Tarun

Have you already run Ad-Aware and Spybot S&D? I can still see some malware in there that those should have put the zap on. First, download this Anti Malware Package, it contains everything you need to effectively clean your computer. Next, refer to this PC Maintenance website, as it will tell you the settings you need and everything to effectively clean your computer. Then you can repost your Hijack This log here.

Wow. Looks just like PerfectDisk 7 and WS_FTP Pro.

Here's one a bit closer to your post. http://ftp.mozilla.org/pub/mozilla.org/fir...2.installer.exe

Changed registry value, safe to remove: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway Created registry value, safe to remove: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/redir....ystempopup=true Enumeration of existing IE's toolbars, safe to remove: O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) Enumeration of suspicious auto-loading registry entries, safe to remove: O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QBReminderFlash] "C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe Extra 'Tools' menu items and buttons, safe to remove: O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll Download Program Files item, safe to remove: O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB Enumeration of existing protocols and filters, safe to remove: O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll You may want to look into Real Alternative and Quicktime Alternative as well. It appears you're running a laptop as well. With all the items that you have loading at startup (the ones that are safe to remove are mentioned above) it would explain some of why you're system is slow. Hope this helps!

If you don't mind, repost your log again to be sure you're fully clean. I'll upload the newest package and give you the link. Anti-Malware Package (Mirror, so not updated often.)

I notice you're using Hijack This 1.97.7. You may want to consider reposting your log after using version 1.99.1

Source: CNN Pope John Paul II dies at 84 John Paul II, whose 26-year reign as the charismatic leader of the world's 1 billion Roman Catholics was highlighted by visits to 129 countries, died Saturday. He was 84. The pope -- known for his energy, intellectualism and activism on the global stage -- died Saturday night at his apartments in the Vatican. His health had been deteriorating severely for several weeks and he had battled Parkinson's disease and crippling arthritis for years. The Vatican said Saturday morning that John Paul II had slipped in and out of consciousness after his heart and kidneys started to fail after a urinary tract infection. Vatican spokesman Joaquin Navarro-Valls said that despite his precarious health, the pope had decided to remain in his residence at the Vatican, rather than returning to Gemelli hospital in Rome, where he had been hospitalized twice since February. He was administered the sacrament of anointing the sick, formerly known as last rites or extreme unction, on Thursday night. Pilgrims, tourists and Italians filled St. Peter's Square on Saturday, hours after tens of thousands of people packed the vast space in a nighttime vigil. Friday night, thousands of people gathered in Krakow, Poland -- where John Paul served as archbishop before becoming pope -- at the archbishop's residence, many carrying candles and crying. People in the crowd prayed and sang for their fellow Pole. "To Polish people, he is an icon," said Alicja Kapusciarz, a Polish-American woman in Washington. Lengthy reign as pope Rising from humble beginnings in pre-World War II Poland, he was the most widely traveled pope in history and was the first to visit the White House, a synagogue and communist Cuba. Only two of his 263 predecessors served longer than he did -- St. Peter, the first pope, and Pius IX in the 19th century. Supporters and critics alike agree on the immense significance of his papacy. He played a key role in the fall of communism and brought the Catholic message in person to an unprecedented number of people. He drew enormous crowds in his public appearances and was known for his courage and integrity. A profoundly conservative leader, he reaffirmed many of the church's stances on issues such as abortion, homosexuality and the role of women in the church. Despite criticism, he remained unwavering on those and other stances, including his preference for centralized authority within the church, which some saw as hindering a move toward a more democratic church. Chronic illnesses The pope suffered from severe hip and knee ailments and Parkinson's disease, a progressive neurological disorder that can make breathing and swallowing difficult. On February 24, doctors performed a tracheotomy to help him breathe, as he struggled to recover from a bout of flu that hospitalized him. On Wednesday, a feeding tube was put down his nose into his stomach to provide additional nutrition. The feeding tube was inserted shortly after the pope's regular weekly audience, where he appeared at the window of his study overlooking St. Peter's Square for about four minutes. Unable to speak, he used hand gestures to bless thousands of people who gathered for a glimpse of him. On Easter, the pope also tried to speak to the crowds but could not get out the words. Ill health forced him to miss several events during Holy Week preceding Easter. Papal legacy John Paul was born Karol Jozef Wojtyla on May 18, 1920, in Wadowice, Poland. After his ordination as a priest in November 1946, he rose steadily through the church hierarchy, becoming archbishop of Krakow in 1964. He was elevated to cardinal in a secret consistory in 1968 and formally installed in a Vatican ceremony days later. Despite his reputation as a formidable theologian and fearless defender of Catholic interests, his election as pope October 16, 1978 -- the first-ever Slavic pope and the first non-Italian to occupy the post in 455 years -- came as a surprise. So too did the energy and determination he brought to his papacy, never letting health issues get in the way of his travels. Not even an attempted assassination in 1981 kept him down. A Turk named Mehmet Ali Agca shot him twice. The pope recovered and later met Agca in prison and personally forgave him. He re-established the Vatican's diplomatic relations with Great Britain and the United States, as well as with Israel and the Palestine Liberation Organization. He delivered more than 2,000 public addresses and issued countless numbers of encyclicals and apostolic letters, making him one of the most active men ever to occupy the papal see. He canonized 482 saints, more than any other pontiff, and created 232 cardinals. His papacy was divided into two distinct halves. "In the first 10 years his great concern was with communism," said Warsaw-based Catholic commentator Jonathon Luxmore. "Since then his focus has been more on the ills of Western society." John Paul's role in the fall of communism was a subtle but crucial one. His visit to Poland in 1979 and his support for the Solidarity movement were key in the chain of events that led to the eventual crumbling of Gen. Wojciech Jaruzelski's regime 10 years later. His stand against what he saw as the moral failure of Western capitalism, however, was notably less successful. Although his outspoken views on human rights gained him many admirers, his preaching in such areas as sexual mores, science and the role of women in the church alienated many liberal Catholics. "He was what you might call a revolutionary conservative," said Giovanni Ferro, editor of the Rome-based Catholic magazine Jesus. "In some areas he was very forward-minded. In others, however, he was an extremely traditionalist pope. He maintained all sorts of opposing currents in the church, with the result that his successor will probably be faced with a great crisis of direction." Who that successor will be remains to be decided by the College of Cardinals, which will meet at the Vatican in the coming days to select the next pope. Whoever it is will struggle to make his mark, succeeding as he does one of the longest-serving and most contentious figures in papal history. "One thing is for certain," Luxmore said. "[John Paul II] is going to be a terrifically hard act to follow."

