I was surfing (with my Panda antivirus and firewall on) and suddenly got attacked. I lost access to over 400,000 files, had the statement "virus alert" added to all my incoming and outgoing emails and showing alongside the time in my toolbar. After following the instructions my neice sent me before posting this thread, I have less problems. Before I did the cleanups, I only had a few icons on the start menu (no "My Computer", "Search", "Control Panel", or "other programs". The only thing I can't seem to do is include the "uninstall list". During the cleaning, the only problem I encountered was when running the "Microsoft WIndows Malicious Software Removal Tool". The computer rebooted and said that I had just recovered from a vicious attack on Windows. I was able to complete this phase in the "Safe Mode". I am now going to attempt to put the logs in this thread, but I have never done this before. I know haw to attach files to emails. Thank you in advance for any assistance you can provide.

Looks as if a lot of the hardest work is done, good work. Just a bit more hopefully
Run that ESET Scanner (http://www.eset.com/onlinescan/) again and this time let if fix everything it finds.
The post back with that log and also include a HiJackThis (http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download) full system scan log.
Judy

I'll let the ESET scanner run while I'm at work tonight. I think you're saying run a new HijackThis scan and include the log. I tried to put everything I could in the original thread.

Thank You again,
John

I'll let the ESET scanner run while I'm at work tonight. I think you're saying run a new HijackThis scan and include the log. I tried to put everything I could in the original thread.

Thank You again,
John
Oh I know you did. You did fine. I just need to see a NEW HJT scan after you have scanned and FIXED with the ESET Scanner.

Well, I let the ESET do it's thing (it takes over two hours to scan all my computer) and I looked at the results, but couldn't access them or save them. I hope the HighJack scan I just did is all I need or I can do the ESET scan while I sleep today. The computer seems to acting normally. I'll do an antivirus scan (like that did a lot of good when I got infected) for GP.

Thank You Again,
John

Where is the new HJT log?

I tried three times to add it and it said invalid file. I saved it to my documents and clicked "add tags". What am I doing wrong?

Did you save it as a .txt file? If so then click Post reply and EITHER open your file and copy/paste your file into the post or click Manage Attachments. Then you can browse on the computer for the location of the file and Upload it. Close the window and submit reply.
You don't click Add Tags.

It is showing as a txt file. let me try one more time. if this doesn't work, I'll try doing the HighjackThis and posting directly into the post. And neither one is working. I tried to put the highjackthis into a file and send it and it wouldn't go into a file folder. what am I doing wrong?

I haven't a clue as to what you are doing or doing wrong. Don't put it into a file, just save it to the desktop. Is the log open in Notepad? If so go to Edit, Select All, Copy and then Pasted it into this thread.
Are you seeing an actual Text file in Notepad or are you seeing what my attachment looks like?
If that is all you are seeing then you are clicking the wrong button in HJT. You need to click the TOP button, Do a System Scan and Save a log file.
If you click that button then the file should be on the desktop. If you click the button to just Do a System Scan then you will NOT get a log file but only get what my attachment shows.

I have been clicking on the top "scan and save as txt log" on all my HijackThis scans. Yes, I have been getting the notepad log. I've saved it to the desktop this time (rather than a folder or "My Documents"). Let's hope it works this time. Okay, I clicked on "Manage Attachments" and tried to download and got the message that it is an invalid file (from desktop), then I went to the notepad, hit edit, select all, copy, and tried to paste it into the thread, but nothing happened. I am even running new logs, but cannot seem to send it. Maybe something is left from the virus that is preventing me from sending this like it prevented me from finding the corrupt file or using restore.

When the file is on the desktop does it have the extension .txt?
When you try to copy/paste are you certain that you have a cursor placed within the text box?
Just for an experiment try and rename that log file on the desktop by right clicking and choosing Rename. Call it dinger1948.txt

See if you can either upload or copy/paste it with the new name.

Also try renaming the HiJackThis program itself. Rename it to dinger1948scan.exe
Then try to run a Full System Scan and Save the log. See if that makes a difference.

Well, here goes something (I hope).It says it worked! We'll see.

