Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Don't Know The Type Of Infection...lots Of Different Information


  • Please log in to reply
1 reply to this topic

#1 mamalove

mamalove

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 29 July 2008 - 02:08 AM

Hi, My computer has been having pop-up windows for some time, but recently, it became totally disabled. Many of my settings were changed and when I tried to change them back, I got a message saying that the "system administrator" (which is me) had disabled my access to, for instance, Task Manager. My Computer doesn't even LIST my C Drive or my D Drive. Every time I open IE my homepage pops up for just a second and then is taken over by another page, which says:

Insecure Internet activity. Threat of virus attack
Due to insecure Internet browsing your PC can easily get infected with viruses, worms and trojans without your knowledge, and that can lead to system slowdown, freezes and crashes.
Also insecure Internet activity can result in revealing your personal information.
To get full advanced real-time protection for PC and Internet activity, register KvmSecure.
We recommend you to protect your PC now and continue safe Internet browsing.
Click here to get full advanced real-time protection and continue browsing.
Continue to this website unprotected (not recommended).

The address bar still has my homepage address in it, but this is the window. If I do click on "Continue to website unprotected" nothing happens, the page just stays there.

I also have been getting various error reports upon start up that say a variety of dll files are missing.

I have run many anti-spyware programs, including CounterSpy, AVG Anti-Virus, Spybot, and CCleaner. Online I did the Kaspersky scan, but it said I didn't have any spyware! Hijack This gave me a message that said it shouldn't perform a backup because I had an unusually large amount of problems and I should consider deleting my Hosts file. I don't know enough about it to try that without help.

Please, please help!!!! Thanks in advance!

Nisha

Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-28 23:38:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
87: 2008-07-29 06:38:46 UTC - RP1119 - Deckard's System Scanner Restore Point
86: 2008-07-29 02:29:30 UTC - RP1118 - Installed Java™ 6 Update 7
85: 2008-07-29 02:21:10 UTC - RP1117 - Removed Java 2 Runtime Environment, SE v1.4.2
84: 2008-07-28 23:56:52 UTC - RP1116 - Software Distribution Service 3.0
83: 2008-07-28 22:25:57 UTC - RP1115 - System Checkpoint


