Using Iinternet Explorer Version 7.0.5739.11 on a Windows XP Sp3 system with a Google Toolbar. Been using this for web surfing for months and months with no problems, until I joined up with Facebook in the last week. Now I'm having browser redirect problems. It only seems to happen, though, when I try to go to a website from the Google search page or from the Google search function in the tool bar. If I type a URL directly into IE, it will go right there - no problem. I've done two complete Norton scans which found Bloodhound.Sonar1 and supposedly resloved it and Norton has blocked intrusions from Koobface several times. I ran Lavasoft AdAware and Spybot S&D and rebooted before I did the HijackThis scan and log file. It appears I am first being re-directed to a site called co-find.com and then from there ending up on all sorts of "Advertisment" sites. Following is my log file. Any help would be greatly appreciated. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:05 AM, on 6/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\CBTWlanSrv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\linksys\wpc54gv3\wpc54gv3.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.praiseonfire.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 729553 helper - {2267F93C-600C-420E-A229-3317AADD3951} - C:\WINDOWS\system32\sysloc\sysloc.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTPCMCIASBUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\\Kirkwood-pc\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "\\Kirkwood-pc\EPSON Stylus Photo R200 Series" /O22 "\\POFR-LAPTOP\AutoEPSO" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on Kirkwood-pc] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P50 "Auto EPSON Stylus Photo R200 Series on Kirkwood-pc" /O22 "\\KIRKWOOD-PC\EPSONSty" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [\Kirkwood-pc\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "\\Kirkwood-pc\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Auto Auto Auto EPSON Stylus Photo R200 Series on Kirkwood-pc on POFR-LAPTOP on KIRKWOOD-PC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P90 "Auto Auto Auto EPSON Stylus Photo R200 Series on Kirkwood-pc on POFR-LAPTOP on KIRKWOOD-PC" /O22 "\\KIRKWOOD-PC\AutoAuto" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzed055DIUS_ZN
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www2.academic.com
O15 - Trusted Zone: http://*.academic.com
O15 - Trusted Zone: http://www.jcp.com
O15 - Trusted Zone: http://www4.jcpenney.com
O15 - Trusted Zone: http://*.markchironna.com
O15 - Trusted Zone: http://www.ourweddingday.com
O15 - Trusted Zone: http://www.praiseonfire.com
O15 - Trusted Zone: http://www.rismixlive.com
O15 - Trusted Zone: http://*.streamingfaith.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://hfscmcbt2.health-first.org/WebPlaye...cab/awswaxd.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126375424209
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184015247627
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrow...MINIBrowser.CAB
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {FDB7D9FB-3A4C-42A2-B9D7-5582C3040832} (EAFetch3.FetchData3) - http://hfscmcbt2.health-first.org/EAFetch3/EAFetch3.CAB
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\WINDOWS\CBTWlanSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 15772 bytes

Due, in part, to the large numbers of HJT logs being posted, there are four things that you need to be aware of.

1) If you have already posted this log at another forum, you need to post here that you have done so and this topic will be closed.
Multiple posting not only ties up valuable resources, but could also result is some unpleasant side-effects for your system if you follow two sets of instructions at the same time.
If, during research, an identical log is identified at another forum, this thread will be closed.

2) If you don't post a meaningful reply to any of my posts within five days, this thread will be closed. Due to limited free time, I can only have so many open threads at any one time and if yours isn't active, somebody else's will be.
If, by omission, the thread hasn't be closed after five days and you post, it will just serve as a reminder to me to close it.
Please note that "I just dropped in to say Hi!" isn't a meaningful reply!

3) Malware removal is a tricky business, and malware writers don't tend to worry about the damage their creations do, so it is advisable to back-up all important files BEFORE we start. Although most cases have a successful conclusion, on occasion things don't go according to plan and it is better to be prepared for the worst.

4) Back-ups can get lost or damaged, so make two if the files are that important to you!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pay a visit to the Kaspersky Online Scanner 7 - I.E. is preferred for this scan.

• Read the Information panel and then click Accept.
• Allow the ActiveX download if necessary.
• Both the anti-virus engine and database will need to be downloaded, which may take a little time.
• Once this has been completed, select My Computer from the Scan section on the left hand side.
• Put the kettle on!
• Although it is recommended by Kaspersky that you should disable your anti-virus scanner before starting this scan, it should work OK with it still active - it does on my PC.
  Although you may find the scan speed increases if you carry out this step, I never like to disable my resident scanner while online, so I don't.
• When the scan has completed, click View scan report at the bottom.
• Click Save Report As...
• Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
• Click Save and pick a location for the file - the Desktop is always handy.

