Need a little help

[quest7]

This hard drive was so bad that I had to hook it up to my puter as a slave drive just to scan it(see attach). Now I think I almost got it but still need you guys to look it over. Also the system doesn't recognize the cd roms, and the system says the C and A drives are using ms-dos compatibilty mode file system, and I can't update winME on the microsoft site. Any ideas? Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 6:03:47 PM, on 8/15/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\PROGRAM FILES\LEXMARKX83\ACBTNMGR_X83.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINME\HIJACKTHIS1991.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {69ABFC5B-710E-3711-A3F9-F8DFB0F99127} - C:\WINDOWS\SYSTEM\MSYH32.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [D3TO32.EXE] C:\WINDOWS\SYSTEM\D3TO32.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPLUGIN2.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab

__________________________________________________

BitDefender Online Scanner



Scan report generated at: Mon, Aug 15, 2005 - 17:51:46





Scan path: A:\;C:\;







Statistics

Time
00:24:58

Files
53136

Folders
2057

Boot Sectors
2

Archives
558

Packed Files
9438




Results

Identified Viruses
2

Infected Files
11

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
21




Engines Info

Virus Definitions
200161

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13
Archive plugins
38
Unpack plugins
4
E-mail plugins
6
System plugins
1

Scan Settings
First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\WINDOWS\inbucq.dat
Infected with: GenPack:Trojan.Downloader.Agent.BQ

C:\WINDOWS\inbucq.dat
Disinfection failed

C:\WINDOWS\inbucq.dat
Deleted

C:\Recycled\Dd129.PIF=>(Quarantine-2)
Infected with: Win32.Worm.Bropia.M

C:\Recycled\Dd129.PIF=>(Quarantine-2)
Deleted

C:\Recycled\Dd130.PIF=>(Quarantine-2)
Infected with: Win32.Worm.Bropia.M

C:\Recycled\Dd130.PIF=>(Quarantine-2)
Deleted

C:\Recycled\Dd131.PIF=>(Quarantine-2)
Infected with: Win32.Worm.Bropia.M

C:\Recycled\Dd131.PIF=>(Quarantine-2)
Deleted

C:\Recycled\Dd132.PIF=>(Quarantine-2)
Infected with: Win32.Worm.Bropia.M

C:\Recycled\Dd132.PIF=>(Quarantine-2)
Deleted

C:\Recycled\Dd133.PIF=>(Quarantine-2)
Infected with: Win32.Worm.Bropia.M

C:\Recycled\Dd133.PIF=>(Quarantine-2)
Deleted

C:\Recycled\Dd134.PIF=>(Quarantine-2)
Infected with: Win32.Worm.Bropia.M

C:\Recycled\Dd134.PIF=>(Quarantine-2)
Deleted

C:\Recycled\Dd135.PIF=>(Quarantine-2)
Infected with: Win32.Worm.Bropia.M

C:\Recycled\Dd135.PIF=>(Quarantine-2)
Deleted

C:\Recycled\Dd136.PIF=>(Quarantine-2)
Infected with: Win32.Worm.Bropia.M

C:\Recycled\Dd136.PIF=>(Quarantine-2)
Deleted

C:\Recycled\Dd137.PIF=>(Quarantine-2)
Infected with: Win32.Worm.Bropia.M

C:\Recycled\Dd137.PIF=>(Quarantine-2)
Deleted

C:\Recycled\Dd138.PIF=>(Quarantine-2)
Infected with: Win32.Worm.Bropia.M

C:\Recycled\Dd138.PIF=>(Quarantine-2)
Deleted


____________________________________________________


Creation date of the report file: Monday, August 15, 2005 16:02

AntiVir®/9x PersonalEdition Classic
Build 1047 vom 07.06.2005
Mainprogram 6.31.00.03 of 10.05.2005
VDF file 6.31.1.117 (0) of 15.08.2005


This program is for PERSONAL USE only.
Any other use is PROHIBITED.
Informations regarding commercial versions of AntiVir may be obtained from:
www.hbedv.com.


