bathyid

Hi,

Thanks for taking the time to look at my post.

My computer is infected. Some of the symptoms are that task manager has been disabled. and i am unable to alter my wallpaper.

Here are the results of my symantec scan

D:\WINDOWS\system32\slx.exe�������������������N is infected with Trojan.Galapoper.A
D:\Documents and Settings\Josh.JOSH-15JE4BNRC4\My Documents\Josh\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\C68294D4-C716-4BE4-9415-3109A0\22E739AB-9C11-4528-8303-1F81CE is infected with Adware.TargetSaver
D:\Documents and Settings\Josh.JOSH-15JE4BNRC4\My Documents\Josh\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\A8D614CF-84AD-4714-840F-EB5779\78C1ED88-F32D-49C3-9D31-3C2B99 is infected with Adware.SurfSideKick
D:\Documents and Settings\Josh.JOSH-15JE4BNRC4\My Documents\Josh\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\A12B0E6C-0786-41A5-BA59-8EDA79\9338B753-F0CB-4369-9BCE-3FA0C1 is infected with Trojan.Dropper
D:\Documents and Settings\Josh.JOSH-15JE4BNRC4\My Documents\Josh\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\5F8721E2-C8F6-46D3-B61C-56E7AD\A22EABEE-B84B-46B6-89C0-43C914 is infected with Adware.SurfSideKick
D:\Documents and Settings\Josh.JOSH-15JE4BNRC4\My Documents\Josh\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\28806507-1AD4-40EE-BFEB-4A15BC\8B7FE900-C1B9-4FC8-BB19-3FE040 is infected with Spyware.ISearch
D:\Documents and Settings\Josh.JOSH-15JE4BNRC4\Local Settings\Temporary Internet Files\Content.IE5\KHMF4DEJ\gc2[1] is infected with Downloader
D:\Documents and Settings\Josh.JOSH-15JE4BNRC4\Local Settings\Temporary Internet Files\Content.IE5\8PA7016N\sploit[1].anr is infected with Downloader
D:\Documents and Settings\Josh.JOSH-15JE4BNRC4\Local Settings\Temp\1.dlb is infected with SecurityRisk.Downldr
D:\Documents and Settings\Josh.JOSH-15JE4BNRC4\Local Settings\Temp\5.dlb is infected with Downloader
D:\Documents and Settings\Josh.JOSH-15JE4BNRC4\Local Settings\Temp\6.dlb is infected with Downloader
D:\Documents and Settings\Josh.JOSH-15JE4BNRC4\Local Settings\Temp\7.dlb is infected with Downloader
D:\Documents and Settings\Josh.JOSH-15JE4BNRC4\Local Settings\Temp\Cliprex_WhenUSave_InstallerInst.exe is infected with Adware.Savenow



Below is the hijack this file

Logfile of HijackThis v1.99.1
Scan saved at 19:08:23, on 02/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\bcmwltry.exe
D:\WINDOWS\System32\WgaTray.exe
D:\Program Files\Java\jre1.5.0\bin\jusched.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\wuauclt.exe
C:\HiJack This\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BlazeServoTool] "D:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1153163648365
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...61/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe

any help would be greeatly appreciated

Pancake

Hello and welcome...

Visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/active...n_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall.trendmicro.com/hou.../start_corp.asp
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

=======

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml


Once in Safe Mode, please run Ewido, and run a full scan. During the scan it will prompt you to clean files, click OK.
Save the logfile from the scan.

Reboot normally after doing the above, rescan with hijackthis, then post that log here please, along with the log from Ewido.

__________________

bathyid

hi, thanks for replying.