Copy and paste the report into your next reply along with a fresh HJT log, run in Normal Mode, and a description of how your PC is behaving.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Sec-Info.zip from here and save it to your Desktop. You will need to extract the file.

Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish

You should now see a folder with a .vbs file in it. Double click Sec-info.vbs to run it and a text file called Sec-Info.txt should be created in the same folder - either that or you'll get an error message.
Please copy and paste the contents of the text file into your next reply and then you can delete both of the folders and their contents.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run HJT and click on Open the Misc Tools section.

• Click Open Uninstall Manager...
• Click Save list... and save it to your Desktop.
• Copy and paste the file uninstall_list.txt into your next reply.

Thank you for your response. Have completed the three steps you outlined and it appears that I am no longer experiencing the redirect problems with my IE Browsers when searching from either the Google website or my Google toolbar. Following are the results of the scans and the list you requested:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, June 2, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, June 02, 2009 04:25:06
Records in database: 2294249
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 80915
Threat name: 20
Infected objects: 167
Suspicious objects: 52
Duration of the scan: 05:50:49


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\053E3E1A Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\056F33E4 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\057507DD Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\059301BC Infected: Email-Worm.Win32.Bagle.gen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05BA7991 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05E41B63 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05EB6F5B Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06126730 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06363509 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\065D2CDE Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\066400D6 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06884EAF Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06AC1C87 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06AC1C87 Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06CC4063 Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06ED643F Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06ED643F Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\092A7941 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09656D00 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09763EEE Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09AD08B1 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09C1049B Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09E55274 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A16483E Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A391616 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A3D4013 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A610DEB Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A9203B5 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AB97B8A Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AD6756A Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AF46F4A Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C4A0A8D.tmp Infected: Trojan-Downloader.Win32.Agent.czl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1367184D Infected: Email-Worm.Win32.NetSky.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13776A3B Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\137E3E34 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13873C29 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\138B6626 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1848796D Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18EF56B6 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\18F62AAF Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19011962.tmp Infected: Trojan-Downloader.Win32.Tibs.kj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1913248E Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\193D465F Infected: Email-Worm.Win32.Mydoom.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19581643 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19783A1F Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\199F31F4 Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19C055D0 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19C055D0 Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19E179AC Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19E74DA5 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A054784 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\248C233C.zip Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27036B3E Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\274108FA Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27485CF2 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\278C4EA7 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27C06E6E Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28023626 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\282F01F3 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\288E438B Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\288E438B Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28BC0F59 Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28F3591C Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28F3591C Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\292878E2 Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\295544B0 Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29863A7A Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29863A7A Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29BB5A40 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29EC500B Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29F54E00 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A214B4C Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A311D3A Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A336BBC Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A336BBC Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A344737 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A3E452C Infected: Email-Worm.Win32.Mydoom.m 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A441925 Infected: Email-Worm.Win32.NetSky.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A4B6D1E Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A514116 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A58150F Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A5B3F0C Infected: Email-Worm.Win32.Mydoom.m 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A621305 Infected: Email-Worm.Win32.Mydoom.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A6866FD Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A750EEF Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A785D70 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A7938EB Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A7F0CE4 Infected: Email-Worm.Win32.Mydoom.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A8660DD Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AB3512F Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2AB67B2C Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D832DFD.tmp Infected: Trojan-Downloader.Win32.Diehard.br 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D8657F9.tmp Infected: Trojan-Downloader.Win32.Diehard.br 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2FAB1BD8.htm Infected: Trojan-Downloader.JS.Agent.kd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\309A389C.tmp Infected: Trojan-Downloader.Java.OpenStream.aa 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39443293 Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39857A4B Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39857A4B Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39C06E0A Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39C06E0A Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F40DD1 Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A132560 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A22599E Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A3E4732 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A464A2E.tmp Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A4B6F23 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A592361 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A632156 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A793AF1 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3A9A6B19 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AAA30BB Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AD4528C Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AD77C89 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AE630C7 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AEC04BF Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B054856 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B1F183A Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B2D4C78 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B363E20 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B626C3E Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B756829 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BB05BE8 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BDE27B6 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3BE47BAE Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C1F6F6E Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C4D3B3B Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C4D3B3B Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C7E3105 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C9800E9 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CC64CB6 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CF06E88 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D240E4E Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D28384B Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D550418 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D8025EA Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DBB19A9 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DE86577 Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E163144 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E163144 Infected: Email-Worm.Win32.NetSky.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A613489.tmp Infected: Email-Worm.Win32.Warezov.fb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A922A53.tmp Infected: Email-Worm.Win32.Warezov.fb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E716601.tmp Infected: Trojan.Win32.Pakes.bvm 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EA61A41 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EB76C2F Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4EC16A24 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55C578AD Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55F66E77 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56006C6C Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\562A0E3D Infected: Email-Worm.Win32.Mydoom.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\567C27E3 Infected: Email-Worm.Win32.NetSky.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\667866D9.tmp Infected: Trojan-Downloader.Win32.Diehard.bn 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C4E1674 Infected: Email-Worm.Win32.NetSky.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CF81DB9 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D291383 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D2F677C Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D533555 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D712F34 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DA54EFB Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DE042BA Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DE616B3 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E041093 Infected: Email-Worm.Win32.NetSky.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E2B0867 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E35065D Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E52003C Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E8949FF Infected: Email-Worm.Win32.NetSky.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EAA6DDB Infected: Email-Worm.Win32.Mydoom.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ED839A9 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F025B7A Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F060577 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F29534F Infected: Email-Worm.Win32.Mydoom.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F571F1D Infected: Email-Worm.Win32.Mydoom.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F7842F9 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F9212DC Infected: Email-Worm.Win32.Mydoom.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7083605A.tmp Infected: Trojan-Downloader.Win32.Diehard.r 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\765F30D3 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\766C58C4 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\767556BA Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76837EAB Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\768628A8 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\768C7CA1 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76967A96 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76992492 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76A0788B Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76A64C84 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78320914 Infected: Email-Worm.Win32.NetSky.d 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\786054E2 Infected: Email-Worm.Win32.Mydoom.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\788A76B3 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78C56A72 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78E33D0A.tmp Infected: Trojan-Downloader.Win32.Diehard.br 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79103020 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\795277D8 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79681DBF Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\798C6B97 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79B4636C Infected: Email-Worm.Win32.Mydoom.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DBD3CF7 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DF830B7 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7DFB5AB3 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E1C7E8F Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E494A5D Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E4C7459 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E77162A Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E9B6403 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E9E0DFF Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EBC07DF Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EFA259B Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7EFD4F97 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F1A4977 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F384356 Infected: Email-Worm.Win32.Mydoom.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F4E693D Infected: Email-Worm.Win32.Mydoom.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F6F0D19 Infected: Email-Worm.Win32.Mydoom.l 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F8D06F9 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FA002E3 Infected: Email-Worm.Win32.Bagle.z 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FC126BF Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FC77AB8 Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FE57498 Infected: Email-Worm.Win32.NetSky.q 1
C:\Documents and Settings\Jacqulyn Hopper\Local Settings\Temp\c.exe Infected: Net-Worm.Win32.Koobface.lr 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1112\A0149258.exe Infected: Net-Worm.Win32.Koobface.lr 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1113\A0149284.dll Infected: Trojan.Win32.BHO.tli 1
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1113\A0149286.dll Infected: Trojan.Win32.BHO.tli 1