Scanning for 201577 virus strains and unwanted programs.

Licensed for: AntiVir Personal Edition
Serial number: 0000149996-WURGE-0001

Please enter the workstation and
contact name with phone number in this form:

Name ___________________________________________

Street ___________________________________________

Town ___________________________________________

Phone/Fax ___________________________________________

Email ___________________________________________

Platform: Windows 98
Windows version: 4.90.3000
Username: default
Processor: Pentium
Working memory: 130024 KB free

Version information:
AVWIN.DLL : 6.31.00.03 561192 10.05.2005 16:50:16
AVEWIN32.DLL : 6.31.1.0 823808 19.07.2005 17:54:12
SYS_RW16.DLL : 6.19.0 12800 25.10.2004 12:33:28
SYS_RW32.DLL : 6.19.0 16384 25.10.2004 12:33:28
AVGCTRL.EXE : 6.31.00.03 114743 19.05.2005 12:28:52
AVGUARD.VXD : 6.31.1.0 540775 19.07.2005 17:54:10
AVPACK32.DLL : 6.31.00.03 323664 25.05.2005 10:43:02
AVGETVER.DLL : 6.30.00.00 24576 28.01.2005 18:10:20
AVWIN.DLL : 6.31.00.03 561192 10.05.2005 16:50:16
AVSHLEXT.DLL : 6.30.00.01 40960 28.01.2005 18:10:22
AVSched32.EXE : 6.30.00.00 110632 01.02.2005 11:24:10
AVSched32.DLL : 6.30.00.00 122880 01.02.2005 11:24:10
AVREG.DLL : 6.30.00.03 41000 10.02.2005 18:47:48
AVRep.DLL : 6.31.01.110 1282088 15.08.2005 15:58:58
INETUPD.EXE : 6.31.00.02 249915 29.04.2005 08:07:14
INETUPD.DLL : 6.31.00.02 143360 29.04.2005 08:07:14
MFC42.DLL : 6.00.8665.0 995383 08.06.2000 17:00:00
MSVCRT.DLL : 6.10.8637.0 290869 08.06.2000 17:00:00
CTL3D32.DLL : 2.31.000 45056 08.06.2000 17:00:00
CTL3DV2.DLL : 2.31.001 27632 08.06.2000 17:00:00

Configuration file:

Name of configuration file: C:\PROGRAM FILES\AVPERSONAL\AVWIN.INI
Name of report file: C:\PROGRAM FILES\AVPERSONAL\LOGFILES\AVWIN.LOG
Start path: C:\PROGRAM FILES\AVPERSONAL
Command line:
Start mode: unknown

Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report

Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information

Abridge report file:
[ ] Abridge report file

Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged

Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100

Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[ ] All files
[X] Program files
Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

Response in case of a detection:
[X] Repair with prompt
[ ] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[X] Acoustic alarm

Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore

Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date

Drag&drop settings:
[X] Scan subdirectories

Profile settings:
[X] Scan subdirectories

Archive options
[X] Search archive
[X] All archive types

Miscellaneous options:
Temporary path: %TEMP% -> C:\PROGRAM FILES\AVPERSONAL\BUILD.DAT
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[X] Load AVWin®/9x Guard on System start