That worked like a charm, just had to remove the .exe extension

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:12:25 AM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Browser Mouse\MOffice.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\CompuServe 2000a\cstray.exe
C:\Program Files\Browser Mouse\MOUSE32A.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\WebProxy.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: EarthLink BHO Guard - {00000000-0000-0000-0000-000000000002} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EarthLink ScamBlocker V3 - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program Files\EarthLink\Toolbar\EScamBlk.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: QXK Olive - {36D92B01-22BC-4FB7-A7AC-C574873FDDBE} - C:\WINDOWS\mesdxbrqmnx.dll (file missing)
O2 - BHO: EarthLink PopUp Blocker V2 - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink\Toolbar\ElnkPuB.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Earthlink Protection BHO - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program Files\EarthLink\Toolbar\ProtctIE.dll
O2 - BHO: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: Uninstall Legacy Earthlink Toolbar - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program Files\EarthLink\Toolbar\uninsttb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink\Toolbar\Toolbar.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponBarIE.dll (file missing)
O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: (no name) - {ABA69CF4-20FB-42CE-BB6D-B6171D64B8EC} - (no file)
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\MOffice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Loader] C:\WINDOWS\System\loader.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - .DEFAULT User Startup: discfix.lnk = C:\DELL\discfix.cmd (User 'Default user')
O4 - Global Startup: CompuServe 2000 Tray Icon.lnk = C:\Program Files\CompuServe 2000a\cstray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: EarthLink Yahoo Search - res://C:\Program Files\EarthLink\Toolbar\SearchUI.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.www.adobe%20flashplayer
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} - http://www.infospace.com/mypoints.main/tbar/mypointsSetup.exe
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {BE153019-DCDB-479E-827B-C2AAB8CDCA64} (OSDetect Control) - https://images.synovate.com/americas/5j6400/osdetect.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda antivirus + firewall 2008\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\psimsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus + Firewall 2008\TPSrv.exe

--
End of file - 11665 bytes

Am I done? I wish I knew how to read the HijackThis log, but I got this computer from my brother-in-law and he left a lot of files on it (even though he said he cleaned the hard drive). I truly appreciate all you have done for me. I have two coworkers that are having problems and are about to take their computers to repair shops (like I was). Thank you again, John

Know, sorry, not done. You need to run Malwarebytes' Anti-Malware again. Be sure to UPDATE the program BEFORE you run it. Do a FULL SYSTEM SCAN with it and have it FIX or REMOVE whatever it finds.
Reboot the computer.
Next please download, install, update SpyBot Search & Destroy (http://www.safer-networking.org/en/index.html)
DO NOT enable the TeaTimer portion of the program. Once it is installed and updated then run a full scan with it also. When it completes the scan then have it remove everything it finds.
Once you have done both of these scans then run a new scan with HJT and post the MBA-M log and the new HJT log.
I have two coworkers that are having problems and are about to take their computers to repair shops (like I was).
Hey, send them were...we work for free!:)
Judy

I'm doing my darndest to send them to you, but I can't get their email addresses. I will print out these posts and get them to try it. I'll run the malware and reboot. On the SpyBot Search & Destroy, there are three downloads offered-BN Fileforum, Security Wonks, and Freeware Archiv. Which one do I download?

Any one listed on Safer Networking (the Spybot program website) is fine or just scroll a little farther down that page and download from them.

Well, I finished the MBA-M scan and will download the first (BN File Forum). I tried to sleep for the past two hours, but had a headache so I'll let it scan while I sleep. I'm attaching the MBA-M log now in case I run into trouble like the last time. Thanx.

Help!! I downloaded SpyBot Search & Destroy, updated, and ran scan. When I tried to have it remove the 56 files (including an ieplugin-high-and ten trojan files, it wanted my registration. I have no idea what they need and, when I clicked on the help, my computer froze and I had to reboot. Do I need to but this even though it says freeware? I just had to buy a car, so money is just about non-existant.

This is a free program. I have never had it ask for a registration. Are you absolutely certain you installed the correct program?

See this from their website;
Our software is called Spybot - Search & Destroy and does not need any registration or password.
You don't have to pay $ for Spybot - Search & Destroy, it's freeware and does not need to be purchased.

Further please have a look at this link on our website:
http://www.safer-networking.org/en/news/2006-08-04.html

You did not get Spybot - Search & Destroy, but some other software of low quality, probably called SpyWareBot.
Our software does not need any registering to work.
Uninstall whatever it is you installed it is NOT Spybot - Search & Destroy. That is why I told you to scroll down and install it from THEIR website.

I installed from the web site and it came out SpyWare Doctor. I will uninstall and try again. Maybe I should try the second download (I did the first).

