Win32: Trojan Removable?

Running XP-Pro, have Avast, MS Anti-Spyware.  Delete this tmp file but reappears everytime I reboot.

Can this be removed?

The virus shows as:  Win32:Trojano .3099[TRJ]
The file is C:\Temp\.5.tmp
james7707Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

war1Commented:
Greetings, james7707 !

1. There are a number of virii with similar name to Win32:Trojan.  Run CCleaner in Safe Mode
http://www.ccleaner.com

which would remove the Temp file and all other temp file.

2. If no joy, run one of these online scans

Housecall Online Scan
http://housecall.antivirus.com
or
Panda Activescan
http://www.pandasoftware.com/products/activescan.htm
or
Symantec Security Check
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Then run Spy Sweeper and Ewido to remove trojans
Spy Sweeper
http://www.webroot.com/consumer/products/spysweeper
or
Ewido
http://www.ewido.net/en/

3. If still no joy, download HijackThis

http://www.majorgeeks.com/download3155.html

Run the program and you will find many entries. Most are OK. Post the log at http://www.hijackthis.de/ and click Analyse, Save.  Post a link to the saved list here.



Best wishes!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
james7707Author Commented:
Ran CCleaner. - NC

DL Hijack and
here are the results:

http://www.hijackthis.de/index.php#anl

and Log file:

Logfile of HijackThis v1.99.1
Scan saved at 1:24:16 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
D:\Programs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Programs\Logitech\Video\LogiTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
D:\Programs\ProSeries05\32bit\TaskSch.exe
C:\WINDOWS\crxf32.exe
D:\Programs\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\winib.exe
C:\Temp\57A.tmp.exe
C:\Temp\579.tmp.exe
D:\Programs\STOPzilla!\STOPzilla.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
d:\Programs\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Programs\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
D:\Programs\Adobe\Acrobat7\Reader\AcroRd32.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
C:\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Acrobat7\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3DC7127D-0920-C07C-7029-1A227A72D53E} - C:\WINDOWS\system32\sysbg32.dll
O2 - BHO: Class - {AE721233-0FEA-4847-4C92-FDF523518F56} - C:\WINDOWS\system32\appum.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Programs\STOPzilla!\SZIEBHO.dll
O2 - BHO: Class - {F5E4032F-B58E-1B79-B01F-22DB28518DF7} - C:\WINDOWS\sdkjo.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programs\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Programs\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ProTaskScheduler] D:\Programs\ProSeries05\32bit\TaskSch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Programs\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [winib.exe] C:\WINDOWS\system32\winib.exe
O4 - HKLM\..\Run: [579.tmp] C:\Temp\579.tmp.exe
O4 - HKLM\..\Run: [57A.tmp] C:\Temp\57A.tmp.exe
O4 - HKLM\..\Run: [579.tmp.exe] C:\Temp\579.tmp.exe
O4 - HKLM\..\Run: [57A.tmp.exe] C:\Temp\57A.tmp.exe
O4 - HKLM\..\Run: [STOPzilla] D:\Programs\STOPzilla!\STOPzilla.exe /autostart
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programs\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Eagle Listener.lnk = D:\Programs\3apps\Catapult\3listen.exe
O4 - Startup: Eagle Scheduler.lnk = D:\Programs\3apps\Catapult\Sched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Adobe\Acrobat7\Reader\reader_sl.exe
O4 - Global Startup: HP LaserJet Director.lnk = D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SonicWALL VPN Client.lnk = D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134803696578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ceder.us/Remote/msrdp.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\crxf32.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe





war1Commented:
Here is the analyzed log
http://hijackthis.de/logfiles/cb5a67c7f1e73907e1389428acd59959.html

You have a number of problems.  Navigate to this key and delete this file

C:\WINDOWS\crxf32.exe
C:\WINDOWS\system32\winib.exe

Checked these items in HijackThis log and clicked "Fixed Checked"