General settings:
[X] Save options on exiting AntiVir
Priority: medium

Drives:
A: Floppy drive
C: Hard disk

Start of scan: Monday, August 15, 2005 16:02

Memory test OK
Master boot record of hard disk HD0 OK
Boot record of drive C: OK


C:\WINDOWS\SYSTEM
atlbs.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.bcj.1
WAS DELETED!
C:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery
AlexaRelated.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
FunWebProducts.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CometCursors.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
GAINDashBar.zip
ArchiveType: ZIP
NOTE! No files to extract.
GAINDashBar1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
GAINGator.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
GAINGator1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
GAINGator2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
GAINGator3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
GAINGator4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
GAINGator5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
GAINGator6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechISTactiveX.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechISTsvc.zip
ArchiveType: ZIP
NOTE! No files to extract.
ISearchTechSideFind.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ISearchTechSlotch.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWebSearch.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
nCase.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
webHancer.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
webHancer1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
webHancer2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
webHancer3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
webHancer4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AlexaRelated1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin18.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin19.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin20.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MoeMoney.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
TIBS1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
TIBS3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
TIBS4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
TIBS5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SolutionsZango.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SolutionsZango1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SolutionsZango2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
SolutionsZango3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AbetterInternet.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
AbetterInternet1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
HuntBar.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CallingHomebiz4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAboutblank17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow18.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow19.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow20.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow21.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow22.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow23.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow24.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow25.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow26.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow27.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow28.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow29.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow30.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow31.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow32.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchAffWinshow33.zip
ArchiveType: ZIP
NOTE! No files to extract.
CoolWWWSearchHomeSearch.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchHomeSearch1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchHomeSearch2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchHomeSearch3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearch.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ExactAdvertisingBargainsBuddy.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ExactAdvertisingBargainsBuddy1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ExactAdvertisingBargainsBuddy2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ExactAdvertisingBargainsBuddy3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
ExactAdvertisingBargainsBuddy4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
HotsearchBar.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
HotsearchBar1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
HotsearchBar2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IBISToolbar.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin21.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin22.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin23.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin24.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin25.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin26.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin27.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin28.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin29.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin30.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin31.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin32.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin33.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin34.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin35.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin36.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin37.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin38.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin39.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin40.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin41.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin42.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin43.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
IEPlugin44.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MoeMoney1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Phynix.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
PSGuard.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
TrekBlueErrorNuker.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
TrekBlueErrorNuker1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
TrekBlueErrorNuker2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWayMyBar.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchHomeSearch4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWayMyBar1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWayMyBar2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWayMyBar3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWayMyBar4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWayMyBar5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWayMyBar6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MyWayMyBar7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
TrekBlueErrorNuker3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
TrekBlueErrorNuker4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
TrekBlueErrorNuker5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite10.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite11.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite12.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite13.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite14.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite15.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite16.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite17.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite18.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite19.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite20.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite21.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite22.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite23.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite24.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite25.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite26.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite27.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite28.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite29.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite30.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite31.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite32.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite33.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite34.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite35.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite36.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite37.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite38.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite39.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite40.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite41.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite42.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite43.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite44.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite45.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite46.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite47.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite48.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite49.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite50.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite51.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite52.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite53.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite54.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
BackWeblite55.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchHomeSearch5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
CoolWWWSearchHomeSearch6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
C:\DELL
wbt.dat
ArchiveType: ZIP
NOTE! The whole archive is password protected
C:\Recycled
Dd141.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Dd142.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Dd124.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Dd125.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected

End of scan: Monday, August 15, 2005 16:19
Time taken: 17:10 min


2051 directories were scanned
28875 files were scanned
0 warning messages were issued
1 file was deleted
0 files were repaired
1 detection

[POADB]

Please download CleanUp! (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Do not run it yet!

Download, install, update, configure and run a scan with Ad-aware SE v1.06:

