I am going crazy, at first my computer would not let me get past my home page with IE, It was freezing up and i would have to shut it off and restart, I ran the anti virus programs cleaned out all temp files and cockies and reset web still nothing, I tried firefox and now i am getting it to work except I cannot download anything from microsoft or even update my virus program...If i try to download anything I get the standard page that says - page not found -http 404......HELP.... I have windows xp

It appears that you are infected. First, open control panel and select Internet Options > Connections tab > LAN settings. Ensure there is a check mark in the automatically detect settings box and that there is not a check mark in the use Proxy settings. Next, click on the first link below and choose save. Save the file to your desktop for convenience. Click on the icon and let rkill run. This should end the process of the malware allowing you to download Malwarebytes from the second link. Update and choose quick scan of MBAM.* http://download.bleepingcomputer.com/grinler/rkill.com http://www.malwarebytes.org/

Thank you for your input, I am trying as you say but I cannot get into the Malwarebytes website the computer says it does not exist, I know its there because my other computer will let me in . I will keep trying untill I get any more suggestions thanks

Thank you for your input, I am trying as you say but I cannot get into the Malwarebytes website the computer says it does not exist, I know its there because my other computer will let me in . I will keep trying untill I get any more suggestions thanks You are very welcome. I first ask if you clicked on the rkill link as that should have ended the process of the infection. Second, try this: Start > Run > Type www.malwarebytes.org then press ok. let me know the results.Sometimes deciding which battle to fight is the biggest battle of all....

I appreciate the help, I tried this and get server not found, interesting no matter what i try it stops me from getting to any help sites, but it allows me to go to regular sites,

It sounds like some sort of Malware has installed a proxy server on your computer. You need to get rid of it. Go to Control Panel, switch to classic view (if it isn't in classic view already), and double click on Internet Options. Select the "Connections" tab, and click on the button that says "LAN Settings". Make sure the box is CHECKED that says "Autmoically detect settings", and make sure that the box that says "Use proxy server" is UNCHECKED. If the boxes are already checked correctly, then the malware is blocking you in some other way (perhaps by hijacking your DNS server settings). Try typing in http://69.162.79.74 instead of www.malwarebytes.org. Or click here (http://www.google.com/search?hl=en&safe=off&q=%2B%22mbam-setup.exe%22+%2B%22index+of%22&aq=f&aqi=&aql=&oq=) and see if you can download malwarebytes from one of the sites listed.

While malware does often change your internet settings to use a proxy, if , in fact, this was the case it would probably block access to all sites. The Internet Options settings do not differentiate between sites. The settings selected apply to all internet access. Click here to download HJTsetup.exe: Highjackthis download Click on "Download Now" Save HJTsetup.exe to your desktop. Double click on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there. At the final dialogue box click Finish and it will launch Hijack This. Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log. Click Save to save the log file and then the log will open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply. DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. DO NOT install or uninstall anything or otherwise make changes to your computer until we are finished with this process. Sometimes deciding which battle to fight is the biggest battle of all…..

I was able to download the malwarebytes by going in the way TomJaun suggested and I ran it and 2 files were removed, i then tried to go back to microsoft to update and everything is still the same alttthough I was able to update my anti virus which is micro trend, but it says everything is safe, which I know it is not, lol anyway it is looking a little better thanks to your help guys. here is the copy of the highjack . I have had it for today I wish I could take this thing home with me but ...I will check in on this tomorrow and try again....thank you all so much for your help Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 5:44:39 PM, on 2/24/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\S3trayp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [A_M_P_NET] C:\Program Files\AntiMalwarePro\AntiMalwarePro.exe O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5BCC24A7-7D3F-4CC9-AC86-4380FCD68D1E} (PCInfoOcxEN Control) - http://esupport.trendmicro.com/_layouts/1033/GetPCInfo.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab O16 - DPF: {6EBC6744-5383-4213-AD5E-66434ECA1812} (F-Secure Online Scanner Launcher) - http://download.sp.f-secure.com/ols/centurylink/fs/resources/fslauncher.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{92A2FE9B-3711-4D16-9A2B-AD7E6C4812C0}: NameServer = 93.188.162.103,93.188.166.85 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.103,93.188.166.85 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.162.103,93.188.166.85 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.103,93.188.166.85 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 6493 bytes oh, one more thing After downloading the malwarebytes program it asked to do an update...my computer would still not allow it so I ran the program as it was...