C:\WINDOWS\crxf32.exe
C:\WINDOWS\system32\winib.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net                 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net               
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net               
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net               
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\vncvt.dll/sp.html#88449%resultposition.net               
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {3DC7127D-0920-C07C-7029-1A227A72D53E} - C:\WINDOWS\system32\sysbg32.dll
O2 - BHO: Class - {F5E4032F-B58E-1B79-B01F-22DB28518DF7} - C:\WINDOWS\sdkjo.dll
O4 - HKLM\..\Run: [winib.exe] C:\WINDOWS\system32\winib.exe
O4 - HKLM\..\Run: [579.tmp] C:\Temp\579.tmp.exe                 
O4 - HKLM\..\Run: [57A.tmp] C:\Temp\57A.tmp.exe               
O4 - HKLM\..\Run: [579.tmp.exe] C:\Temp\579.tmp.exe               
O4 - HKLM\..\Run: [57A.tmp.exe] C:\Temp\57A.tmp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe                 
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe               
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)               
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F蛷#滓齡`I) - Unknown owner - C:\WINDOWS\crxf32.exe

Have you run Ewido to clean your system of trojans?
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

rpggamergirlCommented:
That's a Home Search Assistant that you have there.

Download AboutBuster:
http://www.malwarebytes.org/AboutBuster.zip
Once downloaded, unzip it, and put the folder on your desktop. Then double-click on the AboutBuster icon to start the program.
Click Begin Removal.
Click Yes. This will shutdown all open Internet Explorer windows.
When the scan is done, click Ok.


You should also disable the bad service:"Remote Procedure Call (RPC) Helper"
Go to START > RUN > type in

services.msc

Hit OK
In the next window, look on the right hand side for this service name:
Remote Procedure Call (RPC) Helper <-- make sure it has the word Helper in it
Double click on it and STOP the service -- If running.
In the drop down menu, change the startup type to "Disabled"

Post the link to a new Hijackthis log after.
rpggamergirlCommented:
More bad entries here you need to include in the entries to fix:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: Class - {AE721233-0FEA-4847-4C92-FDF523518F56} - C:\WINDOWS\system32\appum.dll
james7707Author Commented:
NO DID NOT RUN EDWIDO... TRIED RPGGAMEGIRL SUGGESTION FIRST.

Download AboutBuster:
http://www.malwarebytes.org/AboutBuster.zip
Once downloaded, unzip it, and put the folder on your desktop. Then double-click on the AboutBuster icon to start the program.
Click Begin Removal.
Click Yes. This will shutdown all open Internet Explorer windows.
When the scan is done, click Ok.

COMPLETED.


You should also disable the bad service:"Remote Procedure Call (RPC) Helper"
Go to START > RUN > type in

services.msc - FILE NOT FOUND

Hit OK
In the next window, look on the right hand side for this service name:
Remote Procedure Call (RPC) Helper <-- make sure it has the word Helper in it
Double click on it and STOP the service -- If running.
In the drop down menu, change the startup type to "Disabled"

Post the link to a new Hijackthis log after.
 
Comment from rpggamergirl
Date: 12/31/2005 03:48PM PST
 Comment  


More bad entries here you need to include in the entries to fix:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

NOT FOUND

O2 - BHO: Class - {AE721233-0FEA-4847-4C92-FDF523518F56} - C:\WINDOWS\system32\appum.dll

DELETED
 
RAN AVAST - RESULTS NO INFECTED FILES FOUND IN MEMORY, SCAN C: NO INFECTED FILES.

WILL RUN COMPLETE SCAN TONIGHT, IF OK WILL AWARD 200 - WAR1 300 - RPGGAMEGIRL BY 1/2/06.  AM VERY CAUTIOUS ABOUT DELETING THESE FILES:

C:\WINDOWS\crxf32.exe
C:\WINDOWS\system32\winib.exe

EVERYTHING SEEMS FINE AT THE MOMENT...WHO KNOWS HOW IT WILL BE IN 2006!

THANKS TO BOTH OF YOU AND HAPPY NEW YEAR!