-- First Restore Point --
1: 2008-04-30 05:07:31 UTC - RP1033 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:24 PM, on 7/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\ScreenArt\WillowRd.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ted
O1 - Hosts: .0.0.1 wwwsearch.biz
O1 - Hosts: 127
O1 - Hosts: 127
O1 - Hosts: ero.bestmanage1.org
O1 - Hosts: ted
O1 - Hosts: .0.0.1 wwwsearch.biz
O1 - Hosts: 127
O1 - Hosts: world.com
O1 - Hosts: 127
O1 - Hosts: com
O1 - Hosts: 127
O1 - Hosts: 127
O1 - Hosts: ero.bestmanage1.org
O1 - Hosts: ted
O1 - Hosts: .0.0.1 wwwsearch.biz
O1 - Hosts: 127
O1 - Hosts: world.com
O1 - Hosts: 127
O1 - Hosts: com
O1 - Hosts: 127
O1 - Hosts: 127
O1 - Hosts: ero.bestmanage1.org
O1 - Hosts: ted
O1 - Hosts: .0.0.1 wwwsearch.biz
O1 - Hosts: 127.0
O1 - Hosts: .0.1 www.yourcodec.com
O1 - Hosts: 127.0
O1 - Hosts: www.yourieprotect.com
O1 - Hosts: 127
O1 - Hosts: world.com
O1 - Hosts: 127
O1 - Hosts: com
O1 - Hosts: 127
O1 - Hosts: 127
O1 - Hosts: ero.bestmanage1.org
O1 - Hosts: ted
O1 - Hosts: .0.0.1 wwwsearch.biz
O1 - Hosts: 0.0.1 www.ygoogle.it
O1 - Hosts: 127.0
O1 - Hosts: .0.1 www.yourcodec.com
O1 - Hosts: 127.0
O1 - Hosts: www.yourieprotect.com
O1 - Hosts: 127
O1 - Hosts: world.com
O1 - Hosts: 127
O1 - Hosts: com
O1 - Hosts: 127
O1 - Hosts: 127
O1 - Hosts: ero.bestmanage1.org
O1 - Hosts: ted
O1 - Hosts: .0.0.1 wwwsearch.biz
O1 - Hosts: sign.com
O1 - Hosts: www.xxlblog.info
O1 - Hosts: 0.0.1 www.ygoogle.it
O1 - Hosts: 127.0
O1 - Hosts: .0.1 www.yourcodec.com
O1 - Hosts: 127.0
O1 - Hosts: www.yourieprotect.com
O1 - Hosts: 127
O1 - Hosts: world.com
O1 - Hosts: 127
O1 - Hosts: com
O1 - Hosts: 127
O1 - Hosts: 127
O1 - Hosts: ero.bestmanage1.org
O1 - Hosts: ted
O1 - Hosts: .0.0.1 wwwsearch.biz
O1 - Hosts: 0.1 xponlinescanner.com
O1 - Hosts: sign.com
O1 - Hosts: www.xxlblog.info
O1 - Hosts: 0.0.1 www.ygoogle.it
O1 - Hosts: 127.0
O1 - Hosts: .0.1 www.yourcodec.com
O1 - Hosts: 127.0
O1 - Hosts: www.yourieprotect.com
O1 - Hosts: 127
O1 - Hosts: world.com
O1 - Hosts: 127
O1 - Hosts: com
O1 - Hosts: 127
O1 - Hosts: 127
O1 - Hosts: ero.bestmanage1.org
O1 - Hosts: ted
O1 - Hosts: .0.0.1 wwwsearch.biz
O1 - Hosts: .0.0.1 www.www-spybotcom.com
O1 - Hosts: 0.1 xponlinescanner.com
O1 - Hosts: sign.com
O1 - Hosts: www.xxlblog.info
O1 - Hosts: 0.0.1 www.ygoogle.it
O1 - Hosts: 127.0
O1 - Hosts: .0.1 www.yourcodec.com
O1 - Hosts: 127.0
O1 - Hosts: www.yourieprotect.com
O1 - Hosts: 127
O1 - Hosts: world.com
O1 - Hosts: 127
O1 - Hosts: com
O1 - Hosts: 127
O1 - Hosts: 127
O1 - Hosts: ero.bestmanage1.org
O2 - BHO: QXK Olive - {0D2C5F57-FA50-4B51-885E-EB4A31D734C3} - C:\WINDOWS\nfavxwdbqxv.dll
O2 - BHO: (no name) - {17BDC17B-4A23-4EBE-BC19-B7958527015B} - (no file)
O2 - BHO: {42cd51fd-294b-9d2b-7774-8907d7971781} - {1871797d-7098-4777-b2d9-b492df15dc24} - C:\WINDOWS\system32\cvyhlb.dll (file missing)
O2 - BHO: (no name) - {30309ABF-0A76-0FF3-5716-5900CCB58F9F} - (no file)
O2 - BHO: (no name) - {3134CEBE-5F72-0CA6-0016-5900CCB5D8C6} - (no file)
O2 - BHO: (no name) - {3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9} - (no file)
O2 - BHO: (no name) - {46288782-E084-4F98-B7E6-C835B60FECCC} - C:\WINDOWS\system32\mlJaATKd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - (no file)
O2 - BHO: (no name) - {B697D91E-08FC-4DE2-89D9-AB87BB451600} - (no file)
O2 - BHO: (no name) - {DD941B94-F51F-4CAB-B188-B75C2DA3D153} - (no file)
O3 - Toolbar: fdkowvbp - {199C2DDE-26C2-4FC7-A847-A28D57CB5A9B} - C:\WINDOWS\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [5417482f] rundll32.exe "C:\WINDOWS\system32\idjayhjy.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScreenArt.lnk = C:\Program Files\ScreenArt\WillowRd.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/...ad/tgctlins.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1133318566656
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1446/ftp...23/cpbrkpie.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinner.com/games/v55/cubis/cubis.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.bigfishgames.com/online/bejewel...aploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll (file missing)
O20 - Winlogon Notify: mljhige - mljhige.dll (file missing)
O20 - Winlogon Notify: xxyywwwT - xxyywwwT.dll (file missing)
O21 - SSODL: eqvwamkl - {66F7FD4E-19D5-4A4C-A678-CEA8EC22D779} - C:\WINDOWS\eqvwamkl.dll (file missing)
O21 - SSODL: kvxqmtre - {E4EEEAB0-B30A-4CD5-A407-E447E92C0F59} - (no file)
O21 - SSODL: evgratsm - {D58081D2-B66D-449F-9672-BE73C958A5C7} - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe

--
End of file - 15231 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - DefaultIcon - unable to read value


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 usbccgpp - c:\windows\system32\drivers\usbccgpp.sys
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 SunkFilt (Alcor Micro Corp - 9360) - c:\windows\system32\drivers\sunkfilt.sys <Not Verified; Alcor Micro Corp.; SunkFilt92>

S3 SBAPIFS - c:\windows\system32\drivers\sbapifs.sys (file missing)
S3 SunkFilt39 (Alcor Micro Corp - 3239) - c:\windows\system32\drivers\sunkfilt39.sys <Not Verified; Alcor Micro Corp.; SunkFilt39>
S3 Sunkfiltp (HP && Alcor Micro Corp for Phison) - c:\windows\system32\drivers\sunkfiltp.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ScsiAccess - c:\program files\photodex\proshowgold\scsiaccess.exe

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 navapsvc (Norton AntiVirus Auto Protect Service) - "c:\program files\norton antivirus\navapsvc.exe" (file missing)
S4 SNDSrvc (Symantec Network Drivers Service) - "c:\program files\common files\symantec shared\sndsrvc.exe" (file missing)


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-07-24 18:57:09 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 19:29:52 0 d-------- C:\Program Files\Common Files\Java
2008-07-28 17:33:51 0 d-------- C:\Program Files\SpywareBlaster
2008-07-28 17:02:54 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-25 20:37:35 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-07-25 20:37:35 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-07-25 20:11:29 0 d-------- C:\7af9e10bbab46e4dd97078
2008-07-25 18:25:17 0 d-------- C:\Program Files\Lavasoft
2008-07-24 20:35:20 0 dr-h----- C:\Documents and Settings\Owner\Recent
2008-07-24 20:24:50 0 d-------- C:\Program Files\CCleaner
2008-07-24 19:32:19 0 d-------- C:\Program Files\Trend Micro
2008-07-24 19:27:34 111104 --a------ C:\WINDOWS\system32\jybwdhxc.dll
2008-07-24 15:56:47 0 d-------- C:\Documents and Settings\All Users\Application Data\logs
2008-07-22 13:10:07 871736 --ahs---- C:\WINDOWS\system32\dKTAaJlm.ini2
2008-07-22 13:04:37 0 d-------- C:\Documents and Settings\Owner\Application Data\TmpRecentIcons
2008-07-22 12:59:59 163840 --a------ C:\WINDOWS\eanp.exe
2008-07-22 12:59:58 356352 --a------ C:\WINDOWS\nfavxwdbqxv.dll
2008-07-22 12:59:56 94208 --a------ C:\WINDOWS\grswptdl.exe
2008-07-04 12:28:30 295 --a------ C:\WINDOWS\EReg072.dat
2008-07-04 12:26:07 0 d-------- C:\Program Files\Firaxis Games