Here is my hjt log

Logfile of HijackThis v1.99.1
Scan saved at 23:30:25, on 04/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\WgaTray.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\WINDOWS\System32\bcmwltry.exe
D:\Program Files\Java\jre1.5.0\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\System32\wuauclt.exe
C:\HiJack This\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BlazeServoTool] "D:\Program Files\BlazeVideo\BlazeDVD4 Professional\MediaDetector.exe"
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1153163648365
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...61/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - D:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe

and here is the ewido log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 23:24:11 04/10/2006

+ Scan result:



D:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Ignored.
C:\apps\ac\apps\ABBYY_FineReader_5.0.293_Office_Try_and_Buy.zip/TNT-Fine.Reader.5.0.293_CRK.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\apps\ac\apps\TNT-Fine.Reader.5.0.293_CRK.zip/TNT-Fine.Reader.5.0.293_CRK.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
D:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe -> Backdoor.Virkel.A : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{32136FF5-4C90-4827-B91A-D5576C8D1763}\RP84\A0020681.exe -> Downloader.Tibs.dr : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{32136FF5-4C90-4827-B91A-D5576C8D1763}\RP85\A0020762.exe -> Downloader.Tibs.if : Cleaned with backup (quarantined).
D:\WINDOWS\system32\slx.exe�������������������N -> Downloader.Tibs.if : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{32136FF5-4C90-4827-B91A-D5576C8D1763}\RP84\A0020680.exe -> Hijacker.Spywad.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{32136FF5-4C90-4827-B91A-D5576C8D1763}\RP84\A0020677.exe -> Hijacker.Spywad.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{32136FF5-4C90-4827-B91A-D5576C8D1763}\RP84\A0020695.exe -> Hijacker.Spywad.o : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-436374069-220523388-839522115-1003\De9.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).


::Report end

Pancake

I see you are not running any Service Packs. Please save and run the download.It will copy the results to your clipboard. Will you copy and paste them back here please.

http://go.microsoft.com/fwlink/?linkid=52012

__________________

bathyid

Diagnostic Report (1.5.0555.0):
-----------------------------------------
WGA Data-->
Validation Status: Blocked VLK
Windows Product Key: *****-*****-4RHJG-83M4Y-7X9GW
Windows Product Key Hash: 5CG2aCaHENU8LMWFFoQ/184emQ0=
Windows Product ID: 55274-649-6478953-23876
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.0.0.pro
ID: 5ec557c6-9098-44e3-919c-7589341aff60
Is Admin: Yes
AutoDial: No
Registry: 0x0
WGA Version: Registered, 1.5.540.0
Signed By: Microsoft
Validation Diagnostic: 63BB5E84-862-80004005
Resolution Status: N/A

System Scan Data-->
Scan: Complete
Cryptography: Complete

Notifications Data-->
Cached Result: 3
File Exists: Yes
Version: 1.5.540.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Data-->
Office Status: 114
Office Diagnostics:

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: D:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>5ec557c6-9098-44e3-919c-7589341aff60</UGUID><Version>1.5.0555.0</Version><OS>5.1.2600.2.00010100.0.0.pro</OS><PKey>*****-*****-*****-*****-7X9GW</PKey><PID>55274-649-6478953-23876</PID><PIDType>1</PIDType><SID>S-1-5-21-602162358-1177238915-725345543</SID><SYSTEM><Manufacturer>ASUSTeK Computer INC.</Manufacturer><Model>A7N8X-X</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>ASUS A7N8X-X ACPI BIOS Rev 1007</Version><SMBIOSVersion major="2" minor="2"/><Date>20031007******.******+***</Date></BIOS><HWID>79B131870184A059</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57637</Pid></Product></Products></Office></Software></GenuineResults>

Pancake

IMPORTANT!:

Before we can proceed any further, please visit the Microsoft's Windows Update Page http://v4.windowsupdate.microsoft.com/default.asp and install ALL Critical Updates for your system (except service pack 2 (SP2)). SP2 should only be installed on a fully disinfected system. At the minimum install at least SP1a for both XP and IE6. Without these updates your system is wide open to re-infection and we are both wasting our efforts to clean your system. After we have completed your clean-up, we will have you return to the Windows Update page and install SP2. We will also then advise you on how to better protect yourself online.

Please apply those updates BEFORE posting your next log. It is this forum's policy to stop the disinfection process until these basic updates are done. If during the updating process you get a message that your product key is invalid ....then you may not have a legitimate copy of Windows XP. Unfortunately it’s also this forums policy that we only address users with a legal copy of Windows XP.... therefore if you can not update Windows XP to SP1 we must stop the cleansing process here.

Thank you for your cooperation.

__________________