On initial inspection, the following appears potentially suspicious to me. This doesn't mean they're bad, just that I don't recognize them as typical processes. You can google for information on them to be sure before going after them. I strongly suggest getting Spybot S&D from
http://security.kolla.de/ and getting the most recent definitions and scanning, to start with..
BTW- Welcome to Techspot maestra, baki03, and reginac!
Here's what I saw:
Running Processes:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msg9.tmp10868982351652.exe
C:\Program Files\WhenUSearch\Search.exe (I know this to be bad.)
C:\Documents and Settings\Administrator\Application Data\DownloadPlus.exe
C:\WINNT\repair\webutil.exe
These registry objects are suspicious as well:
O3 - Toolbar: I-Lookup.com Bar - {6EF3AE25-5A7D-40C2-9B44-9ED0068621C0} - C:\WINNT\System32\windec32.dll (I know this to be bad.)
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINNT\System32\winb2s32.dll (I know this to be bad.)
O4 - HKLM\..\Run: [mswspl] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msg9.tmp10868982351652.exe
O4 - HKLM\..\Run: [WhenUSave] C:\Program Files\Save\Save.exe
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKCU\..\Run: [WeatherCast] C:\PROGRA~1\WEATHE~1\Weather.exe /q (Has been said to contain ad/spyware- unconfirmed)
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Administrator\Application Data\DownloadPlus.exe
O16 - DPF: {E2F2B9D0-96B9-4B25-B90C-636ECB207D18} -
http://www.whenusearch.com/WUInstSEWC.cab
That being said, a quick google makes me think you have 1. Adware. 2. A virus. 3. Probably more than 1 of each.
Try spybot and adaware, as well as Trend Microsystem's online scanner at
http://housecall.antivirus.com/housecall/start_frame.asp and see if that helps any.
Also, several of those adware bars can be removed by finding them in the add/remove programs section of your control panel. Read the prompts carefully- the programs usually have several of them, and try to trick you into clicking something to leave them on the system.
Hope this helps everyone!
Edit: MORE INFO!
http://www.liutilities.com/products...sslibrary/save/
See there for info about save.exe... it's a baddie, nuke it! Note: I do NOT recommend the softeare they advertise there. Just posted here for info that it's a bad guy. EDIT: See below for more info on this beast.
http://www.doxdesk.com/parasite/DownloadPlus.html
Download plus gets the axe as well