Thanks for posting posting the log. Please open Highjack This and choose "Do a system scan only". Locate the following entries and place a check mark in the respective box. Click "Fix Selected". Follow through with the confirmations to delete the entry. Open, update and choose a quick scan with Malwarebytes. O4 - HKCU\..\Run: [A_M_P_NET] C:\Program Files\AntiMalwarePro\AntiMalwarePro.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{92A2FE9B-3711-4D16-9A2B-AD7E6C4812C0}: NameServer = 93.188.162.103,93.188.166.85 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.162.103,93.188.166.85 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 93.188.162.103,93.188.166.85 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.103,93.188.166.85 Sometimes deciding which battle to fight is the toughest battle of all…..

Yeah, your DNS settings have been hijacked. You can either delete all of the O17 keys (using HiJackThis), or you can reset your browser settings to their default settings in the Tools/Options/Security menu of Internet Explorer.EDIT: Oh yeah. Ooops. I didn't pay enough attention to the whole log. Like Joel said, get rid of the HKEY_CURRENT_USER\..\RUN: AntiMalwarePro.exe. Then, restart the computer, and go and delete the actual file.That is the program that probably caused all of this mischief to begin with.

You Guys are AWESOME, i believe I am back to normal, my computer appears to be working properly, I am having to reset everything and run all my updates and all, It appears to be downloading properly and I guess I will know for sure in a day or so....THANK YOU ALL SO MUCH.....Al.

You Guys are AWESOME, i believe I am back to normal, my computer appears to be working properly, I am having to reset everything and run all my updates and all, It appears to be downloading properly and I guess I will know for sure in a day or so....THANK YOU ALL SO MUCH.....Al. I am happy I was able to assist you and appreciate the input from TomJuan as well. I would recommend you update your service pack from sp2 to sp3. I have no confirmation of this, but I have been told security updates for sp2 will end soon. I would also recommend you do a bootscan with a quality anti-virus program. I have never used Trend Micro so I am unsure if it has that option. If it doesn't I suggest you get one that does. I use Avast 5.0 for my security which has all the features I look for in a anti-virus. There is a free version for home users or a paid version for commercial usage. Keep Malwarebytes, update it prior to each scan and run it atleast once a week. Quick scans are always sufficient with Malwarebytes and even recommended by the maker of the software. Make sure you keep your java and adobe applications updated as well. Good luck and happy computing!! Joel avast! Internet Security - Antivirus and Anti-spyware with Firewall Edit: One final instruction, please clear all system restore points and create a new one. Sometimes deciding which battle to fight is the toughest battle of all…..

I have the same problem as ALHELP. I have followed TomJuan and joelj1964 and here is the log from Highjackthis. Can you tell me which files are harmful and should be removed?Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:13:14 PM, on 10/24/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\HPZipm12.exeC:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\system32\VTTimer.exeC:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\program files\common files\installshield\updateservice\issch.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\Program Files\Microsoft Security Essentials\msseces.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exeC:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exeC:\Program Files\HP\Digital Imaging\bin\hpqgalry.exeC:\WINDOWS\system32\VTTimer.exec:\windows\system\hpsysdrv.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Safari\Safari.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\explorer.exeC:\Documents and Settings\Compaq_Owner\My Documents\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2399412R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dllF3 - REG:win.ini: run=E:\setup.insO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Free TV Bar c3 Toolbar - {3ee8d0be-f450-4ef2-97b9-ac2222d14db3} - C:\Program Files\Free_TV_Bar_c3\tbFre1.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /runO4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exeO4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [VTTimer] VTTimer.exeO4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"O4 - HKLM\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -bO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -startO4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OMO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startupO4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkeyO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cO4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exeO4 - Global Startup: Event Reminder.lnk = ?O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exeO8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cabO16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.pw.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cabO16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.pw.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cabO16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?O17 - HKLM\System\CCS\Services\Tcpip\..\{8FE2AB5F-D3B2-4B36-A229-0A90257AB84A}: NameServer = 93.188.164.124,93.188.160.204O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.124,93.188.160.204O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.164.124,93.188.160.204O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.124,93.188.160.204O20 - AppInit_DLLs: winmm.dllO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exeO23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe --End of file - 11455 bytes

I have the same problem as ALHELP. I have followed TomJuan and joelj1964 and here is the log from Highjackthis. Can you tell me which files are harmful and should be removed?Thanks for posting. However, log files are no longer analyzed on Microsoft Answers. You are welcome to post the log file on my free computer support forum in the Virus/Malware section. You will be required to create an account prior to posting. This is to prevent spamming and drive-by posting. I did take a quick look at the log and your computer is very infected.Repair-Bots Online.ComI don't vote for myself I'm not here for the points. If this post helps you, vote. Visit my forum @ http://repairbotsonline.com/