\carol\cookies\carol@advertising[2].txt
c:\documents and settings\carol\cookies\carol@msnportal.112.2o7[1].txt
c:\documents and settings\carol\cookies\carol@fastclick[2].txt
c:\documents and settings\carol\cookies\carol@ads.techguy[1].txt
c:\documents and settings\carol\cookies\carol@questionmarket[1].txt
c:\documents and settings\carol\cookies\carol@mediaplex[2].txt
c:\documents and settings\carol\cookies\carol@hearstmagazines.112.2o7[1].txt
c:\documents and settings\carol\cookies\carol@interclick[2].txt
c:\documents and settings\carol\cookies\carol@media.adrevolver[2].txt
c:\documents and settings\carol\cookies\carol@statse.webtrendslive[2].txt
c:\documents and settings\carol\cookies\carol@statcounter[2].txt
c:\documents and settings\carol\cookies\carol@media.medhelp[2].txt
c:\documents and settings\carol\cookies\carol@ads.pointroll[1].txt
c:\documents and settings\carol\cookies\carol@doubleclick[1].txt
c:\documents and settings\carol\cookies\carol@adrevolver[1].txt
c:\documents and settings\carol\cookies\carol@medhelpinternational.112.2o7[1].txt
C:\Documents and Settings\Carol\Application Data\Earthlink\6.0\cph13@earthlink.net\Cookies\carol@2o7[1].txt
C:\Documents and Settings\Carol\Application Data\Earthlink\6.0\cph13@earthlink.net\Cookies\carol@ads.pointroll[2].txt
C:\Documents and Settings\Carol\Application Data\Earthlink\6.0\cph13@earthlink.net\Cookies\carol@advertising[1].txt
C:\Documents and Settings\Carol\Application Data\Earthlink\6.0\cph13@earthlink.net\Cookies\carol@atdmt[2].txt
C:\Documents and Settings\Carol\Application Data\Earthlink\6.0\cph13@earthlink.net\Cookies\carol@counter.hitslink[1].txt
C:\Documents and Settings\Carol\Application Data\Earthlink\6.0\cph13@earthlink.net\Cookies\carol@doubleclick[1].txt
C:\Documents and Settings\Carol\Application Data\Earthlink\6.0\cph13@earthlink.net\Cookies\carol@edge.ru4[1].txt
C:\Documents and Settings\Carol\Application Data\Earthlink\6.0\cph13@earthlink.net\Cookies\carol@mediaplex[1].txt
C:\Documents and Settings\Carol\Application Data\Earthlink\6.0\cph13@earthlink.net\Cookies\carol@questionmarket[1].txt
C:\Documents and Settings\Carol\Application Data\Earthlink\6.0\cph13@earthlink.net\Cookies\carol@sales.liveperson[1].txt
C:\Documents and Settings\Carol\Application Data\Earthlink\6.0\cph13@earthlink.net\Cookies\carol@servedby.advertising[1].txt

Trojan.Net-MSV/VPS
HKCR\MSVPS.MSVPSApp
HKCR\MSVPS.MSVPSApp\CLSID
HKCR\MSVPS.MSVPSApp\CurVer

Desktop Hijacker.AboutYourPrivacy
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\images
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\privacy_danger

Trojan.Downloader/NMC-Rich
C:\Program Files\RichVideoCodec

Trojan.Net-MU/Gen
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo#uninstallString

So far so good. I’d still like to see the logs from the other two scans, combofix and DecKard’s, as SAS found a downloader as well as other things.

Open HJT, run a system scan only and place a check mark next to these lines

R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O21 - SSODL: gormet - {56ADD755-12F9-4E62-824D-BA46E9413B06} - C:\WINDOWS\gormet.dll (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

You should update your java, as the older versions are vulnerable to infections.

Open an Internet Explorer (only) window and go to http://www.java.com/en/download/manual.jsp > In the middle of the page, click on the Download button to the right of Java Runtime Environment (JRE) 6u3 > If Information Bar pop-ups up, right-click on it and say it’s OK to display the blocked content.

You do not have to install the Java Web Start ActiveX Control

Accept the license agreement > Click on Windows (XP,Vista, .etc) Offline Installation, Multi-language and Save the file jre-6u3-windows-i586-p.exe to your desktop; do not Run it.

When the download is complete, close all browser windows and double-click on the saved file to install the update.

Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

Open Control Panel > Add/Remove Programs:

Uninstall anything that says Sun Java, Java JRE, or similar except Java TM 6 Update 3 which you just installed.

Close Add/Remove Programs.

In Windows Explorer, navigate to C:\Program Files[b]Java[/b] <=this folder, if found. Delete any subfolders except the subfolder jre1.6.0_03 which was just created by the installation above.

Do NOT delete C:\Program Files\JavaVM <=this folder, if found!