The selected area was scanned.

********************************************************************************
*************************************

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:25:21 AM, on 6/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\CBTWlanSrv.exe
c:\program files\linksys\wpc54gv3\wpc54gv3.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.praiseonfire.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTPCMCIASBUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\\Kirkwood-pc\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "\\Kirkwood-pc\EPSON Stylus Photo R200 Series" /O22 "\\POFR-LAPTOP\AutoEPSO" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on Kirkwood-pc] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P50 "Auto EPSON Stylus Photo R200 Series on Kirkwood-pc" /O22 "\\KIRKWOOD-PC\EPSONSty" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [\Kirkwood-pc\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "\\Kirkwood-pc\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Auto Auto Auto EPSON Stylus Photo R200 Series on Kirkwood-pc on POFR-LAPTOP on KIRKWOOD-PC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P90 "Auto Auto Auto EPSON Stylus Photo R200 Series on Kirkwood-pc on POFR-LAPTOP on KIRKWOOD-PC" /O22 "\\KIRKWOOD-PC\AutoAuto" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzed055DIUS_ZN
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www2.academic.com
O15 - Trusted Zone: http://*.academic.com
O15 - Trusted Zone: http://www.jcp.com
O15 - Trusted Zone: http://www4.jcpenney.com
O15 - Trusted Zone: http://*.markchironna.com
O15 - Trusted Zone: http://www.ourweddingday.com
O15 - Trusted Zone: http://www.praiseonfire.com
O15 - Trusted Zone: http://www.rismixlive.com
O15 - Trusted Zone: http://*.streamingfaith.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://hfscmcbt2.health-first.org/WebPlaye...cab/awswaxd.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126375424209
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184015247627
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrow...MINIBrowser.CAB
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {FDB7D9FB-3A4C-42A2-B9D7-5582C3040832} (EAFetch3.FetchData3) - http://hfscmcbt2.health-first.org/EAFetch3/EAFetch3.CAB
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\WINDOWS\CBTWlanSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 15658 bytes