-- Find3M Report ---------------------------------------------------------------

2008-07-28 19:31:33 0 d-------- C:\Program Files\Java
2008-07-28 19:29:52 0 d-------- C:\Program Files\Common Files
2008-07-26 15:08:23 0 d-------- C:\Program Files\Lx_cats
2008-07-25 18:05:36 306000 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2008-07-24 20:18:05 0 d-------- C:\Program Files\Panda Security
2008-07-24 12:58:52 0 d-------- C:\Program Files\Opera
2008-07-23 22:18:13 0 d-------- C:\Program Files\Coupons
2008-07-20 10:28:25 4 --a------ C:\WINDOWS\system32\F6DC2B
2008-07-19 12:55:19 0 d-------- C:\Program Files\Mystery Case Files - Prime Suspects
2008-07-07 19:03:34 0 d-------- C:\Program Files\Microsoft Picture It! 9
2008-07-05 13:13:17 0 d-------- C:\Program Files\UBISOFT
2008-07-01 16:31:24 0 d-------- C:\Program Files\Hidden Secrets - The Nightmare
2008-06-19 11:46:33 0 d-------- C:\Program Files\Apple Software Update
2008-06-18 20:10:46 0 d-------- C:\Program Files\iTunes
2008-06-18 20:10:17 0 d-------- C:\Program Files\iPod
2008-06-18 20:07:44 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D2C5F57-FA50-4B51-885E-EB4A31D734C3}]
07/22/2008 10:48 AM 356352 --a------ C:\WINDOWS\nfavxwdbqxv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17BDC17B-4A23-4EBE-BC19-B7958527015B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1871797d-7098-4777-b2d9-b492df15dc24}]
C:\WINDOWS\system32\cvyhlb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30309ABF-0A76-0FF3-5716-5900CCB58F9F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3134CEBE-5F72-0CA6-0016-5900CCB5D8C6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3FECA576-7AD2-4E11-A6AD-6B59D4FB5DB9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{46288782-E084-4F98-B7E6-C835B60FECCC}]
C:\WINDOWS\system32\mlJaATKd.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{769D8280-A207-4EEA-9963-F8B156C32855}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B697D91E-08FC-4DE2-89D9-AB87BB451600}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD941B94-F51F-4CAB-B188-B75C2DA3D153}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [03/17/2004 03:10 PM C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [10/31/2003 07:42 PM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 11:50 AM]
"CHotkey"="zHotkey.exe" [05/17/2004 06:30 PM C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [09/19/2003 09:09 AM C:\WINDOWS\ShowWnd.exe]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [03/11/2004 03:18 PM]
"SoundMan"="SOUNDMAN.EXE" [07/01/2004 12:58 PM C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [07/05/2004 07:05 PM C:\WINDOWS\ALCWZRD.EXE]
"Alcmtr"="ALCMTR.EXE" [07/02/2004 08:49 PM C:\WINDOWS\ALCMTR.EXE]
"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [03/25/2004 06:30 AM]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [03/17/2004 09:30 AM]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [03/23/2004 03:07 PM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/04/2002 11:32 PM]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [06/07/2003 03:32 AM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [09/11/2007 01:43 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [01/13/2007 10:47 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [01/13/2007 10:47 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [01/13/2007 10:46 AM]
"@"="" []
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [12/21/2007 03:30 PM]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [07/25/2008 06:06 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/02/2008 11:13 AM]
"5417482f"="C:\WINDOWS\system32\idjayhjy.dll" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [02/25/2008 02:07 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 05:00 AM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [10/30/2007 8:12:47 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [4/23/2008 3:38:16 AM]
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [8/19/2004 6:49:46 PM]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [11/27/2004 1:22:28 PM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]
ScreenArt.lnk - C:\Program Files\ScreenArt\WillowRd.exe [3/29/2006 10:59:38 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"DisableTaskMgr"=0 (0x0)
"NoDispCPL"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"eqvwamkl"= {66F7FD4E-19D5-4A4C-A678-CEA8EC22D779} - C:\WINDOWS\eqvwamkl.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvtq]
C:\WINDOWS\system32\awvtq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhige]
mljhige.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyywwwT]
xxyywwwT.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlJaATKd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]
@="Service"