HERE IS MY CURRENT LOG AFTER RUNNING HIJACK:

Logfile of HijackThis v1.99.1
Scan saved at 4:05:28 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
D:\Programs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Programs\Logitech\Video\LogiTray.exe
D:\Programs\ProSeries05\32bit\TaskSch.exe
D:\Programs\Logitech\iTouch\iTouch.exe
d:\Programs\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programs\Adobe\Acrobat7\Reader\reader_sl.exe
D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
D:\Programs\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Acrobat7\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3DC7127D-0920-C07C-7029-1A227A72D53E} - C:\WINDOWS\system32\sysbg32.dll (file missing)
O2 - BHO: Class - {AE721233-0FEA-4847-4C92-FDF523518F56} - C:\WINDOWS\system32\appum.dll (file missing)
O2 - BHO: Class - {F5E4032F-B58E-1B79-B01F-22DB28518DF7} - C:\WINDOWS\sdkjo.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programs\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Programs\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ProTaskScheduler] D:\Programs\ProSeries05\32bit\TaskSch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Programs\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [579.tmp] C:\Temp\579.tmp.exe
O4 - HKLM\..\Run: [57A.tmp] C:\Temp\57A.tmp.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programs\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Eagle Listener.lnk = D:\Programs\3apps\Catapult\3listen.exe
O4 - Startup: Eagle Scheduler.lnk = D:\Programs\3apps\Catapult\Sched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Adobe\Acrobat7\Reader\reader_sl.exe
O4 - Global Startup: HP LaserJet Director.lnk = D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SonicWALL VPN Client.lnk = D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134803696578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ceder.us/Remote/msrdp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

DO I STILL NEED TO DELETE ANY OF THESE EVEN THOUGH IT APPEARS TO BE WORKING?

war1Commented:
Here is your analyzed log
http://hijackthis.de/logfiles/686edc87af363098bb9798a60428c9d1.html

Your HijackThis log looks much cleaner. Did you try to remove the following files previously and they came back?  PartyPoker is not giving your popups or redirecting your page?  You should get rid of PartyPoker.

O4 - HKLM\..\Run: [579.tmp] C:\Temp\579.tmp.exe
O4 - HKLM\..\Run: [57A.tmp] C:\Temp\57A.tmp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe                 
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe
rpggamergirlCommented:
C:\Temp <-- you need to empty this folder, delete everything in it but not the folder itself.

Or use CleanUp to clean your temp files.
Download CleanUp
http://www.stevengould.org/software/cleanup/download.html
Now run the "CleanUp" program:

CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

These files below are bad and belong to Home Search assistant: About Buster, CoolWebshredder or Ewido should have gotten rid of them.

C:\WINDOWS\crxf32.exe
C:\WINDOWS\system32\winib.exe

HSA is sometimes hard to remove and they come back, if they do we'll provide a very detailed steps if that happens, IE and windows explorer mustn't be open once you start cleaning them up.

Keep us updated.
Happy New Year!

james7707Author Commented:
Your HijackThis log looks much cleaner. Did you try to remove the following files previously and they came back? NO..HAVE REMOVE THEM NOW AS INDICATED BELOW.

PartyPoker is not giving your popups or redirecting your page?  You should get rid of PartyPoker.

O4 - HKLM\..\Run: [579.tmp] C:\Temp\579.tmp.exe
O4 - HKLM\..\Run: [57A.tmp] C:\Temp\57A.tmp.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe              
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Programs\PartyPoker\PartyPoker.exe

DELETED THE ABOVE FILES....WHY PARTYPOKER THIS IS MY PASTTIME...ANYWAY I CAN KEEP IT OR SHOULD I CONSIDER ANOTHER ONLINE POKER SITE?

Logfile of HijackThis v1.99.1
Scan saved at 5:06:02 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
D:\Programs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Programs\Logitech\Video\LogiTray.exe
D:\Programs\ProSeries05\32bit\TaskSch.exe
D:\Programs\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
d:\Programs\Logitech\MouseWare\system\em_exec.exe
D:\Programs\Adobe\Acrobat7\Reader\reader_sl.exe
D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
D:\Programs\Logitech\Video\FxSvr2.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hppapml0.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Acrobat7\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {3DC7127D-0920-C07C-7029-1A227A72D53E} - C:\WINDOWS\system32\sysbg32.dll (file missing)
O2 - BHO: Class - {F5E4032F-B58E-1B79-B01F-22DB28518DF7} - C:\WINDOWS\sdkjo.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programs\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Programs\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ProTaskScheduler] D:\Programs\ProSeries05\32bit\TaskSch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Programs\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programs\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Eagle Listener.lnk = D:\Programs\3apps\Catapult\3listen.exe
O4 - Startup: Eagle Scheduler.lnk = D:\Programs\3apps\Catapult\Sched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Adobe\Acrobat7\Reader\reader_sl.exe
O4 - Global Startup: HP LaserJet Director.lnk = D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SonicWALL VPN Client.lnk = D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134803696578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ceder.us/Remote/msrdp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Temp <-- you need to empty this folder, delete everything in it but not the folder itself. OK DONE EXCEPT FOR THESE CANNOT BE DELETED:

