tmstired

I originally contacted you yesterday afternoon. The AC -dapter on the laptop went out since that time and I had to go out and purchase a new one. I originally ran the Spybot and Anti-Malware yesterday afternoon before adapter problems. The laptop died during the Panda scan. This morning I started over again and have noticed that the problems have disappeared (no pop-ups, no black screen, and task manager is active again). I am including what I have thus far. I am running the Panda scan again; it is taking forever. Anti-Malware from yesterday: Malwarebytes' Anti-Malware 1.31 Database version: 1568 Windows 5.1.2600 Service Pack 2 12/29/2008 2:42:06 PM mbam-log-2008-12-29 (14-42-06).txt Scan type: Quick Scan Objects scanned: 60351 Time elapsed: 6 minute(s), 45 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 29 Registry Values Infected: 2 Registry Data Items Infected: 5 Folders Infected: 2 Files Infected: 30 Memory Processes Infected: C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\oincs.oinanalytics (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\oincs.oinanalytics.1 (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{f7fa36a4-3177-4b57-b9c1-e9c5b2e0d3a9} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b221e01-f517-4959-8c41-81948e7f2f17} (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{453f51e8-fef5-4c54-b136-944bf434360c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f6e0ef5f-5f03-43f9-8e02-bbaaa95eaa9c} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OINAnalytics (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\OINAnalytics.DLL (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Trojan.Agent) -> Data: digeste.dll -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009 (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. C:\WINDOWS\Xgeromucetuh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kmppifej.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ukntaj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dotxrdou.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\euiokf.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jkse73hedfdgf.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\mgjoxx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nnnOffcD.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cqmqqvjj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\eclalg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\efcBsQGV.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fmdmjr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ibnykrbx.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cnkxhpfj.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tqrtlqsh.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xxyyaYqr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ybujoatd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yxpokchs.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\zbbmll.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\aqpbouph.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\ekejy.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\digeste.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\oruocu.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\BM6340b67e.xml (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\BM6340b67e.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Anti-Malware from Today: Malwarebytes' Anti-Malware 1.31 Database version: 1568 Windows 5.1.2600 Service Pack 2 12/30/2008 4:47:21 AM mbam-log-2008-12-30 (04-47-21).txt Scan type: Quick Scan Objects scanned: 60509 Time elapsed: 7 minute(s), 42 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HiJackThis from Today: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:06:59 AM, on 12/30/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DellSupport\DSAgnt.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\LimeWire\LimeWire.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\AIM6\aolsoftware.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Tawni\Desktop\HiJackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file) R3 - URLSearchHook: Yahoo!

I am trying to remove, what I believe to be, spyware problems on my nephew's laptop. I am usually pretty good at this, but am not having much luck. There is anti-virus and spyware software installed, but I don't think he had the autoupdates turned on. A pop up is being displayed that says Warning! Security Report, etc. If you click here, it takes you to the real-av.org website to purchase the product. The desktop also turns black with a warning message about spyware displayed in the middle. Task manager and the desktop have been turned off. The programs that are already on the laptop detect many problems, but I can't get rid of the pop-up or the black desktop. The problem with task manager and the desktop are fixed temporary, however, they reappear at restrart. I see errors about pmsoftware.biz, win32/fakeinit...., and framwk32.dll, but not sure what to do. These are the problems I am still seeing; I have been successful in getting rid of several others. After reading messages and advice on many forums, I have downloaded your software. Any assistance you could provide, would be much appreciated.