-- Hosts -----------------------------------------------------------------------

127.0.0.1 .supercocklol.com
127.0.0.1 www..webloyalty.com
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com

8114 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-07-28 23:43:34 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 52%
Physical Memory (total/avail): 502.73 MiB / 240.89 MiB
Pagefile Memory (total/avail): 1228.46 MiB / 860.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1930.12 MiB

C: is Fixed (NTFS) - 186.31 GiB total, 94.13 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD2000JD-22HBB0 - 186.31 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 186.31 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: AVG Anti-Virus v8.0 (AVG Technologies) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"="C:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat:*:Enabled:The Battle for Middle-earth ™"
"C:\\Program Files\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe"="C:\\Program Files\\Sony Pictures Games\\Wheel of Fortune\\Wheel of Fortune.exe:*:Enabled:Wheel of Fortune"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Mosaic Tomb of Mystery\\Mosaic.exe"="C:\\Program Files\\Mosaic Tomb of Mystery\\Mosaic.exe:*:Enabled:Mosaic Tomb of Mystery"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Hammertap\\HammerTap3\\AuctionAnalysis.exe"="C:\\Program Files\\Hammertap\\HammerTap3\\AuctionAnalysis.exe:*:Enabled:AuctionAnalysis"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe:*:Enabled:Spy Sweeper"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\59XFZPJS\\incredimail_install[1].exe"="C:\\Documents and Settings\\Owner\\Local Settings\\Temporary Internet Files\\Content.IE5\\59XFZPJS\\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG8\\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Owner\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-96FC0AA548
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Owner
LOGONSERVER=\\YOUR-96FC0AA548
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 3 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0304
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
TMP=C:\DOCUME~1\Owner\LOCALS~1\Temp
USERDOMAIN=YOUR-96FC0AA548
USERNAME=Owner
USERPROFILE=C:\Documents and Settings\Owner
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Owner (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 7.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A05E8411-A149-4A48-BC09-5485648DE4A0}\setup.exe" -l0x9
Atari: The 80 Classic Games --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Atari\The 80 Classic Games\Uninst.isu"
Atlantis - Sky Patrol (remove only) --> C:\Program Files\Atlantis - Sky Patrol\Uninstall.exe
Atlantis (remove only) --> C:\Program Files\Atlantis\Uninstall.exe
AVG 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Big Fish Games Client --> C:\Program Files\bfgclient\Uninstall.exe
BigFix --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Cake Mania 2 (remove only) --> "C:\Program Files\Cake Mania 2\Uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Chocolatier 2: Secret Ingredients (remove only) --> "C:\Program Files\Chocolatier 2 - Secret Ingredients\Uninstall.exe"
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Costco Photo Organizer --> MsiExec.exe /X{BA156277-D012-4509-9F9D-5587357B7207}
Coupon Printer for Windows --> "C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
Creative Delights Companion --> C:\PROGRA~1\LDSUPR~1\UNWISE.EXE C:\PROGRA~1\LDSUPR~1\INSTALL.LOG
CSI-3 Dimensions of Murder 1.0 --> C:\Program Files\Ubisoft\Telltale Games\CSI-3 Dimensions of Murder\uninst.exe
Cubis Gold --> C:\PROGRA~1\FRESHG~1\CUBISG~1\UNWISE.EXE C:\PROGRA~1\FRESHG~1\CUBISG~1\INSTALL.LOG
Cubis Gold 2 --> C:\PROGRA~1\FRESHG~1\CUBISG~2\UNWISE.EXE C:\PROGRA~1\FRESHG~1\CUBISG~2\INSTALL.LOG
