how can I get rid of this any suggestions...
one was healed only

Try this
http://www.softpedia.com/get/Antivirus/Symantec-Adware-Istbar-Trojan-ISTsvc-Removal-Tool.shtml

thank you Frogy i will try that I went on Symatic.(sp) but it came up with nothing..I will let you know.

Try the free version of Avast http://www.avast.com/eng/avast_4_home.html also as it appears to be very good at detecting and removing trojans.

Try the free version of Avast http://www.avast.com/eng/avast_4_home.html also as it appears to be very good at detecting and removing trojans.

Avast is a great program Glen, switched back to AVG for the scheduling but still run Avast periodicaly as you said, great at trojans.

Also try to run the scan in Safe Mode. Sometimes files are in use and cannot be cleaned/healed/or whatever.

And don't forget about trying the Microsoft Anti-Spyware free program from their main website.

i think this mean that I got rid of one of them only?

As Glen mentioned, run Avast
http://www.avast.com/eng/avast_4_home.html
and as Bogie mentioned, run in safe mode. Better safe than sorry.

I am really not good in going into safe mode the last time I did that I was mia for almost 3 days because I couldn't get out of safe mode...(Man that was pretty safe for me) I had to fun the help centre to get me out of safe mode...lol
I am running another scan with avg and it is reading
istrecover[1].exe trojanhorse collected.5.ao
power_remover[1].exe trojanhorse downloader istbar.9d
and still scanning

once this scan is done I will scan with avast but what are my chances of just doing it in regular mode...
I am really nervous about this safe mode business.
Also frogy I was wondering when I went to softpedia what do you type in to find your virus and where is it I just followed your link..
OK scan stopped and it is just the two that I have listed in the last post

You must turn off system restore before you scan. Trojans like to hide there.

One thing I did find for the istbar one and I am sure it would help before scanning again.

Before you can delete files, you must first stop all the ISTBar processes that are running in memory.
Do this by ending all processes from the Task Manager.
Press CTRL+ALT+DELETE to open the Windows Task Manager. If you see multiple
"tabs," click on the "Processes" tab. For each process that you would like
to kill, find the process name in the list, click it to select it, and click
the "End Process" button.

Tells you here which processes to stop.

http://www.spywaredb.com/remove-istbar/

i think this mean that I got rid of one of them only?

That one was in the temporary internet files

In internet explorer, click tools" options
Then click delete temporary internet files

You must turn off system restore before you scan. Trojans like to hide there.

NO.
Do NOT do this.

Malware is NOT going to jump out of system restore to bite you.
They are quite harmless in System restore.

"Turning off" system restore actually means DELETING all of your restore points.

If you make an error while cleaning you will have no restore points to go back to.
Do not "turn off " system restore.
Clean your system first.
Then when the system is clean and all functional , delete your restore points and create a new clean one.

you could also try this . http://www.windowsecurity.com/trojan/

sorry ,http://windowsecurity.com/trojanscan/

WOW thanks everyone I have done avast scan and put everything and I do mean everything in the chest so I am just going to do another AVG scan and see what happens.
Yes awast did put me in safe mode and took me right back out of it when it was done thank goodness.

Ok , if you find anything make a note of the file path. (where it's located)

Could be documents settings/temporary internet files or system volume information etc.

ok thank you

I just want to thank you all for helping me I do believe I have gotten rid of it I have run lava soft for the adware and I had some stuff come up there so I got rid of it.
Just done a complete scan with AVG and it showes nothing..
I will continue to monitor it for the next couple of days though, just to be on the safe side.
Mander thank you with your idea of ctr alt delete because the toolbar was in there and running so I went to end task and it came back a couple of times but it is now gone, HOPEFULLY for good. I didn't find anything under process though..Would it be ok for me to do a screen shot of my process to show you what is in there to see if it is harmfull or not to worry about it? I went to that website and there didn't seem to be any files like that in the process...but really not sure..
Thanks all for your help you are all a great bunch of friends in here

Sure...post a screenshot so we can have a look. What you can also do is get hijackthis and post a log for a closer look.

ok be right back

it wont let me take a screen shot of it.

You should be ok but if you like ctcgirl you can post a hijackthis log here.