Did some quick research and it's a bad worm. Removal shouldn't be too difficult however.

Recommended: Upgrade to SP2 after we say you're officially clean. Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Safe to remove: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\khamLP\LOCALS~1\Temp\se.dll/spage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com Safe to remove as malware added these: O1 - Hosts: 127.0.0.0 http://www.tonesforyourphones.com/us/index.php O1 - Hosts: 69.20.16.183 auto.search.msn.com O1 - Hosts: 69.20.16.183 search.netscape.com O1 - Hosts: 69.20.16.183 ieautosearch Safe to remove cause this file doesn't exist: O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) Safe to remove as download managers don't work: O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot This is WORM_SPYBOT.GP! Remove this IMMEDIATELY and run Anti-Virus! O4 - HKLM\..\Run: [dksystem] C:\WINDOWS\ntsystem.exe Details on WORM_SPYBOT.GP here. Safe to remove restrictions added: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present Safe to remove as download accelerators do not work: O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm Safe to remove as all files are missing/gone: O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing) O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing) O9 - Extra button: (no name) - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - (no file) O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU) O9 - Extra button: Microsoft AntiSpyware helper - {A188D8B5-44F8-452B-A1A5-843802006AC0} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A188D8B5-44F8-452B-A1A5-843802006AC0} - (no file) (HKCU) How to remove these: To fix these you will need LSPFix. Check off "I know what I'm doing" and add idmmbc.dll to the remove list. O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll Safe to remove as they were more than likely added by malware: O15 - Trusted Zone: *.addictivetechnologies.com O15 - Trusted Zone: *.admin2cash.biz O15 - Trusted Zone: *.awmdabest.com O15 - Trusted Zone: *.bettersearch.biz O15 - Trusted Zone: *.c4tdownload.com O15 - Trusted Zone: *.crazywinnings.com O15 - Trusted Zone: *.finefind.nettraffic2cash.biz O15 - Trusted Zone: *.iframe.biz O15 - Trusted Zone: *.megapornix.com O15 - Trusted Zone: *.newiframe.biz O15 - Trusted Zone: *.overpro.com O15 - Trusted Zone: *.private-dialer.biz O15 - Trusted Zone: *.private-iframe.biz O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.sp2admin.biz O15 - Trusted Zone: *.sp2f***ed.biz O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted IP range: 67.19.185.246 O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone Safe to remove: O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C...e/bridge-c7.cab O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {38481807-CA0E-42D2-BF39-B33AF135CC4D} - http://activex.microsoft.com/objects/ocget.dll O16 - DPF: {5F1ABCDB-A875-46C1-8345-B72A4567E486} - http://ione.net/IoneToolbar/IoneToolbar.cab O16 - DPF: {8E27C92B-1264-101C-8A2F-040224009C02} - http://activex.microsoft.com/objects/ocget.dll Safe to remove. An attempted LOP.com Hijack: O17 - HKLM\System\CCS\Services\Tcpip\..\{5E7E96A7-578C-4D2F-8484-6365F9CF2DC4}: NameServer = 10.0.0.2,203.198.0.11 Safe to remove: O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\hrj4051qe.dll I also recommend you download this Anti Malware Package. It contains things like CWShredder and more. If you do not wish to fully download this package, I would highly recommend that you download CWShredder as se.dll is a variant of CoolWebSearch. For best results, boot into Safe Mode and run CWShredder.