Cubis Gold 2 Expansion Pack --> C:\PROGRA~1\FRESHG~1\CUBISG~2\EXPANS~1\UNWISE.EXE C:\PROGRA~1\FRESHG~1\CUBISG~2\EXPANS~1\INSTALL.LOG
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}
ebgcInfra --> MsiExec.exe /X{39B1BD87-561E-4762-AED9-7C5213B06C24}
ebgcRes --> MsiExec.exe /X{DC32544C-86ED-4B8E-80BC-9DC99023A313}
ebgcSDK --> MsiExec.exe /X{53B2D537-21CF-44D5-A03A-0DAF993B5728}
Evening In Paris Screen Saver --> C:\WINDOWS\SOFTDISK\SSSTUDIO\Evening In Paris\UNINSTAL.EXE
EZface ActiveX 207 --> C:\PROGRA~1\EZFace\ActiveX\uninst.bat 207 C:\PROGRA~1\EZFace\ActiveX
FinePixViewer Ver.4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hidden Expedition Titanic (remove only) --> C:\Program Files\Hidden Expedition Titanic\Uninstall.exe
Hidden Secrets: The Nightmare (remove only) --> "C:\Program Files\Hidden Secrets - The Nightmare\Uninstall.exe"
Hidden Secrets: The Nightmare Strategy Guide (remove only) --> "C:\Program Files\Hidden Secrets - The Nightmare Strategy Guide\Uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImageMixer VCD for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
IncrediMail Xe --> C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Adapters and Drivers --> Prounstl.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iTunes --> MsiExec.exe /I{9F70BF98-003C-491D-81FC-FF9792206AF0}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lettering Delights Supreme Download --> C:\PROGRA~1\LDSUPR~1\UNWISE.EXE C:\PROGRA~1\LDSUPR~1\LD1-0-0-50.LOG
Lexmark 5200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBTUNST.EXE -NOLICENSE
Lexmark Fax Solutions --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{764C0C8F-B1B1-49BF-AEDC-4E48E857A667} /l1033 /z/U
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Luxor (remove only) --> "C:\Program Files\Luxor\Uninstall.exe"
Luxor 3 (remove only) --> "C:\Program Files\Luxor 3\Uninstall.exe"
Luxor Amun Rising (remove only) --> "C:\Program Files\Luxor Amun Rising\Uninstall.exe"
MasterClips Browser v2.03 --> C:\WINDOWS\uninst.exe -fC:\MPX\DeIsL1.isu
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Picture It! Photo Premium 9 --> c:\WINDOWS\system32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works --> MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MicroStaff WINASPI NT --> C:\MWASPINT\uninst.exe
Mosaic Tomb of Mystery (remove only) --> C:\Program Files\Mosaic Tomb of Mystery\Uninstall.exe
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Owner\Application Data\Move Networks\ie_bin\Uninst.exe
Multimedia Keyboard Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}\Setup.exe" -l0x9
My Photo Calendars & Cards --> MsiExec.exe /X{01022EF8-B6C2-4BF3-A497-798C87A4EBA0}
MyFonts Order M878866 --> MsiExec.exe /I{66B467C7-4700-C55F-A126-B0E9F5A82A88}
MyPhotoBooks --> MsiExec.exe /I{499EA9D8-5F20-46C3-B445-D428A6DEEBE5}
Myst IV - Revelation --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}\setup.exe" -l0x9
Mystery Case Files - Prime Suspects (remove only) --> C:\Program Files\Mystery Case Files - Prime Suspects\Uninstall.exe
Mystery Case Files - Ravenhearst (remove only) --> C:\Program Files\Mystery Case Files - Ravenhearst\Uninstall.exe
Nero BurnRights --> C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL
Nero OEM --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Netflix Movie Viewer --> MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
onOne Essentials 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6220E72E-67BD-4E7A-B0FB-2DF318251891}\setup.exe" -l0x9 -uninst -removeonly
Opera 9.51 --> MsiExec.exe /X{179624B1-2683-45ED-965A-B72189EB5820}
Photodex Presenter --> C:\Program Files\Photodex Presenter\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
ProShow Gold --> C:\Program Files\Photodex\ProShowGold\proshow.exe . -u
QG Install 2.71B --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\Quizzing\ST6UNST.LOG"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