1. Download and Install AdAware SE Personal, keeping the default options. However, some of the settings will need to be changed before your first scan.
2. Close ALL windows except Ad-Aware SE.
3. Click on the ‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.
4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window:
   1. In the ‘General’ window make sure the following are selected in green:
      1. Under [Safety]:
         • Automatically save log-file
      2. Automatically quarantine objects prior to removal
      3. Safe Mode (always request confirmation)
   2. Under [Definitions]:
      • Prompt to update outdated definitions - set the [number of days]
5. Click on the ‘Scanning’ button on the left and select in green:
   1. Under [Driver, Folders & Files]:
      • Scan Within Archives
   2. Under Select drives & folders to scan:
      • choose all hard drives
   3. Under [Memory & Registry]: all green
      • Scan Active Processes
      • Scan Registry
      • Deep Scan Registry
      • Scan my IE favorites for banned URL’s
      • Scan my Hosts file
6. Click on the [‘Advanced’] button on the left and select in green:
   1. Under [Shell Integration]:
      • Move deleted files to recycle bin
   2. Under [Logfile Detail Level]: all green
      • include addtional object information
      • DESELECT - include negligible objects information
      • include environment information
   3. Under [Alternate Data Streams]:
      • Don't log streams smaller than 0 bytes
      • Don't log ADS with the following names: [CA_INOCULATEIT]
7. Click the ‘Tweak’ button and select in green:
   1. Under [Scanning Engine]:
      • Unload recognized processes during scanning
      • Scan registry for all users instead of current user only
   2. Under [Cleaning Engine]:
      • Let Windows remove files in use at next reboot
   3. Under [Log Files]:
      • Include basic Ad-aware SE settings in logfile
      • Include additional Ad-aware SE settings in logfile
      • Please do not Select: Include Module list in logfile
8. Click on ‘Proceed’ to save the settings.
9. Click ‘Start’
10. Choose 'Perform Full System Scan'
11. DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.
12. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.
13. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window
    
14. Right-click on the list and choose [Select All]
15. Click the [Next] button to finish removing the items that were found
    
16. When finished, REBOOT to complete the removal of what Ad-Aware SE found

~~~~~~~~~~~~~~~

Download Spybot S&D.

1. After you have installed it, Click on the Search for Updates button. Install any updates that are available.
2. Go to the Mode menu and choose Advanced Mode.
3. Next click on Immunize to your left.
4. In the ensuing window, Click the Immunize button (green cross) on top to Immunize your computer - you should do this each time there is an update.
5. Click on the 'Spybot-S&D' option on the top left to go back to the main screen.
6. Click on the Check for Problems button. Let it run the scan.
7. If it finds something, Select all those in RED and hit the Fix Selected Problems button.
8. Exit Spybot.

If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix and install it over the current Spybot installation.


~~~~~~~~~~~~~~~

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files
  [X]Scan local drives for temporary files (Please uncheck this option)
• Cleanup! All Users

Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep stored in these locations, Move them now!!!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).

• Save it to your desktop.
• Double-click the new icon on your desktop (tmas-web-scan.exe)
• It will say "Loading TrendMicro definitions".
• Once the definitions are loaded, the program will appear to close then re-open.
• Click "Start Scan"
• After it's done scanning, click "Scan Results"
• Make sure all items found have a check next to them, then click "Clean Threats Now".
• Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Perform an online scan in Internet Explorer with Panda ActiveScan

1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
2. Click On 'Scan Now'
3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
4. Begin the scan by selecting My Computer
   * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
5. If it finds any malware, it will offer you a report. Click on see report
6. Then click Save report
7. Post the contents of the report in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

[quest7]

Hello POADB, Thanks for the reply(again)!,

Had some problems saving log files for Trend Micro™ Anti-Spyware for the Web Utility and virus scan, could not get Panda's scanner to download. The virus scan was negitive. Spybot and the utility found: coolweb search, spyw winves.a, dial ras.as . All were removed.

I still have three issues that are unresolved(May have to go to ME forum?).

1. Cannot update ME. Gets to searching for updates screen and all activity ends.

2. System reports that the C and A drives are using ms-dos compatibilty mode file system.

3. CD drives not seen by system.

_________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 2:23:23 PM, on 8/16/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\PROGRAM FILES\LEXMARKX83\ACBTNMGR_X83.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINME\HIJACKTHIS1991.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {69ABFC5B-710E-3711-A3F9-F8DFB0F99127} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\Run: [D3TO32.EXE] C:\WINDOWS\SYSTEM\D3TO32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPLUGIN2.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

[POADB]