Temporary Internet Files Folder
Iadhide4.dll

Or use CleanUp to clean your temp files.  RAN THIS PROGRAM.
Download CleanUp
http://www.stevengould.org/software/cleanup/download.html
Now run the "CleanUp" program:

CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

These files below are bad and belong to Home Search assistant: About Buster, CoolWebshredder or Ewido should have gotten rid of them.

C:\WINDOWS\crxf32.exe - GONE
C:\WINDOWS\system32\winib.exe - GONE

HSA is sometimes hard to remove and they come back, if they do we'll provide a very detailed steps if that happens, IE and windows explorer mustn't be open once you start cleaning them up.

THANKS TO BOTH OF YOU..ANYTHING ELSE I NEED TO DO...SEEMS TO BE WORKING FINE!
war1Commented:
James,

Here is your analyzed log.
http://hijackthis.de/logfiles/5767d69d913e04e08de1caa674850e71.html

The log looks clean.  Congratulations!  

PartyPoker is a source of adware.  If you installed it, and is not causing you other problems, you can keep it.
rpggamergirlCommented:
>>DELETED THE ABOVE FILES....WHY PARTYPOKER THIS IS MY PASTTIME...ANYWAY I CAN KEEP IT OR SHOULD I CONSIDER ANOTHER ONLINE POKER SITE?<<
Sure keep it, that was not the caused of your problems.

There is a new exploit, WMF exploit, be careful it's easy to get infected with that new exploit even with the fully patched SP2

You can fix these entries, these are just registry clutters now.
O2 - BHO: Class - {3DC7127D-0920-C07C-7029-1A227A72D53E} - C:\WINDOWS\system32\sysbg32.dll (file missing)
O2 - BHO: Class - {F5E4032F-B58E-1B79-B01F-22DB28518DF7} - C:\WINDOWS\sdkjo.dll (file missing)

>>OK DONE EXCEPT FOR THESE CANNOT BE DELETED:
Temporary Internet Files Folder
Iadhide4.dll<<

What's the exact path to that file?
Maybe it needs to be stripped of all attributes before it can be deleted.

Or.
Instead of deleting the file, disable it by removing all permissions.  
Right click on the file and select Properties > Security > Advanced.
Uncheck "Inherent from parent" and remove other permissions.  

If you are using XP Home, you need to access the Security tab from Safe Mode.
If using XP Pro and security tab is not available, go to any folder and select Tools > Folder Options > View. Uncheck "Use simple file sharing".

Glad to hear everything is fine!
Good luck!
war1Commented:
James,

We have not heard from you in awhile. Did any comment help you solve your problem? Do you have any more questions? If an Expert helped you, please accept his/her answer above with an excellent or good grade.

Thanks, war1
james7707Author Commented:
You can fix these entries, these are just registry clutters now.
O2 - BHO: Class - {3DC7127D-0920-C07C-7029-1A227A72D53E} - C:\WINDOWS\system32\sysbg32.dll (file missing)
O2 - BHO: Class - {F5E4032F-B58E-1B79-B01F-22DB28518DF7} - C:\WINDOWS\sdkjo.dll (file missing)

DONE.

>>OK DONE EXCEPT FOR THESE CANNOT BE DELETED:
Temporary Internet Files Folder
Iadhide4.dll<<

What's the exact path to that file?  c:\TEMP
Maybe it needs to be stripped of all attributes before it can be deleted.  TRIED THIS NO CHANGE.

Or.
Instead of deleting the file, disable it by removing all permissions.  
Right click on the file and select Properties > Security > Advanced.
Uncheck "Inherent from parent" and remove other permissions.  TRIED THIS NC  

If you are using XP Home, you need to access the Security tab from Safe Mode.
If using XP Pro and security tab is not available, go to any folder and select Tools > Folder Options > View. Uncheck "Use simple file sharing".  TRIED THIS NC,

FOR IFFF FILE - STATES IT IS SYSTEM FILE CANNOT BE REMOVED.
FOR IDA..FILE - STATES ACCESS IS DENIED.