This is the easiest way:

Here is a link to hijack this setup.
This program will automatically set it up properly for you
DIRECT DOWNLOAD:
http://www.thespykiller.co.uk/files/HJTsetup.exe

Download the program, desktop is fine.
Run the program.
Accept the default locations.
(It will setup hjt on C: program files)

You should place a checkmark in the box for the shortcut icon on the desktop.

When you double click the icon, the program will open.

Choose "scan and save a log file"
( it only takes a minute)
A second window will open in notepad ,automatically, with the results.
Just copy and paste those results .

Don't worry about what it finds. It lists legitimate processes as well as bad ones.

i am running Hijack this right now and so far it has found 151 infections.
I will post if i can.

DO NOT fix anything yet.

Edit:
Now I got a bit more time :)

They're not infections.
Hijack This is a "dumb" program
almost all of what it lists is legitimate and necessary.
So don't fix anything with it, yet.
Gotta go through it, to determine what's naughty and nice.

probably won't have to fix anything.

Logfile of HijackThis v1.99.1
Scan saved at 9:51:29 PM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Wisdom-soft ScreenHunter Free\ScreenHunter.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\system32\hlwin.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-6.4.0.34/threepoint/threepoint-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.4.0.34/aces/aces-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.4.0.41/battlephlinx/battlephlinx-ob-assets.cab
O16 - DPF: Bridge by pogo - http://game1.pogo.com/applet-6.4.0.41/bridge/bridge-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.4.0.41/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.0.34/canasta/canasta-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.0.34/checkers2/checkers-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.4.0.48/cribbage/cribbage-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.4.0.41/domino/domino-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.34/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.3.4.49/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.4.0.34/superbingo/superbingo-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.3.4.49/hearts/hearts-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.3.4.49/pool2/pool-ob-assets.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.4.1.46/keno/keno-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.64/lottso/lottso-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.4.0.48/mahjong/mahjong-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.4.0.41/freecell/freecell-ob-assets.cab
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo - http://game1.pogo.com/applet-6.4.0.41/threehole/threehole-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.34/penguins/penguins-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.4.0.34/flinger/flinger-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.0.48/poppit2/poppit2-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.1.46/squares/squares-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.4.0.41/slots/showbiz-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.3.4.49/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.34/spider/spider-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.3.4.49/squelchies/squelchies-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.3.4.49/stax/stax-ob-assets.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.1.46/sweeper/sweeper-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.4.0.41/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.3.4.49/holdem/holdem-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.4.64/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.3.4.49/jumbee/jumbee-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.4.64/wordwhomp2/whomp2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.3.4.64/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.3.4.64/worldclass/worldclass-ob-assets.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c7.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

did I do it right

Just fine ctcgirl.
Give me 10 minutes to go through it.

did I do it right

Yes you did. Only thing I see on a quick scan is Accoona Search Assistant. Its full of spyware, Its a toolbar you dont need. let me have a closer look

Scan Results:
scan start: 11/26/2005 9:33:59 PM
scan stop: 11/26/2005 9:47:06 PM
scanned items: 71485
found items: 152
found and ignored: 0
tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner



Infection Name Location Risk
LinkMaker Hijacker HKLM\SOFTWARE\LM Elevated
LinkMaker Hijacker HKLM\SOFTWARE\LM## Elevated
LinkMaker Hijacker HKLM\SOFTWARE\LM##st Elevated
LinkMaker Hijacker HKLM\SOFTWARE\LM##si Elevated
LinkMaker Hijacker HKLM\SOFTWARE\LM##lp Elevated
LinkMaker Hijacker HKLM\SOFTWARE\LM##im Elevated
LinkMaker Hijacker HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\HyperLinker Elevated
LinkMaker Hijacker HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\HyperLinker## Elevated
LinkMaker Hijacker HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\HyperLinker##UninstallString Elevated
LinkMaker Hijacker HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\HyperLinker##DisplayName Elevated
MediaGateway HKCR\MediaGatewayX.Installer Elevated
MediaGateway HKCR\MediaGatewayX.Installer## Elevated
MediaGateway HKCR\MediaGatewayX.Installer\CLSID Elevated
MediaGateway HKCR\MediaGatewayX.Installer\CLSID## Elevated
MediaGateway HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Mod uleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll Elevated
MediaGateway HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Mod uleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll## Elevated
MediaGateway HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Mod uleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll##.Owner Elevated
MediaGateway HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Mod uleUsage\C:/WINDOWS/Downloaded Program Files/MediaGatewayX.dll##{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Elevated
MediaGateway HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Sha redDLLs##C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll Elevated
P2PNetworking HKCU\Software\Microsoft\OLE##p2pnetworking Elevated
Common Components for WindUpdates HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} Medium
Common Components for WindUpdates HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6}\iexplore Medium
Common Components Unrelated HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} Medium
Common Components Unrelated HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807}\iexplore Medium
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Elevated
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Implemented Categories Elevated
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
MediaGateway HKCR\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\InprocServer32 Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Implemented Categories Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4} Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} Elevated
MediaGateway HKLM\Software\Classes\CLSID\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\InprocServer32 Elevated
MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Elevated
MediaGateway HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\iexplore Elevated
MediaGateway HKLM\Software\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} Elevated
MediaGateway HKLM\Software\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Contains Elevated
MediaGateway HKLM\Software\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\Contains\Files Elevated
MediaGateway HKLM\Software\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\DownloadInformation Elevated
MediaGateway HKLM\Software\Microsoft\Code Store Database\Distribution Units\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}\InstalledVersion Elevated
SideFind HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} Elevated
SideFind HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}\iexplore Elevated
YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658} High
YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{42F2C9BA-614F-47C0-B3E3-ECFD34EED658}\iexplore High
YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} High
YourSiteBar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{86227D9C-0EFE-4F8A-AA55-30386A3F5686}\iexplore High
Affiliated with Browser Hijackers C:\Documents and Settings\louann\Local Settings\Temporary Internet Files\Content.IE5\LK8N1PKX\index[1].htm Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\louann\Local Settings\Temporary Internet Files\Content.IE5\SVCFWV76\R15CMb7_300x250[1].gif Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\louann\Local Settings\Temporary Internet Files\Content.IE5\7R5FF94W\500x300_3DAqua[1].swf Elevated
Affiliated with Browser Hijackers C:\Documents and Settings\louann\Local Settings\Temporary Internet Files\Content.IE5\IBQR6XUZ\pixy[1].gif Elevated
Known Bad Sites C:\Documents and Settings\louann\Local Settings\Temporary Internet Files\Content.IE5\VL775GK8\show[1].gif High
Advertising C:\Documents and Settings\louann\Cookies\louann@adlegend[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@atwola[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@chumtv.122.2o7[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@sales.liveperson[2].txt Medium
Known Bad Sites C:\Documents and Settings\louann\Cookies\louann@ea.rpts[2].txt High
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@home[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@net-filter[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@dcs2omr9fpifwznrgv6 7zf9ub_7p8i[1].txt Medium
Advertising C:\Documents and Settings\louann\Cookies\louann@80570461[2].txt Low
Advertising C:\Documents and Settings\louann\Cookies\louann@90594700[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@rooms[1].txt Medium
Advertising C:\Documents and Settings\louann\Cookies\louann@74656227[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@igougo[2].txt Medium
7AdPower C:\Documents and Settings\louann\Cookies\louann@www.advnt01[1].txt Medium
Starware C:\Documents and Settings\louann\Cookies\louann@h.starware[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@cardomain[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@adknowledge[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@S005-01-5-22-226000-76328[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@cbs.112.2o7[1].txt Medium
