Tarun

You still have several infections. See below for recommendations. You still have several traces of malware. Did you run SpywareBlaster, CCleaner, CWShredder, Ad-Aware, Spybot and AVG Anti-Spyware? Generated by Tarun's HijackThis Converter v0.50 Beta. Default-color items are optional, red are known to be malicious. Changed registry value R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ Created registry value R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 Changed registry value R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 Created registry value R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://contexualsearch.com/searchbar.html Enumeration of existing IE's BHO's O2 - BHO: (no name) - {1AD71CBA-7F06-75C3-F09C-00027DA5D459} - C:\WINDOWS\System32\kcuyfjb.dll O2 - BHO: (no name) - {2E275F81-808E-E084-8D30-02D5A84D1C85} - C:\WINDOWS\System32\vwjgvii.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll Enumeration of existing IE's toolbars O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: (no name) - {7B6020C8-7F87-70B3-1AAC-B50F918B8A79} - (no file) Enumeration of suspicious auto-loading registry entries O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun O4 - HKLM\..\Run: [uoffxzl.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\uoffxzl.dll,vejahhc O4 - HKLM\..\Run: [opziqk.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\opziqk.dll,ibizbed O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE Extra "Tools" menu items and buttons O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe IE plugins for file extensions or MIME types O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll Changing of IERESET.INF O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople Downloaded Program Files item O16 - DPF: HushEncryptionEngine - https://mailserver2.hushmail.com/shared/Hus...ptionEngine.cab O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/games/clients/y/zt3_x.cab O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab O16 - DPF: Yahoo! MLB StatTracker - http://aud2.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...81/mcinsctl.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://cvs.pnimedia.com/upload/activex/v2_...tupv2.0.0.9.cab? O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys O20 - AppInit_DLLs: c:\windows\system32\awtsqpp.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: winhoo32 - C:\WINDOWS\SYSTEM32\winhoo32.dll ShellServiceObjectDelayLoad (SSODL) autorun Registry key O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) Recommendations: - Uninstall the Yahoo AntiVirus since you have Avast and it is a far superior anti-virus. - Make use of Spybot S&D's SDHelper for IE. Let me know if any of this has helped. I'm not sure why your malware continues to return unless there is an issue with a virus or a strong hijacker.

Welcome to MSFN!

All user pages. How about something official?

Nice catch. I just checked and you're right. I just went to make a shortcut last night and it wasn't there.

OpenDNS makes the Internet experience safer, faster and smarter for you and everyone using your network. Safer - OpenDNS can identify and stop sites trying to phish (steal) your personal information or money. The OpenDNS phishing protection works with all operating systems and browsers, and complements any other security measures already in use, such as a firewall and anti-virus software. Faster - Most DNS servers on the Internet are slow. Your computer uses DNS every time you visit a website or send an email, so you want DNS to be blazing fast. Two things make DNS really fast: a big cache and a good network. We have both. Not to brag, but OpenDNS caches are really big. The bigger and better the cache, the fewer steps in the process, and the faster the Internet experience. Making the OpenDNS caches really big is part of how OpenDNS makes the Internet faster. Speed really matters. You make hundreds of DNS queries a day and every delay adds up. We built our network of OpenDNS caches at the major intersections of the Internet. This keeps us close to you, improving performance. Smarter - We make corrections for common spelling mistakes, on the fly. That means when you are typing fast and type yahoo.cmo instead of yahoo.com you still get there. No annoying pop-ups or evil spyware installed because you made a typo. Things just work. Other benefits - OpenDNS service is free. OpenDNS makes money by serving clearly labeled advertisements on search results pages where we cannot resolve your intent (i.e., not a known typo). There is no software to install, so no switching cost and no lock-in. OpenDNS is easy to start using. We're confident you will prefer our service, but it's easy to return to your old settings. OpenDNS is not an ISP or web host or registrar. We're not ICANN. OpenDNS doesn't proxy or monitor the websites you go to. Read our privacy policy.

Good idea, as you still had some malware in your last log.

Very well said jcarle.

It shouldn't be doing that for a USB drive. It's a plug and play device. First, try a reboot.

Never trust those sites, they get payoffs to be rated best. Trying it on my server and... ...ugh, popup ads while updating? Used Ghost to revert my drive since I had major work to do and just trash AntiVir. Oddly the license was only good from now till the end of February, whereas Avast would be good till the end of next year with a free renewal.

Yeah, I do too! Thanks Zxian for helping verify that the information provided is indeed accurate and correct.

You haven't proven otherwise. Bottom line of this thread is leave your services alone. Don't "tweak" your system by messing with the services.

Here's another one missing. File > New > Shortcut

There actually used to be text appearing when you hovered the flags.

Will there be a detection in the near future for IE7 to clear up these issues?

You are unfortunately still highly infected. Please run SpywareBlaster, CCleaner, CWShredder, Ad-Aware, and Spybot again. You can also run AVG Anti-Spyware (formerly ewido) if you wish. Then please repost your log, as your current log has numerous visible infections that the aforementioned programs remove.

I checked over the files, all of them have SpywareBlaster in them. Windows Defender was removed as it was still beta and not really necessary. Go ahead and scan with Avast, let it do a boot time scan first, then a thorough scan in Windows.

So christopher, you're following my PC Maintenance guide and running the applications from one of the Anti-Malware packages? If so, which package did you get and are you having any problems with anything?

I'd be willing to bet that had you left your install alone as a normal Windows XP install, you wouldn't be having these issues. You disabled or removed a needed service, you can't figure out why, and now you're blaming the OS for your mistakes. If people would just leave Windows XP's services alone and not try to "tweak" them, they wouldn't have any issues with their software or hardware.

Try it, and then get back to me. How come there are no links to prove what you're saying about converting to NTFS is bad? Hm? Did you guys not fully read the test? Didn't say to keep it as NTFS nor did I specify size. Why? Because it is a test and it's a user's choice if they want FAT or NTFS. My 5GB pocket hard drive is converted to NTFS and works far better using NTFS, same with the 256MB stick I have. You should also read about Choosing between NTFS, FAT and FAT32. "Recommended minimum volume size is approximately 10 megabytes (MB)." Note it says a minimum of 10 MB? Therefore, no warning is needed as most USB drives are 128MB+ now-a-days. Tyvm.

You can also read this thread which will help you clean your PC with freeware applications.

Very valid question, as IE7 updates a lot of the files that XPize patches. I was actually just about to post on this myself.

Proof NTFS is better and faster: Take a USB flash drive. Now, copy a 100MB or larger file to it and see how long it takes. Now delete it and test the time it takes to delete it. Now it's back to it's original state so convert it to NTFS via cmd. Copy that same file to the flash drive and then delete it. Tell me which is clearly faster and better.

If you don't report it, they won't be able to fix it. When you report it, they do indeed fix it.

Thread cleaned up so the original poster won't get confused or follow misinformation.

On the Date & Time tab, wasn't this at one time updated for a better looking clock, or did this cause issues? I searched before posting on this and found talk of a similar thing, but wanted to clarify. Perhaps it could be patched again without issues, if that is why it isn't patched now?