I also didn’t see a third party firewall. Windows firewall doesn’t provide outbout monitoring. You may want to check this thread for a good free firewall.

http://forum.avast.com/index.php?topic=30808.0

I did not see the word OFFLINE installatiion on Java. Therefore, everything was automatic.
I DID NOT proceed with any uninstalling Shall I
There are 3 java programs one being the one installed Java 6. I can uninstall that and start over. What do U suggest? And here I thought I was being cautious. Brain always jumped over words =:0
I will do the firewall thing.
Sorry, your student mess up
Still struggling, I guess

Hi

It’s the second one on the page under windows

here’s the link if you still can’t find it. 8)

http://javadl.sun.com/webapps/download/AutoDL?BundleId=12798

This will start the download, save it to your desktop.

How is everything? Logs please.

Looks like all is ok; what do U think?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:14:12 PM, on 12/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/go/notebookaccessories
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Adobe Photo Downloader] “C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [BackupNotify] C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI01DA~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132595256252
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = artswish
O17 - HKLM\Software..\Telephony: DomainName = artswish
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = artswish
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = artswish
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

–
End of file - 7372 bytes

The HJT log looks good. Did you run the others?

How did you make out with the java?

And how is yor computer?

What is deckard’s.
Somehow I’m loosing posts to U…I don’t get it…they are not appearing here. this is the 3rd time for combo fix I’m doin’ something stupid AGAIN >:(
Could it be that they are too long? Ah yes, too long and I’m not paying attention. Typical Polish trick
ComboFix 07-12-02.7 - Carol 2007-12-04 18:34:01.1 - NTFSx86
Running from: C:\Documents and Settings\Carol\Local Settings\Temporary Internet Files\Content.IE5\YTCTDBVU\ComboFix[1].exe

• Created a new restore point
  ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  .

C:\WINDOWS\dat.txt
C:\WINDOWS\Downloaded Program Files\Temp
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm

((((((((((((((((((((((((( Files Created from 2007-11-04 to 2007-12-04 )))))))))))))))))))))))))))))))
.

2007-12-03 22:29 . 2007-12-03 22:29 d-------- C:\Program Files\Trend Micro
2007-12-03 20:04 . 2007-12-03 20:04 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-03 20:03 . 2007-12-04 18:22 d-------- C:\Program Files\SUPERAntiSpyware
2007-12-03 20:03 . 2007-12-03 20:03 d-------- C:\Documents and Settings\Carol\Application Data\SUPERAntiSpyware.com
2007-12-03 19:57 . 2007-12-03 19:57 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-28 08:38 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-25 13:25 . 2007-11-24 10:52 284,160 --a------ C:\WINDOWS\pmkret.dll
2007-11-25 13:25 . 2007-11-24 10:53 151,552 --a------ C:\WINDOWS\monhop.exe
2007-11-05 00:06 . 2007-11-05 00:06 d-------- C:\Documents and Settings\Carol\Application Data\Image Zone Express

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-26 03:46 --------- d-----w C:\Program Files\Common Files\HP
2007-10-22 09:09 --------- d-----w C:\Documents and Settings\Carol\Application Data\Move Networks
2007-10-13 13:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-09 23:21 --------- d-----w C:\Program Files\Real
2007-10-09 23:21 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-09 23:20 --------- d-----w C:\Program Files\Common Files\Real
2007-05-29 11:35 389,120 ----a-w C:\Documents and Settings\Carol\GoToAssist_phone__268_en.exe
2007-04-23 23:24 439,296 ----a-w C:\Documents and Settings\Carol\GoToAssist_phone__317_en.exe
2006-02-23 21:11 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-07-30 11:19 167 ----a-w C:\Program Files_FEAD_error.log
2005-07-30 10:48 20,798,256 ----a-w C:\Program Files\AdbeRdr70_enu_full.exe
2005-07-30 09:44 6,811,904 ----a-w C:\Program Files\psa2011se_us.exe
2005-07-28 10:54 494,704 ----a-w C:\Program Files\ytb01_efgsip.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 03:00]
“BackupNotify”=“C:\Program Files\HP\Digital Imaging\bin\backupnotify.exe”
“SUPERAntiSpyware”=“C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe” [2007-06-21 14:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2003-05-03 21:55]
“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-09-06 05:06]
“Adobe Photo Downloader”=“C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe” [2007-03-09 10:09]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-10-10 19:51]
“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2006-02-19 01:41]
“Logitech Utility”=“Logi_MwX.Exe” [2003-12-17 09:50 C:\WINDOWS\LOGI_MWX.EXE]
“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-10-09 18:19]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components[u]0[/u]]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“gormet”= {56ADD755-12F9-4E62-824D-BA46E9413B06} - C:\WINDOWS\gormet.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-04-30 12:32 208958 --a------ C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXDllRegExe]
dxdllreg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\E6TaskPanel]
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -winstart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop for OE]
C:\Program Files\GDS for OE\gdsoe.exe install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2003-10-30 03:33 118784 --a------ C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 10:38 241664 --a------ C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 01:41 49152 --a------ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
2003-05-22 21:55 483328 --a------ C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
c:\Program Files\HP{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2003-10-30 03:46 155648 --a------ C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2005-08-26 18:14 36975 --a------ C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2004-05-26 12:15 536576 --a------ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2004-05-26 12:15 98304 --a------ C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

.

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 18:45:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

.
Completion time: 2007-12-04 18:52:57 - machine was rebooted
.
— E O F —