Advertising C:\Documents and Settings\louann\Cookies\louann@com[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@www.burstbeacon[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@rn11[2].txt Medium
Advertising C:\Documents and Settings\louann\Cookies\louann@casalemedia[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@bigbanners[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@bizrate[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@2o7[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@go[2].txt Medium
Advertising C:\Documents and Settings\louann\Cookies\louann@19754491[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@cnn.122.2o7[1].txt Medium
Advertising C:\Documents and Settings\louann\Cookies\louann@ads.addynamix[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@rating[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@msnportal.112.2o7[1].txt Medium
Rogue Anti-Spyware Products C:\Documents and Settings\louann\Cookies\louann@purchase[1].txt High
Advertising C:\Documents and Settings\louann\Cookies\louann@lsjmp[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@metacafe.122.2o7[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@atdmt[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@stat.dealtime[2].txt Medium
Advertising C:\Documents and Settings\louann\Cookies\louann@mediaplex[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@forums.realitytvpla net[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@marthastewart.122.2 o7[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@login[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@pogo[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@familyfun.go[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@xiti[1].txt Medium
Advertising C:\Documents and Settings\louann\Cookies\louann@adopt.hbmediapro[2].txt Low
Affiliated with Browser Hijackers C:\Documents and Settings\louann\Cookies\louann@www.miniclip[1].txt Elevated
CWS.XPSystem C:\Documents and Settings\louann\Cookies\louann@searchportal.inform ation[1].txt High
Advertising C:\Documents and Settings\louann\Cookies\louann@advertising[1].txt Low
WinFixer 2005 C:\Documents and Settings\louann\Cookies\louann@winfixer[1].txt Elevated
Advertising C:\Documents and Settings\louann\Cookies\louann@burstnet[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@ct.360i[1].txt Medium
Common Components for Claria C:\Documents and Settings\louann\Cookies\louann@ath.belnk[2].txt Elevated
Common Components for Claria C:\Documents and Settings\louann\Cookies\louann@belnk[2].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@S005-01-5-22-226000-76431[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@badge-book[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@www.myaffiliateprog ram[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@banner[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@cz3.clickzs[2].txt Medium
ISTbar C:\Documents and Settings\louann\Cookies\louann@ysbweb[1].txt High
WinFixer 2005 C:\Documents and Settings\louann\Cookies\louann@www.winfixer[1].txt Elevated
Advertising C:\Documents and Settings\louann\Cookies\louann@6425137[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@dcs0sapavqljwp9m8br r0j29b_1l1j[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@www.help2go[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@cnetaustralia.122.2 o7[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@dcs474a68onmhcwki2s dk29l7_4h1o[2].txt Medium
Starware C:\Documents and Settings\louann\Cookies\louann@starware[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@did-it[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@jas.familyfun.go[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@74613876[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@clubgames.pogo[2].txt Medium
Advertising C:\Documents and Settings\louann\Cookies\louann@statcounter[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@casino[1].txt Medium
Known Bad Sites C:\Documents and Settings\louann\Cookies\louann@canadiansponsors.di recttrack[2].txt High
Affiliated with Browser Hijackers C:\Documents and Settings\louann\Cookies\louann@miniclip[1].txt Elevated
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@goodcounter[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@sportingnews.122.2o 7[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@register.go[1].txt Medium
Rogue Anti-Spyware Products C:\Documents and Settings\louann\Cookies\louann@my.freeze[1].txt High
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@tribalfusion[1].txt Medium
Rogue Anti-Spyware Products C:\Documents and Settings\louann\Cookies\louann@freeze[1].txt High
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@c4.gostats[1].txt Medium
Advertising C:\Documents and Settings\louann\Cookies\louann@LPintranets_busdev[1].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@www.dumans.iwarp[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@nopop[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@slingo[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@games[1].txt Medium
Advertising C:\Documents and Settings\louann\Cookies\louann@news.com[2].txt Low
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@nopop[3].txt Medium
Known Bad Sites C:\Documents and Settings\louann\Cookies\louann@directtrack[1].txt High
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@dcsbchb3sbydgs1trb0 ai4ida_5n6d[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@www.web-stat[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@dcs.slingo[1].txt Medium
Specific911 Hijack C:\Documents and Settings\louann\Cookies\louann@intelius[1].txt High
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@gostats[2].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@accoona[1].txt Medium
Tracking Cookie(s) C:\Documents and Settings\louann\Cookies\louann@howstuffworks[2].txt Medium
MediaGateway C:\Program Files\Media Gateway\MediaGateway.exe Elevated
180search Assistant C:\Documents and Settings\louann\Local Settings\Temp\res9DE.tmp Elevated
LinkMaker Hijacker C:\Program Files\Hyperlinker\uninst.exe Elevated
Perfect Keylogger C:\Program Files\WinRAR\Rar.exe High


