I'm Not Sure What The Entire Problem Is...

RescueRenee · December 8, 2006

Hi! I'm new here and I hope someone can help me. I usually try to fix things myself, but this is over my head. I have my logfile below. Brief description of my problem: About 2 weeks ago, my son was on the computer and when I came back into the room, I had a blue screen that said "UNMOUNTABLE_BOOT_VOLUME" and a bunch of other stuff. Everytime I tried to restart, I had to turn it off instead of shutting it down and then no matter what I did, it went right back to the blue screen. I did some googling and tried booting from the disk. I was able to finally get back into the computer. I thought my problem was solved. I am not sure what I did when I booted from the disk...I think I repaired windows, but I'm not sure...I really could be wrong. I didn't want to reformat because I wasn't sure what steps to take. I reformatted once before with tech support on the phone walking me through every step, but now that call will cost me alot of money because my warranty is expired. :blush:

Anyway things were fine until I shut it down that night and the next morning turned it on again and the same thing happened. I went back through all the steps and things were seemingly fine again.

Now, every time I turn on the computer, I have to hit F8 and "Start Windows Normally" or some such thing.

Ok, fast forward to a day or so ago. I have run AdAware, defragged, ran anti-virus program, etc. Avast did find a virus, but I can't remember now what it was called. Then last night it found 2 more...Win32:Renos-P[Tool]...

I also have a thing flashing in my toolbar that tells me I have "Critical System Errors"...VirusBurster I believe it's called. The program that lies to you telling you that you have something majorly wrong with your computer...course in my case it's not lying. LOL Anyway, I also noticed something else new in the taskbar today besides virusburster...key generator. I've never seen it before and when I went in to uninstall it, it tells me I need to reboot before uninstalling. That just didn't sound right to me.

I did download a free scan called spyhunter and it found lots of stuff that the other programs didn't find, but it wants me to pay $30 to get rid of them. While I seriously considered it because basically I'm sick of messing with the problem and am ready to just chuck the whole thing, I came here at the advice of a friend first. I hope I've told you enough...any other info needed, please let me know, I'll tell you what I can.

Here's my logfile:

Logfile of HijackThis v1.99.1

Scan saved at 7:27:09 AM, on 12/8/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Canon\MultiPASS\mpservic.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://p104.ezboard.com/bcrossstitchcrazy99277

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\Program Files\BellSouth Internet Tools\blspc.dll

O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKLM\..\Run: [spyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe

O4 - HKLM\..\RunOnce: [RunOnceEx] rundll32.exe C:\WINDOWS\System32\iernonce.dll,RunOnceExProcess

O4 - HKCU\..\Run: [Weather] G:\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://G:\PROGRA~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - G:\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {67B50696-04BA-48ea-A697-28AA0EAA9C26} - file://C:\Program Files\MyPoints_PointAlert\Sy800\Tp800\myptC03.htm (file missing) (HKCU)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab

O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab

O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab

O16 - DPF: YExplorer1_8US.CAB - http://photos.groups.yahoo.com/ocx/us/yexplorer1_8us.cab

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.accelerator.bellsouth.net/sdcco...oad/tgctlcm.cab

O16 - DPF: {01118A01-3E00-11D2-8470-0060089874ED} (SupportSoft Script Runner Class) - https://password.bellsouth.net/sdccommon/do...oad/tgctlsr.cab

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633

O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://www.pbcprc.com/CFIDE/classes/CFJava.cab

O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll

O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.com/applets/activex/shiz...pside_web18.cab

O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintcenter.com/plugin/axvers...ntquick1611.cab

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php...5271ab95b94951b

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab

O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} - http://www.otxresearch.com/OTXMedia/OTXMedia.dll

O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab

O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab

O16 - DPF: {8401528F-C7D8-446D-8A01-F8DA9491FBB1} (DcaDiagCtrl Class) - http://www.consumerinput.com.edgesuite.net/bot/BotCtrl.cab

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c17.cab

O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} - http://www.zango.com/GetZango/Download/zangoax.cab

O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com/cp/install/AxCtp2.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/pla...0/Installer.exe

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab

O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab

O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livesc03.rightnowtech.com/7021-b382...l/java/RntX.cab

O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{51A5E21E-64EF-4E0A-AD65-47933AEB1AE8}: NameServer = 205.152.37.23 205.152.132.23

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\System32\vcehaeb.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

O23 - Service: MPService - Canon Information Systems, Inc. - C:\Program Files\Canon\MultiPASS\mpservic.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

therock247uk · December 8, 2006

Please download SmitfraudFix (by S!Ri)

Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).

Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

http://www.beyondlogic.org/consulting/proc...processutil.htm

RescueRenee · December 8, 2006

I'm not sure if I understood correctly, but I did not see where to select option#1 when I double clicked smitfraudfix.cmd. When I clicked on it, I got a red box that tells me "Fichier Process.exe absent! Process.exe file missing! Press any key to continue"

Did I do something wrong?

Renee

therock247uk · December 8, 2006

Did you unzip all of SmitfraudFix.zip to a folder?

RescueRenee · December 8, 2006

I saved the zip file to a folder on the desktop then opened it and double clicked the file you said...is that what you meant for me to do? Sorry, I'm really lost when it comes to these kinds of problems. *sigh*

therock247uk · December 8, 2006

Ah right click the zip file click extract all it should make a folder with the same name go into the folder then double click the file.

RescueRenee · December 8, 2006

Sorry, 'bout that....got it this time....

SmitFraudFix v2.128

Scan done at 9:48:08.60, Fri 12/08/2006

Run from C:\Documents and Settings\Owner\Desktop\fraudfix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

C:\WINDOWS\system32\vcehaeb.dll FOUND !

Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â» C:\Documents and Settings\Owner\Application Data

C:\DOCUME~1\Owner\STARTM~1\Programs\Key Generator FOUND !

C:\Program Files\Key Generator\ FOUND !

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"

[HKEY_CLASSES_ROOT\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32]

@="C:\WINDOWS\System32\vcehaeb.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32]

@="C:\WINDOWS\System32\vcehaeb.dll"

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

therock247uk · December 8, 2006

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd

Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

RescueRenee · December 9, 2006

Wonderful! The flashing thingy is gone!! My desktop picture is also gone, but I fixed that. You're a doll for helping me! Thank you so much!!!

Oh, I have one other question...when I start up windows, and right after I click on my account, I get an error message that says

"Your system has no paging file, or the paging file is too small. To fix this problem......."

I have done what it says to do, but I still get that message every time. Any ideas?

therock247uk · December 9, 2006

Lets just make sure your rid of malware first...

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

I also need to see the log Smitfraudfix made on the 2nd option.

RescueRenee · December 10, 2006

Sorry it took me so long to reply.

I am downloading now from Panda's website. Of course, on dial up, it will take awhile. In the meantime, here is the log you asked for.

SmitFraudFix v2.128

Scan done at 17:42:31.06, Fri 12/08/2006

Run from C:\Documents and Settings\Owner\Desktop\fraudfix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{9d635a36-6b3c-4146-8625-f3aaf507bbf8}"="flammei"

[HKEY_CLASSES_ROOT\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32]

@="C:\WINDOWS\System32\vcehaeb.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}\InProcServer32]

@="C:\WINDOWS\System32\vcehaeb.dll"

therock247uk · December 10, 2006

Is that the full log from Smitfraudfix? Looks like some got cut of...

RescueRenee · December 10, 2006

I copied and pasted into notepad when I ran it and saved the notepad file...that's what I copied and pasted from there. Is there some way to see the log from that day? I looked in the folder, but see no way to bring it back up. Should I run it again?

RescueRenee · December 10, 2006

ActiveScan keeps telling me there was an error downloading and to repeat the process. I've gotten this twice...will try again.

RescueRenee · December 10, 2006

I've tried running it three times and it keeps telling me there was an error : "An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again" I'll reboot and try one more time.

Renee

RescueRenee · December 10, 2006

Now I've rebooted, and still getting the same error message. Is there anything further I can do?

therock247uk · December 11, 2006

First download AVG Anti-Spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

Select "Automatically generate report after every scan"
Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

RescueRenee · December 11, 2006

Ok, I have AdAware...is it not sufficient? I will download the AVG if I need to. I also have Spybot S&D. Anyway, I am in the midst of downloading the SP2 update for windows at the moment....do I need to cancel it and go ahead and d/load AVG?

RescueRenee · December 11, 2006

Ok, I'm downloading AVG now. I'll follow your instructions and reply when done. Not sure how long it will be since dial up really sucks when it comes to downloading something.

RescueRenee · December 11, 2006

Ok, done with all that. I got a "No Reports Available" message when AVG finished scanning.

therock247uk · December 12, 2006

Ok post a new Hijackthis log here in a reply.

RescueRenee · December 12, 2006

Logfile of HijackThis v1.99.1

Scan saved at 3:00:18 PM, on 12/12/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\Program Files\Canon\MultiPASS\mpservic.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

G:\AWS\WeatherBug\Weather.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\WgaTray.exe

C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE

C:\WINDOWS\system32\spider.exe