I installed from the web site and it came out SpyWare Doctor. I will uninstall and try again. Maybe I should try the second download (I did the first).
This is the .exe file just click to download HERE (http://www.spybotupdates.com/files/spybotsd160.exe)

Save the file to the desktop. Doubleclick to install. Once installed update it and then run it.

Well, I dood it. I clicked on the link you sent and it downloaded. I updated and cancelled the teatimer. I have to say that the teatimer wasn't on the first spyware download and it looks different. I'm scanning as I write this and I'll send more info (logs and such) when it's done. Thanx again.

I used the correct spybot search & destroy. It fixed 52 of 55 then rebooted and came back 0 problems. I am having trouble attaching the hijackthis.log again, but I'm going to try one more thing. Whatever happens, I greatly appreciate all your help. One of my coworkers just spent over $400 to have the Geek Squad fix his computer, but he may not have been able to get to you for help. A nasty virus attached itself to his hard drive through his antivirus. He couldn't get online or bring up his desktop. I'll try to talk to the other one tonight. Okay, I tried to put the log in the manage attachments and renaming it four different ways, but it just says invalid file on everything I throw at it.

THis is what it should be named. hjt.txt

Nothing else, just that, it has to end with .txt that was why you couldn't attach it before because you didn't have the correct file extension on it.

.txt

If you cannot attach it, open it up. Go up to the top and Choose Edit, Select All. Once all of it is highlighted then Right Click ANYWHERE in that highlighted text and choose Paste. Then come here, open a new post, put your cursor in anywhere and go up to Edit on your browser and choose Paste. That log should then appear in your post. Then click Submit Reply

I guess my mistake was that I kept it as a log file. It looks like it worked this time. Thank you, John:bliss:

First thing I see right away is you are running TWO antivirus programs;
panda antivirus + firewall AND Yahoo!\Antivirus. This is an ABSOLUTE NO-NO. The rule is ONE antivirus program and ONE firewall on a machine, NO MORE. You Choose...but one of these MUST be uninstalled immediately. Also check and see if you have the built in Windows Firewall Turned OFF, if it isn't then do so now.
If you want my recommendation then I would say UNINSTALL the Yahoo Antivirus, also possibly called eTrust™ EZ_Antivirus (http://home.ca.com/dr/sat5/ec_Main.Entry17c?SID=35715&SP=10023&PN=1&PID=671589&V1=671589&CID=179788&api1=78&api2=1&api3=&DSP=&CUR=840&PGRP=0&CACHE_ID=179788) and/or Computer Associates. You will have to look in your Add/Remove and see if any of these are listed. Also look in there for a listing of Yahoo Antivirus. I recommend this one because the Panda antivirus and firewall is a paid program and I don't want you to lose the money. Now if this, the Panda program, is just a Trial version then by all means Uninstall that one.
Don't just delete which ever you choose....UNINSTALL.

You also are running Spybot TeaTimer. That part of Spybot is more trouble than it is worth, TURN IT OFF.
To do this is very easy. (See my Attachments Below) Open Spybot. Go up to the top left and you will see a button marked Mode. Click. When it opens there click on Advanced.
When it goes to Advanced Mode then you will see three buttons at the bottom Left. Settings, Tools, Info and License. Click on Tools. On the left side you will see another group of 7 buttons. The second one down is Resident. Click. When Resident opens you will see two boxes in the middle with checkmarks in them. Resident SD Helper (Leave this checked) The next one is Resident TeaTimer...Take the checkmark OUT of there. Close the program.

Next I want you to run HiJackThis again. This time place checkmarks next to the following entries if they still exist;

O3 - Toolbar: MYPOINTS - {A057A204-BACC-4D26-CEC4-75A487FD6484} - C:\PROGRA~1\mypoints\mypoints.dll
O3 - Toolbar: (no name) - {ABA69CF4-20FB-42CE-BB6D-B6171D64B8EC} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)

Once you have placed the checkmarks then click the Fix Checked button on the lower right side.
Exit HJT.
Reboot the computer and then let us know how things are running.