Other Sections:








Copyright ? 2003 PC Tools Research Pty Ltd. All rights reserved. Legal Notice

this is one from hijack too the one that mander told me to do..
I am sorry but I am on the phone with my dad right now and I told him I have to go but there is a problem with him I will try and get back as soon as possible.

Run Ccleaner and repost please. www.ccleaner.com

Just a few things.
Scan with hjt again.
Then a checkmark beside these
CLOSE your browser (internet explorer)
Cick fix checked.



R3 - URLSearchHook: (no name) - <default> - (no file)

O2 - BHO: LinkTracker Class - {85A77577-A8CA-41b7-AA1E-DDAD4C0B12B1} - C:\WINDOWS\system32\hlwin.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)

O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c7.cab

Then Reboot your system. scan again and post the new log.

hi are you saying to do the short scan again or the one that mander gave me it takes about 15 minutes to do?

Just the hjt scan.
The short one lol
Except this time fix the entries I mentioned above

rebotted here is the new scan

ogfile of HijackThis v1.99.1
Scan saved at 11:08:39 PM, on 11/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: 3 Point Showdown by pogo - http://game1.pogo.com/applet-6.4.0.34/threepoint/threepoint-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.4.0.34/aces/aces-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.4.0.41/battlephlinx/battlephlinx-ob-assets.cab
O16 - DPF: Bridge by pogo - http://game1.pogo.com/applet-6.4.0.41/bridge/bridge-ob-assets.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.4.0.41/videoblackjack/videoblackjack-ob-assets.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.4.0.34/canasta/canasta-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.0.34/checkers2/checkers-ob-assets.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.4.0.48/cribbage/cribbage-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.4.0.41/domino/domino-ob-assets.cab
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.34/videopoker2/doubledeuce-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.3.4.49/solitaire2/solitaire2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.4.0.34/superbingo/superbingo-ob-assets.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.3.4.49/hearts/hearts-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.3.4.49/pool2/pool-ob-assets.cab
O16 - DPF: Keno by pogo - http://game1.pogo.com/applet-6.4.1.46/keno/keno-ob-assets.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.64/lottso/lottso-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.4.0.48/mahjong/mahjong-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.4.0.41/freecell/freecell-ob-assets.cab
O16 - DPF: Pebble Beach 3 Hole Challenge by pogo - http://game1.pogo.com/applet-6.4.0.41/threehole/threehole-ob-assets.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.34/penguins/penguins-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.4.0.34/flinger/flinger-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.4.0.48/poppit2/poppit2-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.4.1.46/squares/squares-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.4.0.41/slots/showbiz-ob-assets.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.3.4.49/spades/spades-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.4.0.34/spider/spider-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.3.4.49/squelchies/squelchies-ob-assets.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.3.4.49/stax/stax-ob-assets.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.1.46/sweeper/sweeper-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.4.0.41/sweettooth/sweettooth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.3.4.49/holdem/holdem-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.3.4.64/peaks/peaks-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.3.4.49/jumbee/jumbee-ob-assets.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.4.64/wordwhomp2/whomp2-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.3.4.64/whackdown/whackdown-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.3.4.64/worldclass/worldclass-ob-assets.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe

Looks good from what I can see. Unless I have missed something, you are good.

wow i REALLY hope so. I didn't mean for you 2 to stay up late for me to get rid of this I really appreciate this

Frostyone thank you very much for the fantastic help you have given me...actually you and Mander and Frogy, Glen (hi) and Bogie woodpusher and bolla did it all the work for me i just posted .
thanks to you all for your kindness.
I gotta go to bed up with the birds tomorrow..are there any birds left in this cold weather..lol anyways good night all and thanks again I will probally need you again in the near future I get myself into a lot of trouble quite easily..

The hijackthis log looks fine,

Only thing is you should not have 2 anti-viruses running in real time,
They can conflict.
You should only have 1 running in real time.

Your choice which one.

I always have AVG running that avast is what I used tonite so I can just delete it right.

Yes, you can uninstall it using add/remove programs.

thank you so much Frostyone.
Have a good night.

You're welcome.
Good night.

Looks like someone is a pogo fanatic. :)

frostyone you did a great job helping CTCgirl ...
But I would like to clarify a few points.
more nasties put things in Restore than not .. one of the first things you should try is using restore to go back and chance are it will not work
I always recommend to turn off Restore then boot to Safe (F8) *Note for ctcgirl if it reboots to the safe mode menu after your done choose Normal and the next time it will go to windows*
Do not delete Avast let it run in the background Avast is a pro-active Anti Virus it will deal with them as you get the Virus ... And it works with AVG for your pre-set scan time.