RealArcade --> C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Restaurant Empire (remove only) --> "C:\Program Files\Restaurant Empire\Uninstall.exe"
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\INSTALL.LOG
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RingCentral EasyFax --> C:\PROGRA~1\RINGCE~1\RINGCE~1\uninst\rc_unins.exe -fC:\PROGRA~1\RINGCE~1\RINGCE~1\uninst\rc_unins.ins
RollerCoaster Tycoon 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\Setup.exe" -l0x9
Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sibelius Scorch (ActiveX Only) --> MsiExec.exe /I{C8E4455F-0F70-4DA2-A9F9-2D56C80E10AD}
Sid Meier's Alpha Centauri --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Firaxis Games\Sid Meier's Alpha Centauri\Uninst.isu"
SimCity 4 Deluxe --> C:\Program Files\Maxis\SimCity 4 Deluxe\EAUninstall.exe
Snow Flurry --> C:\WINDOWS\DWUninst.exe "Snow Flurry"
SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F20&SUBSYS_200014F1
Solero Music Viewer --> "C:\Program Files\Sunhawk\Solero\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Super Collapse! II --> C:\PROGRA~1\BIGFIS~1\SUPERC~1\UNWISE.EXE /U C:\PROGRA~1\BIGFIS~1\SUPERC~1\INSTALL.LOG
The Print Shop 20 --> MsiExec.exe /I{152BF35B-56D7-4652-B519-1661AAC270EE}
The Print Shop Premium Fonts --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F64D075-84F1-4EBC-A842-F2EF9C58009A}\Setup.exe" -l0x9
Top Ten Solitaire (remove only) --> C:\Program Files\Top Ten Solitaire\Uninstall.exe
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Webshots Desktop --> "C:\Program Files\Webshots\unins000.exe"
Willow Road Screen Art --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ScreenArt\Uninst.isu"
Windows Backup Utility --> MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Installer Clean Up --> MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Word Slinger --> C:\PROGRA~1\BIGFIS~1\WORDSL~1\UNWISE.EXE /U C:\PROGRA~1\BIGFIS~1\WORDSL~1\INSTALL.LOG
WrapCandy 7.0 Basic --> "C:\Program Files\WrapCandy70\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3814 / Error
Event Submitted/Written: 07/28/2008 11:42:45 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type3813 / Error
Event Submitted/Written: 07/28/2008 11:42:45 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type3812 / Error
Event Submitted/Written: 07/28/2008 11:42:45 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type3811 / Error
Event Submitted/Written: 07/28/2008 11:42:45 PM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type3810 / Error
Event Submitted/Written: 07/28/2008 11:41:07 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16674, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type54780 / Error
Event Submitted/Written: 07/28/2008 07:39:34 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Ad-Aware 2007 Service service to connect.

Event Record #/Type54775 / Error
Event Submitted/Written: 07/28/2008 07:21:51 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type54772 / Error
Event Submitted/Written: 07/28/2008 07:21:51 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type54769 / Error
Event Submitted/Written: 07/28/2008 07:21:51 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126

Event Record #/Type54766 / Error
Event Submitted/Written: 07/28/2008 07:21:51 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Application Management service terminated with the following error:
%%126



-- End of Deckard's System Scanner: finished at 2008-07-28 23:43:34 ------------

Edited by mamalove, 29 July 2008 - 02:13 AM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:07:53 PM

Posted 01 August 2008 - 04:19 AM

Hello Mamalove and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Restart your computer.

4. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users