Its running a lot better! Thank you so much! Its faster and so far no errorrelatedmatches. Looks like you fixed it right up . Is it a good idea to run the CCleaner regularly or just when its running slow? Also, are there any other programs that you had me download that I should run regularly? This computer has more space so I can keep whatever programs that I might need later.

Here is my hijackthis log




Logfile of HijackThis v1.99.1
Scan saved at 10:17:54 AM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\Toolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

I keep and use CCleaner at least once a month, you will be amazed at all the junk it will remove from your computer.

I will have a list of prevention tools for you in a little bit to try out.

But right now what i need you to do is run another Panda scan as I want to see if CWShredder got rid of a couple of files that showed up on your last Panda scan log please.

If there we will use a program called killbox to get rid of them. Thanks.

ok, here is the new panda scan log

Incident Status Location

Adware:adware/secure32 Not disinfected C:\secure32.html
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Aaren\Cookies\aaren@c.enhance[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Aaren\Cookies\aaren@c3.gostats[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Aaren\Cookies\aaren@gostats[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Aaren\Cookies\aaren@toplist[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Aaren\Cookies\aaren@yadro[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Aaren\Cookies\aaren@c.enhance[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Aaren\Cookies\aaren@c3.gostats[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Aaren\Cookies\aaren@gostats[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Aaren\Cookies\aaren@toplist[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Aaren\Cookies\aaren@yadro[2].txt

We are very close I think.



Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.

• Save it to your desktop.
• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  C:\secure32.html
  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click NO at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


One last scan please: EWIDO, run from normal mode, the log also please

here is the new ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:25:39 PM, 1/5/2006
+ Report-Checksum: 52116E62

+ Scan result:

C:\Documents and Settings\Aaren\Local Settings\Temporary Internet Files\Content.IE5\OPQ3G5UJ\mm[1].js -> Spyware.Chitika : Cleaned with backup


::Report End



When I restarted after killbox and clicked to bring up a browser i got the errorrelatedmatches. Is that a new type of site or is that a hijack? lol i'm getting confused. sometimes it comes up and sometimes it doesn't. It does it when the page cannot be displayed.

oh and i didn't get that message with killbox. I didn't get the other one either when i was supposed to click no.

It appears this errorelatedmatches thing is related to neopets.

http://forums.techguy.org/networking...ease-help.html

So according to what that site says, either uninstall it or live with it. I myself would not tolerate it.

It looks like Norton has flagged it as spyware, also it appears to be associated with gamespy which is bad.



www.kaspersky.com/virusscanner

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
o Scan Options:
- Scan Archives
- Scan Mail Bases
* Click OK
* Now under select a target to scan:
o Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.

wow, its such a stand up site that I didn't think they would ever do anything like that. I uninstalled the toolbar. I had it on my other computer too. I wonder how bad that one could be. Here is the kaspersky log

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, January 05, 2006 23:20:41
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/01/2006
Kaspersky Anti-Virus database records: 169244
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 108828
Number of viruses found: 13
Number of infected objects: 21
Number of suspicious objects: 0
Duration of the scan process: 5208 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Aaren\.housecall\Quarantine\install[1].htm.bac_a01812 Infected: Exploit.HTML.CodeBaseExec
C:\Documents and Settings\Aaren\.housecall\Quarantine\kl[1].txt.bac_a00788 Infected: Trojan-PSW.Win32.Agent.bu
C:\Documents and Settings\Aaren\.housecall\Quarantine\tool2[1].txt.bac_a00788 Infected: not-virus:Hoax.Win32.Renos.aj
C:\Documents and Settings\Aaren\.housecall\Quarantine\tool3[1].txt.bac_a00788 Infected: Packed.Win32.Klone.b
C:\Documents and Settings\Aaren\.housecall\Quarantine\toolbar[1].txt.bac_a00788 Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{A82186EB-0D68-42A7-8CB4-82BA721FF872}\RP18\A0007884.exe/data0042 Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{A82186EB-0D68-42A7-8CB4-82BA721FF872}\RP18\A0007884.exe/data0043 Infected: not-a-virus:AdWare.Win32.Lop.ai
C:\System Volume Information\_restore{A82186EB-0D68-42A7-8CB4-82BA721FF872}\RP18\A0007884.exe Infected: not-a-virus:AdWare.Win32.Lop.ai
C:\System Volume Information\_restore{A82186EB-0D68-42A7-8CB4-82BA721FF872}\RP18\A0009778.exe Infected: Trojan.Win32.StartPage.agq
E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.Quick.a
E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe/WISE0015.BIN Infected: Trojan-Dropper.Win32.Small.ff
E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe/WISE0023.BIN Infected: Trojan-Downloader.Win32.Wren.d
E:\System Volume Information\_restore{5D818203-277E-4890-90AC-003E003A1B8B}\RP222\A0039256.exe Infected: Trojan-Downloader.Win32.Wren.d
E:\adaware and pics\The_Chameleon-75747.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.EZula.j
E:\adaware and pics\The_Chameleon-75747.exe Infected: not-a-virus:AdWare.Win32.EZula.j
E:\ART\screensavers.zip/screensavers/spongebobdesktopsetup.exe/42odhr0b.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.h
E:\ART\screensavers.zip/screensavers/spongebobdesktopsetup.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.h
E:\ART\screensavers.zip Infected: not-a-virus:AdWare.Win32.F1Organizer.h
E:\ART\screensavers\spongebobdesktopsetup.exe/42odhr0b.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.h
E:\ART\screensavers\spongebobdesktopsetup.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.h

Scan process completed.

Evidently you got a bad screensaver so if you want to be clean uninstall that:


E:\ART\screensavers.zip/screensavers/spongebobdesktopsetup.exe/42odhr0b.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.h
E:\ART\screensavers.zip/screensavers/spongebobdesktopsetup.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.h
E:\ART\screensavers.zip Infected: not-a-virus:AdWare.Win32.F1Organizer.h
E:\ART\screensavers\spongebobdesktopsetup.exe/42odhr0b.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.h
E:\ART\screensavers\spongebobdesktopsetup.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.h


That chameleon thing needs to go also:

E:\adaware and pics\The_Chameleon-75747.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.EZula.j
E:\adaware and pics\The_Chameleon-75747.exe Infected: not-a-virus:AdWare.Win32.EZula.j


Those at the top are in a quarantine folder and are safe but need to be done away with anyway.


The rest is under system restore and we will make those go away after you get rid of all that other stuff.


Let me see a new hijackthis log after you remove that stuff above. Don't do a system restore yet, that is the very last thing we will do. Thanks.

we have been moving all day and those files are on my external drive so as soon as i locate that I will delete those. I had been trying to get rid of that chameleon one for awhile now but wasn't sure if it was needed for anything. (i had it scanned with the regedit and said it was going to delete it but never did). I am afraid to delete them manually cuz I don't want to delete something that is needed for an important program. Thanks for helping me. I'll delete those and send a new hijack log.