Yesterday, I went in and uninstalled my Panda antivirus and firewall (three times). It had just expired and I figured that I would take your advice and go with the Yahoo antivirus. After I finished and rebooted, I was denied access to the internet completely. I tried all I knew to do, but could not even get on with dialup. I called AT&t's internet help line and (my first mistake) let the rep take control of my computer via remote. He found the Panda program had attached itself to the modem, Wireless router, and even the server. He went online and found a bunch of sites that complained about uninstalling Panda and a bunch of help sites. Instead of going to those sites, he went through the add/delete programs on the control panel. He could not find anything to uninstall, so he disabled the Panda clones. He then tried to install the AT&T/Yahoo antivirus program and it wouldn't install. His answer to this was to change my windows administrator signin on reboot. He got the antivirus program installed (after almost four hours), but now I can't get my old administrator name or signin back. I can't get into my Compuserve account other than to bring up the top toolbar (nothing comes up from anything I click-including the link to this thread. I lost all of My Documents, can't use any of the programs that you had me install, and have all new things on the start menu. The computer seems to be faster after all this, but I want all of my old things back. I did manage to complete all of the things you said to do on your last post:(

Do you know that password or did he change it and not tell you what it was?
You really need to call them back and tell them what happened, what the tech did and tell them now you can't access anything and you expect this to be corrected.

On my old signin, I had to enter a password. I did this after I got DSL since it's online 24/7. I think AT&T has gone the India route, since the tech had a distinct Indian accent. You would think that I could restore or delete his "temporary" administrator, but I'll have to call them tomorrow when I have all day. Thank you. :bow:

Dinger is the password for you actual computer or the password for you internet?
If this is only for your internet you should be able to change it, at least according to this page;

https://setup.bellsouth.net/wizlet/PWReset/welcomePrepare.do

If it is the actual computer password try the steps here;
http://www.kellys-korner-xp.com/win_xp_passwords.htm

I tried all the things in the link, but I can't uninstall Panda. I went to the Panda site, but haven't gotten an answer back. I've tried all the uninstall programs I could, but it hangs on like a dog to a bone.

Try doing it in Safe Mode

I went to search and put in panda and deleted all the files and folders. Of course, this is after I went in safe mode and did all the uninstalls again. I went through all the steps from Windows again and still can't get my old domaine login back. I know it exists because I found it (with all my documents and desktop icons). I never heard back from AT&T about the problem they caused. I guess I'll have to call a supervisor (used to be able to go to their office before the internet-hmmmm) and get the techs (the REAL techs) on it. For now, I can get to my primary email through AT&T. I ran the HJT and Malware programs again to make sure I didn't have any new issues. I also did a scan with the Yahoo antivirus-everything clean.:confused:

I will be very honest here Dinger1948, I have absolutely no clue what it is you are looking for.
You said;
His answer to this was to change my windows administrator signin on reboot.
Then you said I can't get into my Compuserve account other than to bring up the top toolbar (nothing comes up from anything I click-including the link to this thread. But then you tell us you were able to boot to safe mode and uninstall things...how did you sign into Windows then?
Then you tell us;still can't get my old domaine login back
I know it exists because I found it (with all my documents and desktop icons) This tells me that you WERE able to log into the user that was your original user name...You also tell us that you can access your mail via AT&T.
I am very sorry, but I have no idea what was done here...was the password for your internet changed or the actual password for the administrator of the entire computer changed? I really don't know how to help since I have no idea what was done. I am sorry, but you need to call, on the telephone, your internet provider since they are the ones that made the error and am afraid anything I could offer would make the situation worse. You said that you never heard back from AT&T about the problem they caused. Were they supposed to call you or email you? You need to call them back and insist on speaking to a supervisor.

I truly am sorry.

What happened was that after I rebooted, the windows symbol would come up on my monitor, I would be asked to sign in to Windows in order to get my desktop. I would put in my password and click on my user name. The AT&T rep created a "test" user id in "User Accounts" and downloaded the Yahoo antivirus. He said that after that was installed that I could go back in under my original User ID. The only trouble is that I can't re-sign into my old User ID, The "test" user became my administrator. I pulled up User ID's and found my old account listed (with all my icons and documents, but can't access them-just list them. I called and emailed AT&T with the problem, but I will have to call them again. I hope this clears things up. I can only sign on to my primary provider (CompuServe) on the old User ID.

If CompuServe iis your provider then why did you call AT&T in the first place? You should have called CompuServe. BUT...your IP address shows as AOL!

My primary server has been Compuserve for over ten years. My DSL is AT&T. I had cable for a while but the DSL is actually faster and cheaper than they were. Compuserve has to have dialup, cable, or DSL to connect. I get antivirus, email, and a home page with AT&T, but everyone in the family and my friends have the CompuServe email address, otherwise I would cancel that, too. I'm locked in at $14.95 a month on CompuServe, so it's not a costly thing to have. I hope that clears up my situation. Thank you again for all your help. Without it, I wouldn't even be able write this.