Looks like someone is a pogo fanatic. :)


LOL everyday and twice on Sunday...

frostyone you did a great job helping CTCgirl ...
But I would like to clarify a few points.
more nasties put things in Restore than not .. one of the first things you should try is using restore to go back and chance are it will not work
I always recommend to turn off Restore then boot to Safe (F8) *Note for ctcgirl if it reboots to the safe mode menu after your done choose Normal and the next time it will go to windows*
Do not delete Avast let it run in the background Avast is a pro-active Anti Virus it will deal with them as you get the Virus ... And it works with AVG for your pre-set scan time.

Well Thank you Andyman I did delete it should I get it again now last night it wouldnt' do anything for me like quarntine it for me untill I bought the registered copy.

Well Thank you Andyman I did delete it should I get it again now last night it wouldnt' do anything for me like quarntine it for me untill I bought the registered copy.

Judging by that, you may have downloaded one that was a trial version. Is this the one you got? http://www.avast.com/eng/avast_4_home.html

Yes Mander that is the one I got is there a different one.
I have Lavasoft ad ware is that just as good or not should I still do Avast?

You should still use Avast but the link above is supposed to be a free version. What and where is the file name it wont let you quarantine? Most likely, its safe just to delete it.

Adaware is for spyware and not viruses.

so I register with it and it doesn't cost because I thought when i went to register it went to buy now 29.95

so I register with it and it doesn't cost because I thought when i went to register it went to buy now 29.95

Register online here. Its good for 1 year then after that you simply have to re-register.

http://www.avast.com/i_kat_207.php?lang=ENG

Thank you Mander I have now registered and I am waiting for me key..I really appreciate this..

Thank you Mander I have now registered and I am waiting for me key..I really appreciate this..

Its my pleasure. Thats what we are all about here, people helping people and building friendships into one big family.
Hopefully your problem has been resolved for good so the stress goes away and stays away. Then you can do the :ydance:

seems alls well that ends well ctc girl.happy computing girl.

Thank you andyman.

I'll agree system restore is not as useful as it should be.
No question. lol. :)

I do though disagree with deleting restore points prior to commencing a cleanup.
System restore functions similar to the quarrantine folder your anti-virus provides.
Any malware there is not active, it won't jump out.
It is only possible to restore the malware.

While deleting all the restore points speeds up the various scans etc, that a cleanup entails, as well as not giving that "found in system volume etc,. it leaves you without a "parachute" if the cleanup goes awry.

With the increasing complexity of cleaning malware and the increasing possibilty of
mucking up the system while cleaning, having the restore points available is prudent.
So rather than deleting the restore points first, it's preferable to delete them last.

As far running 2 anti-viruses in real time it's not recommended.
Whether avast is a better choice than avg I don't know .
Opinions vary.

But AVG has a statement on this:

"Is it safe to have 2 anti-virus programs on one computer?

It is not recommended to run 2 antivirus or firewall products on one computer at the same time.
The "resident shield" functionality of the products may conflict with each other, resulting in unpredictable behavior in your computer, as well as not responding appropriately to a potential virus threat.

Be sure to uninstall or disable all other antivirus or firewall programs on your computer
http://www.grisoft.com/doc/36/lng/us/tpl/tpl01/nid/939

And Avast states the same:

"Q: Should I uninstall other anti-virus programs (Norton Antivirus, McAfee, AVG, Kaspersky Antivirus etc.) before installing avast!?

A: Yes. Using two or more antivirus programs can cause problems and the operating system may become unstable.
http://www.avast.com/eng/faq-installation-problems.html

As does Microsoft:

"Microsoft recommends that you have only one anti-virus program installed on your computer"

It is possible to have 1 anti-virus working in real time (resident) and another for on-demand only.
This is common, even though occasionally the odd,minor conflict may arise.

In general I'll disable the real time virus protection while performing any other scan,. This not only avoids conflict ( with ad-aware for example) but is also much quicker.

Although I'm far from an expert, I do have to agree with the "disable" system restore prior to doing a cleanup when a virus/trojan/hijacker has been detected on ones system, ...... almost every time the system restore files are corrupted and its everyone of them, so disable before the cleanup begins.