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Download CWShredder at http://www.greyknight17.com/spy/CWShredder.exe and run it. Click on 'I Agree' button if you agree. Click on 'Fix' (it will automatically fix anything it finds for you) and then click OK. If it asks if you want to delete a certain random file, choose No and post that filename here. Let it finish the scan and then hit Next and Exit.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers.
Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {69ABFC5B-710E-3711-A3F9-F8DFB0F99127} - (no file)
O4 - HKLM\..\Run: [D3TO32.EXE] C:\WINDOWS\SYSTEM\D3TO32.EXE

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\SYSTEM\D3TO32.EXE

Restart and run a new HijackThis scan. Save the log file and post it here.

Do an online scan at one of the following sites:

• Panda ActiveScan
• Kaspersky Anti-Virus Web Scanner
• BitDefender Online Scanner
• Trend Micro™ HouseCall

Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In your next post, please include fresh logs from:

1. HiJackThis
2. Online scan

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[quest7]

Logfile of HijackThis v1.99.1
Scan saved at 8:20:02 PM, on 8/16/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\LEXMARKX83\ACMONITOR_X83.EXE
C:\PROGRAM FILES\LEXMARKX83\ACBTNMGR_X83.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\USBMONIT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINME\HIJACKTHIS1991.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [USBMonit.exe] "C:\WINDOWS\SYSTEM\USBMonit.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [MSNIA] C:\PROGRA~1\MSN\MSNIA\MSNIASVC.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe" -quiet
O4 - Startup: MICROSOFT WORKS CALENDAR REMINDERS.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\NPQTPLUGIN2.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.dellnet.com/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...bscan_ansi.cab

_______________________________________________________

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, August 16, 2005 20:16:18
Operating System: Microsoft Windows Millennium Edition
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 17/08/2005
Kaspersky Anti-Virus database records: 135559
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
a:\
c:\

Scan Statistics:
Total number of scanned objects: 23591
Number of viruses found: 1
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 3553 sec

Infected Object Name - Virus Name
c:\Program Files\AVPersonal\INFECTED\F1EEF153.30C Infected: Trojan.Win32.Agent.bi
c:\Program Files\AVPersonal\INFECTED\C7049DE8.2FB Infected: Trojan.Win32.Agent.bi

Scan process completed.

[POADB]

You can empty this folder:

c:\Program Files\AVPersonal\INFECTED\ - as it only contains viruses.

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).

• Save it to your desktop.
• Double-click the new icon on your desktop (tmas-web-scan.exe)
• It will say "Loading TrendMicro definitions".
• Once the definitions are loaded, the program will appear to close then re-open.
• Click "Start Scan"
• After it's done scanning, click "Scan Results"
• Make sure all items found have a check next to them, then click "Clean Threats Now".
• Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.

If there is no improvement after this scan, you will be clear to seek help from the Windows Forum.

[quest7]

I was able to resolve the other three issues I had, and it looks like the log is clean. If you don't have anything else POADB, I thankyou again for helping me finish off another one.


Started Scanning
Files and Directories
Programs in Memory
Internet URL Shortcuts
Internet Cookies
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'questionmarket.com' in 'Internet Explorer Cache'

Windows Registry
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning

[POADB]

Your log is clean. Well done
Do you have any more problems with your computer? If not, you should be set to go.

However, there still remains a few bits of housekeeping ...

Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Clear Java Cache

1. Click Start >Settings>Control Panel
2. Click the Java Plugin Icon
3. Click the Cache tab
4. Click the Clear button and click OK to confirm

Note: Please repeat this procedure for each "Java Plugin" button in your Control Panel

Follow the instructions outlined here to clear Sun Java's cache.


Create a new System Restore point

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Keep my computer up to date"
• Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard to catch and block spyware before it can execute.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

If you do not have a firewall, here are 3 free ones available for personal use:

• Sygate Personal Firewall
• Kerio Personal Firewall
• ZoneAlarm

In light of your recent hiccup, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.

[quest7]

This thread is resolved. Thanks again POADB!