********************************************************************************
*************************************

Sec-Info.txt

Company Name: Symantec Corporation
AV Name: Norton Internet Security
Version Number: 15.5.0.23
On-Access Scanning Enabled: Yes
Product up-to-date: Yes

~~~~~~~~~~~~~~~~~~~~~~~~

Company Name: Symantec Corporation
Firewall Name: Norton Internet Security
Version Number: 15.5.0.23
Enabled: Yes

~~~~~~~~~~~~~~~~~~~~~~~~


********************************************************************************
*************************************

UnInstall List

AccessDirect
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.8
Adobe Shockwave Player
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
AppCore
Audio Record Wizard v2.7
BCM V.92 56K Modem
Broadcom Management Programs
ccCommon
Component Framework
Creative MediaSource
Creative System Information
Creative WebCam NX Pro Driver (1.03.03.0326)
Critical Update for Windows Media Player 11 (KB959772)
dBpowerAMP Music Converter
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hardwood Solitaire III Lite
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Deskjet 460
HP Deskjet 460 Series
Intel® Extreme Graphics 2 Driver
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 11
Jasc Digital Camera Support v5.01
Java 2 Runtime Environment, SE v1.4.2_03
Java™ 6 Update 5
Learn2 Player (Uninstall Only)
Libronix Digital Library System
LiveUpdate (Symantec Corporation)
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Flash Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Norton AntiVirus
Norton AntiVirus Help
Norton Confidential Core
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
Norton Security Scan
Norton Security Scan (Symantec Corporation)
Paint Shop Pro 7
PowerDVD 5.1
QBFC3.0
Quicken 2003 Premier Home & Business
QuickSet
QuickTime
RealPlayer
Roxio Media Manager
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Audigy 2
SPBBC 32bit
Spybot - Search & Destroy
STOIK Capturer
Symantec KB-DocID:2003093015493306
Symantec Real Time Storage Protection Component
Synaptics Pointing Device Driver
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Winamp
Windows Genuine Advantage v1.3.0254.0
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 12
WPC54Gv3 - WPC54Gv3

Your version of Sun Java needs updating:

1) Go here and click on the Windows XP/Vista/2000/2003 Offline link in the Windows section near the top and save it to your Desktop.

2) Download JavaRa from here and save it to your Desktop.
You will need to extract the file(s):
Right click on the zipped folder and from the menu that appears, click on Extract All...
In the 'Extraction Wizard' window that opens, click on Next> and in the next window that appears, click on Next> again.
In the final window, click on Finish

***Please close any instances of Internet Explorer before continuing!***

• Double-click JavaRa.exe to begin.
• Pick your prefered language from the drop-down menu and click Select.
• Click on Remove Older Versions to remove older version of Java - obvious really, isn't it!
• Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
• A logfile will pop up. Please save it to a convenient location, just in case you have any problems with Java afterwards.

3) Run the installer that you downloaded earlier.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We'll run one last scan to see if anything else is taking up hard drive space, and if all is well a little housework will see you on your way.

Download Malwarebytes' Anti-Malware from here and save it to your Desktop - unless you already have it, in which case skip to the "updating" bit below.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware and then click Finish.
• If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
• Once the program has loaded, select Perform full scan and then Scan.
• When the scan has finished, click OK and then Show Results to view the results - no surprise there!
• If MBAM finds anything, check the box(es) and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Let me have the MBAM log, a fresh HJT log (run in Normal Mode) AND a description of how your PC is behaving.

Okay.... Above instructions have been executed. Malwarebytes actually found quite a bit of junk which was removed. Following are the requested logs:

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.37
Database version: 2233
Windows 5.1.2600 Service Pack 3

6/5/2009 11:47:15 AM
mbam-log-2009-06-05 (11-47-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 171555
Time elapsed: 1 hour(s), 29 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\rt586.rt586mgr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rt586.rt586mgr.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2267f93c-600c-420e-a229-3317aadd3951} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\SYSTEM32\sysloc (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1113\A0149284.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b37680b2-ba0a-4e5d-bf30-83e44c588624}\RP1113\A0149286.dll (Trojan.BHO) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122713.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122739.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\487656.bat (Malware.Trace) -> Quarantined and deleted successfully.

HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:08 AM, on 6/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\WINDOWS\CBTWlanSrv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
c:\program files\linksys\wpc54gv3\wpc54gv3.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.praiseonfire.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTPCMCIASBUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [\\Kirkwood-pc\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "\\Kirkwood-pc\EPSON Stylus Photo R200 Series" /O22 "\\POFR-LAPTOP\AutoEPSO" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo R200 Series on Kirkwood-pc] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P50 "Auto EPSON Stylus Photo R200 Series on Kirkwood-pc" /O22 "\\KIRKWOOD-PC\EPSONSty" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [\Kirkwood-pc\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P44 "\\Kirkwood-pc\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Auto Auto Auto EPSON Stylus Photo R200 Series on Kirkwood-pc on POFR-LAPTOP on KIRKWOOD-PC] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P90 "Auto Auto Auto EPSON Stylus Photo R200 Series on Kirkwood-pc on POFR-LAPTOP on KIRKWOOD-PC" /O22 "\\KIRKWOOD-PC\AutoAuto" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB002" /M "Stylus Photo R200"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzed055DIUS_ZN
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www2.academic.com
O15 - Trusted Zone: http://*.academic.com
O15 - Trusted Zone: http://www.jcp.com
O15 - Trusted Zone: http://www4.jcpenney.com
O15 - Trusted Zone: http://*.markchironna.com
O15 - Trusted Zone: http://www.ourweddingday.com
O15 - Trusted Zone: http://www.praiseonfire.com
O15 - Trusted Zone: http://www.rismixlive.com
O15 - Trusted Zone: http://*.streamingfaith.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://hfscmcbt2.health-first.org/WebPlaye...cab/awswaxd.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1126375424209
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184015247627
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrow...MINIBrowser.CAB
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {FDB7D9FB-3A4C-42A2-B9D7-5582C3040832} (EAFetch3.FetchData3) - http://hfscmcbt2.health-first.org/EAFetch3/EAFetch3.CAB
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\WINDOWS\CBTWlanSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MySQL - Unknown owner - C:\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 15815 bytes


The computer is surfing the internet just fine. No browser hijacking going on. Google search is also functioning as it should. A question though: The computer still seems to be running slow. In my research about this whole mess, (which, in my limited knowledge, really means nothing) I found places (like ProcessLibrary.com) which say that the isass.exe process running on my computer is a virus. I've not done anything these websites say to do....but, is there a safe way for me to scan and terminate processes I have running that are not necessary and may be eating up system resources and to keep them from starting up again? Thank you for your help.

This post has been edited by Levite: Jun 5 2009, 11:25 AM

A little light reading: http://en.wikipedia.org/wiki/Homoglyph
Owing to the similarity in a lowercase l (el) and an uppercase I (eye), a nasty file may be mistaken for a legitimate one. lsass and ISASS are seen by a human eye as the same but aren't, as the first letter of each is different - shame on naughty malware writers.
One way to to identify files is by right clicking them and selecting Properties from the menu that appears. There's all sorts of info in there that will help you tell legit from malicious. If in doubt, don't delete!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


You can have my reasonably priced speed issues post:

The difficulty with speed issues is that it is hard to nail down the exact cause. The following steps will serve as a spring clean for your PC. Not all of them will be of benefit to your PC as this is a general post, but the overall effect should be positive.

1) Go to Start > Control Panel > Add/Remove Programs and remove any programs that you no longer use and then reboot your PC.

2) Download ATF Cleaner by Atribune from here and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.

When you have finished, click on the Exit button in the Main menu.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please Note: This program is for Windows XP and Windows 2000 only.

3) Double click My Computer.
Right click the disc drive you wish to check.
Click Properties.
In the Properties dialog box, click the Tools Tab.
Under Error-checking, click the Check Now button.
In the "Check Disc Local Disk (C:)" dialog box, check both Automatically fix file system errors and Scan for and attempt recovery of bad sectors, and then click Start.

This will look for and attempt to repair any errors that your hard drive has.

4) Defragment your hard drive. A tutorial for disc defragmentation is available here.

5) Download and run StartUp Inspector.
This program will help you to decide exactly what programs you disable from running at startup.
The Readme.txt file included has instructions on how to use it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This will tidy out some odds and sods:

Download ATF Cleaner by Atribune from here and save it to your Desktop.
Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Java Cache

The rest are optional - if you want to remove the lot, check "Select All". Bear in mind that if you select the Cookies option that this will prevent the automatic logging in to any site that uses cookies to achieve this.
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program as a quick way to tidy those up as well.
When you have finished, click on the Exit button in the Main menu.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Your copy of Adobe Reader is out of date. You can get the latest version here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Let me know how you get on.

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.