Although I'm far from an expert, I do have to agree with the "disable" system restore prior to doing a cleanup when a virus/trojan/hijacker has been detected on ones system, ...... almost every time the system restore files are corrupted and its everyone of them, so disable before the cleanup begins.
by all means try all the restore points first .. it won't work and at that point they are useless to you anyway.
this taken from the Symantic web site
"While this is a desirable feature, in some cases it should be temporarily turned off. For example, if the computer is infected with a virus, then it is possible that the virus could be backed up by System Restore. By default, Windows prevents System Restore from being modified by outside programs. As a result, there is the possibility that you could restore a virus-infected file, or that the on-line scanners would detect the virus in that location".
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?OpenDocument&src=sec_doc_nam

" it won't work and at that point they are useless to you anyway."

"it won't work".. probably not.
"they are useless to you anyway." Not true.

As symantec points out "there is the possibility that you could restore a virus-infected file, "

That is the ONLY way a corrupted file in system restore is harmful.
It does absolutely nothing in system restore and is absolutely harmless in system restore.
Yes, it's a PITA because " on-line scanners would detect the virus in that location"

That's it.

Now if you are infected with some compex malware, as much of the newer "spyware" is , and you have "disabled" system restore you have thrown away your parachute.

Much of the newer malware is complex, requires multiple steps to clean .
Posibility of error is high.
Additionally new malware may have a landmine or poison pill.
Bube was an example. where normal cleaning resulted in a hosed system.
Without a restore point format/re-install was the only remaining option.
You were screwed.

With a restore point, sure you restore the malware.
And then begin cleaning again. This time avoiding the errors.

There is NO reason to "disable" system restore at the outset.
Wait 'till the system is clean, then "disable" system restore and create a new restore point.

I guess we all approach system restoration a little differently, but the end result is what we look for..... just for the record, symantics recomends turning off system restore to clean "bube"

http://securityresponse.symantec.com/avcenter/venc/data/trojan.admincash.html

the best defence against these types of infections which come from web pages and download sites is "spywareblaster" , it just won't allow those codes to run, but again, is just my opinion

Malware is NOT going to jump out of system restore to bite you. They are quite harmless in System restore.

"Turning off" system restore actually means DELETING all of your restore points.

There are many reasons why many AV scanners don't scan in the System Restore cache while other do and give you a FALSE sense that they work better (catch stuff other AV scanners don't). It's a false sense of security and Frostyone seem to know it.

If something has been detected in there, leave it be. AV scanners that go in there can't clean it anyway! Let System Restore expire those restore points and you won't suffer from breaking/losing all your restore points.

As a result, there is the possibility that you could restore a virus-infected file

And a good realtime scanner would detect that in the process and clean outside of System Restore's cache which is what all AV scanners should do.

It took Symantec, and others, quite a long time before it could clean Bube properly.
Months actually. Originally Symantec would hose the system when cleaning Bube.
And that's not the only malware that symantec and others have failed to clean properly. Not many, but some.

The true problem is the length of time it can take for removal tools to be developed.

That's why we see all the HJT logs, why all the removal tools.
about:buster was written by a snotty nosed teen.
HJT and cwshredder were the product of a single university student.

There are risks involved in cleaning new malware.

There are many people running Symantec's software who are unable to rid themselves of an infection.
That's why they ask for help.
And that may involve some risk.
Having a backup is useful.

It's interesting to note the original advice from Microsoft for dealing with a virus in system restore was to do nothing:

'No action is required if the system has been cleaned and only the data store is reported by the antivirus tool to have suspicious files."

I think we 'll agree that you might as well create a new restore point. lol

I supppose Symantec and the others got tired of responding to " I have a virus in System volume info and your product won't clean it "

Now, if I knew for certain that disabling system restore and running Norton would cure the infection, then why not do it that way.
That would be great.
But that's not the case.

When people ask for assistance, that has already failed, unfortunately,
And you use different methods.
Ones that involve a higher possibility of error.

It costs nothing to leave system restore for last.
This is what is overlooked. The malware is absolutely harmless there.
Why delete all your restore prior to embarking on what may be a complicated fix?


I think we'll just have to agree to disagree :)

agreed