CLTincknell

That fixed it, thank you so much. The link was broken because the forum shortens links to stop them from breaking the tables and when you copied the post you copied the shortened link.

The link you gave me has been shortened and gives me an error page. http://www.trendsecure.com/portal/en-US/th...p?page=download I followed it back to the TrendSecure website and to this page http://www.trendsecure.com/portal/en-US/do...ad/download.php From there I downloaded Trend Micro Internet Security 2007 [PC-cillin]. I looked over the site again and found this program http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php?page=download' rel="external nofollow">http://www.trendsecure.com/portal/en-US/th...p?page=download'>http://www.trendsecure.com/portal/en-US/th...p?page=download which matches the shortened URL. Here it is: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:32:57 PM, on 7/6/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\ps2.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\DOCUME~1\Colin\LOCALS~1\Temp\bwgo0000b1ac.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe C:\WINDOWS\system32\Tablet.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 85.17.40.71 oink.me.uk O1 - Hosts: 85.17.40.69 tracker.oink.me.uk O1 - Hosts: 85.17.40.70 irc.oink.me.uk O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [WUSB54Gv2] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [spywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] C:\Program Files\PCPitstop\Optimize\Reminder.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [none] C:\Program Files\Video ActiveX Object\pmsngr.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\aldknasd\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O17 - HKLM\System\CCS\Services\Tcpip\..\{137CB8D5-AA44-40E8-AD94-DA2BF980DD65}: NameServer = 71.243.0.12,71.250.0.12 O17 - HKLM\System\CCS\Services\Tcpip\..\{401C9CD0-868F-4C0B-8CC3-CE5362899864}: NameServer = 71.243.0.12,71.250.0.12 O17 - HKLM\System\CS1\Services\Tcpip\..\{137CB8D5-AA44-40E8-AD94-DA2BF980DD65}: NameServer = 71.243.0.12,71.250.0.12 O22 - SharedTaskScheduler: coronally - {1b17f1db-790e-4d42-8e0c-d4d19123ee5b} - C:\WINDOWS\system32\xnvaogd.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Lan Discover Agent (magaService) - Unknown owner - c:\Program Files\Sygate\SSA\maga\maga.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: WUSB54Gv2SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -- End of file - 8571 bytes

I can't upload files. Here it is copied from the Excel file. Virus Scan Logs 7/5/2007 BASEMENT2 Time Security Feature Source Type Virus Name File Name First Action Second Action 15:58 Manual Scan File JAVA_STREAM.AA Matrix.class (C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\6.0\12\7599fd0c-20e313c4) Quarantine Fail 15:58 Manual Scan File JAVA_BYTEVER.C Counter.class (C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\6.0\12\7599fd0c-20e313c4) Quarantine Fail 15:58 Manual Scan File JAVA_BYTEVER.A Parser.class (C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\6.0\12\7599fd0c-20e313c4) Quarantine Fail 15:58 Manual Scan File JAVA_BYTEVER.A Dummy.class (C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\6.0\12\7599fd0c-20e313c4) Quarantine Fail 15:58 Manual Scan File --- C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\6.0\12\7599fd0c-20e313c4 Quarantine Success 15:58 Manual Scan File JAVA_BYTEVER.DE C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\java.class-37cb8dd2-1800c17f.class Quarantine Success 15:58 Manual Scan File JAVA_STREAM.AA Matrix.class (C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv605.jar-1fe3f9bf-32d1b5b5.zip) Quarantine Fail 15:58 Manual Scan File JAVA_BYTEVER.C Counter.class (C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv605.jar-1fe3f9bf-32d1b5b5.zip) Quarantine Fail 15:58 Manual Scan File JAVA_BYTEVER.A Dummy.class (C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv605.jar-1fe3f9bf-32d1b5b5.zip) Quarantine Fail 15:58 Manual Scan File JAVA_BYTEVER.A Parser.class (C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv605.jar-1fe3f9bf-32d1b5b5.zip) Quarantine Fail 15:58 Manual Scan File --- C:\Documents and Settings\Colin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv605.jar-1fe3f9bf-32d1b5b5.zip Quarantine Success 16:14 File Monitor File WORM_SPYBOT.AVT C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP692\A0127004.exe Quarantine Success 16:18 Manual Scan File TROJ_Generic C:\Program Files\CureROM\C15EB51F.exe Quarantine Success 16:43 Manual Scan File TROJ_ZLOB.EAW C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP633\A0116580.exe Quarantine Success 16:43 Manual Scan File TROJ_ZLOB.BVP C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP633\A0116581.dll Quarantine Success 16:46 Manual Scan File TROJ_Generic C:\System Volume Information\_restore{B9823275-D858-498B-A4DC-C4EEDA322F67}\RP693\A0127020.exe Quarantine Success 16:59 Manual Scan File TROJ_FAKEALRT.N C:\WINDOWS\system32\1024\ld4E58.tmp Quarantine Success 17:00 Manual Scan File Possible_Zlob C:\WINDOWS\system32\ld101.tmp None Taken

That post isn't helpful. I already did those things except for posting the log. I can tell I'm not infection free because the task bar icon is still there.

I have this same problem and I have scanned with the programs you provided. A couple registry files were found and deleted but the alert is still there even after a restart.