No need, that's why we're here now. ;D

EVEREST Beta 0304

I've noticed Outpost has a better user interface than that of Sygate. I started to look into Sygate, but couldn't find screenshots until I googled them.

Just so you know, GIANT was bought by Microsoft, so it's pretty much the same thing now. Also, running two firewalls can often cause many conflicts with each other. Personally I use Outpost Pro and have Windows Firewall disabled. Outpost makes for a great firewall, though I definitely agree with the top four recommendations for antispyware. Remember, the best ones are free because those who make you pay often have false positives.

Welcome to the Malware Prevention and Security forum here on MSFN! This snippet of information comes from my own website. Consider this an introduction to Anti-Malware, PC Cleanup and what to do for help with HijackThis. Before you post your logs please go to this PC Cleanup page to clean your computer. This page is now in a wiki format to allow fast loads and easy to read guidelines for all users, no matter what your Internet speed is. Be sure to pick up the Anti-Malware Toolkit (*.exe installer) or Anti-Malware Toolkit portable (*.zip) so that you can get the programs you need to clean your computer! Follow all of the instructions and upon completion post your log here in the following format: Username - HijackThis Log # Should you have further problems you will be asked to do certain things such as running any/all of the applications again and then repost your log. In this case you would post a reply in your own thread with the new log. By omitting the running of the contents of the Anti-Malware package(s) when posting a log you risk wasting valuable time that could be spent assisting other users. Startup optimization is also included after all the spyware/adware has been cleaned from your system. Good luck! Tarun

Awesome! Thank you!

For those interested, Lunarsoft website has finished changing servers and is back online.

EVEREST Beta 0301

The bad links are: DeskMod - http://www.deskmod.org OsirisMedia - http://www.alexkelm.com/hosted/OsirisMedia Pixel Perfect - http://honz.hoverdesk.net/home.html Pixtudio - http://www.pixtudio.org Needs updating: Studio28 from http://www.studio-28.tk to http://www.studiotwentyeight.net

I had a problem like this on a bad hard drive of all things. INF files would fail to register, and I never got it solved before I wiped the hd and returned it.

Awesome! Yay!

im starting to get into programming, C++. Just reading a few more books and tutorials on it. <{POST_SNAPBACK}> I've done some VB, going to learn Delphi next.

Right now the site is currently migrating to a new server. Had to happen over the weekend, eh? Heh.

Try and repair Windows Installer. This might work for a batch file. echo Unregistering MSIEXEC... %swm% msiexec /unreg echo Re-registering MSIEXEC... %swm% msiexec /regserver echo Starting Windows Installer service... net start "Windows Installer" 2>nul 1>nul I'm not batch file expert so that might need work. Try and register these files too. wuapi.dll, wups.dll, wuaueng.dll, wucltui.dll, MSXML3.dll, MSXML4.dll

If you like, refer them to Lunarsoft. I offer a comprehensive (free) package and more.

I'm learning about PC Hardware & Troubleshooting in one class. Qualifies me for A+ certification.