IF NO OTHER OPTION, JUST LEAVE IT SINCE EVERYTHING APPEARS TO BE WORKING CURRENTLY!

THANKS.





war1Commented:
James, is your computer running without adware issue?
james7707Author Commented:
Not sure what you mean...I believe so.....if your asking am I running an adware program the answer is no.
war1Commented:
James, I am asking if you have any more adware issue?  Looks like the comptuer is clean.
james7707Author Commented:
Here is my latest scan:

Logfile of HijackThis v1.99.1
Scan saved at 5:47:38 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
D:\Programs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\LVCOMSX.EXE
D:\Programs\Logitech\Video\LogiTray.exe
D:\Programs\Logitech\iTouch\iTouch.exe
d:\Programs\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programs\Logitech\Video\FxSvr2.exe
D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
D:\Programs\ProSeries05\32bit\tasksch.exe
C:\WINDOWS\system32\hppapml0.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Acrobat7\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] d:\Programs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HP SchedIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe
O4 - HKLM\..\Run: [HP AutoIndexer] d:\Programs\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Programs\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Programs\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ProTaskScheduler] D:\Programs\ProSeries05\32bit\TaskSch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] d:\Programs\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] D:\Programs\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Eagle Listener.lnk = D:\Programs\3apps\Catapult\3listen.exe
O4 - Startup: Eagle Scheduler.lnk = D:\Programs\3apps\Catapult\Sched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Programs\Adobe\Acrobat7\Reader\reader_sl.exe
O4 - Global Startup: HP LaserJet Director.lnk = D:\Programs\Hewlett-Packard\LaserJet 33xx\hppdirector.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SonicWALL VPN Client.lnk = D:\Programs\SonicWALL\SonicWALL VPN Client\SafeCfg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Programs\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - d:\Programs\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134803696578
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ceder.us/Remote/msrdp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - d:\Programs\SonicWALL\SonicWALL VPN Client\IreIKE.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Look clean to you?   I would say so but your the expert.  As for any other issues ran avast no errors.  So if you give the ok...will award the points.  

war1Commented:
James, here is analyzed log

http://hijackthis.de/logfiles/956b75b56315d9c92f06883ed63a9381.html

It looks clean. :-)
rpggamergirlCommented:
No malware in your log.

You can fix this entry though.
R3 - Default URLSearchHook is missing

If you use IE most of the time you should check about SpywareBlaster. It Protects you against activex based malware from installing into your system. It is not a resource hog because it protects you without it running in the background.
IE is my only browser and I have SpyWareBlaster installed.
http://www.javacoolsoftware.com/spywareblaster.html
james7707Author Commented:
No malware in your log.

You can fix this entry though.
R3 - Default URLSearchHook is missing

DONE

If you use IE most of the time you should check about SpywareBlaster. It Protects you against activex based malware from installing into your system. It is not a resource hog because it protects you without it running in the background.
IE is my only browser and I have SpyWareBlaster installed.
http://www.javacoolsoftware.com/spywareblaster.html

DONE

THANKS TO BOTH OF YOUR FOR ALL YOUR HELP!!!!!!!!!!!!
rpggamergirlCommented:
Hi James,
Did you mean to give all points to war1?
I was hoping you were happy with my help but obviously you weren't since you give all the points to war1 and none to me.
Good luck!
james7707Author Commented:
NOOOOOOOOOOOOOOOO!  MY INTENTION WAS TO SPLIT 50/50, AND I THOUGHT I ENTERED IT THAT WAY........CAN THIS BE FIXED!
war1Commented:
James, to change the grading, you need to post a note to the Community Support page with a link to this question.  The Community Support page link is in the upper right corner of this page.
james7707Author Commented:
done.
rpggamergirlCommented:
>>>MY INTENTION WAS TO SPLIT 50/50, AND I THOUGHT I ENTERED IT THAT WAY........CAN THIS BE FIXED!<<<

That is great! thank you so much James!
I knew you sound like a really nice guy, fair and just.
thanks again.

With SpywareBlaster, just check for updates every now and then, and click on "enable all protection".

Happy computing! :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.