I have been using the computer all day. It seems to be more stable and the processor is not grinding in the background all the time therefore it seems quicker. I used to have problems with it hanging up when the screen saver started, that is gone. Also, the computer has not locked up during normal use at all, so I think it is better. Only time will tell. It is a computer, one can never know if it is working properly. If I say it works great, it will crash instantly!!

It is a laptop and I cannot recover it if it goes into sleep mode, I have not been able to test that to see if it is better. I will try that later.

Like I stated before, I am still having the annoying problem with IE. I can't just type an internet address in the address bar like "www.google.com" I have to type it in the form "http://www.google.com". That is a really annoying problem. I also need to get MS Project working again. It will open, but once it is open, it just closes. No errors or anything.

Here is the log, let me know what to do next. Thanks for all of the help.

Logfile of HijackThis v1.99.1
Scan saved at 6:14:51 PM, on 6/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobD ispatch.exe
C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\NA_Service.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\SYSTEM32\UsbConnect.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\SYSTEM32\usbconsole.exe
C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2005\HmiES.exe
C:\WINDOWS\System32\S7OTBXSX.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\HJT\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [WinCC flexible Smart Start] "C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2005\HmiSmartStart.exe" /startup
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Canon PC1200 iC D600 iR1200G Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM1LA K.EXE
O4 - Global Startup: D-Link AirPlus G Wireless Utility.lnk = ?
O4 - Global Startup: D-Link REG Utility.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - DefaultPrefix:
O13 - WWW Prefix:
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {5E936384-B736-4A9E-AA93-832CA59FDCEC} (InstallShield Setup Player V11) - http://www.iesweb.com/ftp/install/va55pkg/setup.exe
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...ploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk Inc - C:\Program Files\Autodesk\Data Management Server 5\Server\Dispatch\Connectivity.WindowsService.JobD ispatch.exe
O23 - Service: Autodesk EDM Server - - C:\Program Files\Autodesk\Data Management Server 5\Server\Webserver\Connectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HealthSystemInfo - Unknown owner - C:\Program Files\Schneider Electric\Unity Pro\HealthSystemInfo.exe
O23 - Service: MSSQL$AUTODESKVAULT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe" -sAUTODESKVAULT (file missing)
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation - C:\WINDOWS\System32\NA_Service.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: SQLAgent$AUTODESKVAULT - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE" -i AUTODESKVAULT (file missing)
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\SYSTEM32\UsbConnect.exe

Originally Posted by Neal

More than likely they are waiting for us to get rid of the malware first so you can have a clean computer to work with over there. Pretty muc h normal procedure.


Give me a fresh hijackthis log please.


Is it running better?

HI,

Log is clean, let's do one more before sending you back over to the other side of this forum.



http://www.kaspersky.com/virusscanner

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
o Scan Options:
- Scan Archives
- Scan Mail Bases
* Click OK
*Now under select a target to scan:
o Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.

Loks like it found a pron dialer, but it did not delete it.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, June 09, 2006 2:06:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 9/06/2006
Kaspersky Anti-Virus database records: 199415
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
E:\

Scan Statistics:
Total number of scanned objects: 158977
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 02:25:01

Infected Object Name / Virus Name / Last Action
C:\RECYCLER\S-1-5-21-823518204-1708537768-854245398-1003\Dc142.exe Infected: not-a-virus:Porn-Dialer.Win32.AsianRaw.ad skipped

Scan process completed.

Originally Posted by Neal

HI,

Log is clean, let's do one more before sending you back over to the other side of this forum.



http://www.kaspersky.com/virusscanner

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

* The program will launch and then begin downloading the latest definition files:
* Once the files have been downloaded click on NEXT
* Now click on Scan Settings
* In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard)
o Scan Options:
- Scan Archives
- Scan Mail Bases
* Click OK
*Now under select a target to scan:
o Select My Computer
* This program will start and scan your system.
* The scan will take a while so be patient and let it run.
* Once the scan is complete it will display if your system has been infected.
o Now click on the Save as Text button:
* Save the file to your desktop.
* Copy and paste that information in your next post.

Empty your recycle Bin and it should go away as that is where it is.

Should I post my other problem with IE on the Windows Forum with my MS Project Problem? When will they started reponding to my post? I will be offline for the weekend and will work on this again Monday. Hopefully they will start responding then.

Other then that, I think all of the Mal-ware is off of my computer, right? So I suppose we are done here. Thanks for your help.

Originally Posted by Neal

Empty your recycle Bin and it should go away as that is where it is.