Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2008 Attacked My Pc


  • This topic is locked This topic is locked
1 reply to this topic

#1 gentorix

gentorix

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 05 August 2008 - 04:58 AM

I have entered a webpage and received an Active X bar invitation and intantly an antivirus 2008 appeared on the screen. now i do not know how to get rid of it. All the time browsers were openning, but nor allowing me to enter let's say google.com to search for help.Hopefully i had flock.com browser to enter the net. Even now, when I am writing you this all kind of pages and alerts are openning.
Further the two reports
1 The main report:
Deckard's System Scanner v20071014.68
Run by SHUBREDU on 2008-08-05 12:00:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
7: 2008-08-05 09:00:49 UTC - RP161 - Deckard's System Scanner Restore Point
6: 2008-08-04 12:11:47 UTC - RP160 - Spybot-S&D Spyware removal
5: 2008-08-04 11:20:56 UTC - RP159 - Removed SweetIM Toolbar for Internet Explorer 3.1
4: 2008-08-04 11:19:09 UTC - RP158 - Removed TuneUp Utilities 2008
3: 2008-08-03 08:34:08 UTC - RP157 - System Checkpoint


-- First Restore Point --
1: 2008-08-02 08:31:45 UTC - RP155 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-05 12:03:43
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDANTSRV.EXE
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\ApVxdWin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\WebProxy.exe
C:\Program Files\Trust\MI-2500X OPTICAL MOUSE\mouse32a.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Antivirus 2008\Antivirus-2008.exe
C:\Program Files\Flock\flock\flock.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\SHUBREDU\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Shubredu's search page
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F0 - win.ini: run=C:\Documents and Settings\SHUBREDU\Application Data\Adobe\Manager.exe
F3 - REG:win.ini: Run=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Olive - {17c24e63-9a2c-4c50-bf01-86212b497bc7} - C:\WINDOWS\wnlmdakqfne.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: XMLDP Class - {72a128e0-2240-40c8-9e92-5387d64f839e} - C:\WINDOWS\xml2u32h.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {c333cf63-767f-4831-94ac-e683d962c63c} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: bgrqfetx - {905562EF-6F86-4FF3-9963-5AB66372D3A8} - C:\WINDOWS\bgrqfetx.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\MI-2500X OPTICAL MOUSE\Mouse32a.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Antivirus-2008.exe] C:\Program Files\Antivirus 2008\Antivirus-2008.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableTaskMgr=1
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (file missing)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.celartem.com/en/download/data/d...ntrol_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/29.55/uploader2.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} () - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1207855341593
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1208317254796
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{3DDE8428-7943-4144-879D-CF8987D6A137}: NameServer = 193.111.232.13
O18 - Protocol: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: xokvrpwg - {73F8980C-1FBE-48B6-ABD2-F543979B4A09} - C:\WINDOWS\xokvrpwg.dll
O21 - SSODL: tfnslopk - {5D30DF0E-0681-4CB4-9B09-F93567B92804} - C:\WINDOWS\tfnslopk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\system32\Crypserv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server Active Directory Helper (MSSQLServerADHelper) - Unknown owner - C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrlS.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PAVSRV51.EXE
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
O23 - Service: SQL Server Browser (SQLBrowser) - Unknown owner - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
O23 - Service: SQL Server VSS Writer (SQLWriter) - Unknown owner - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
O23 - Service: stylexpservice - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 18645 bytes

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 bantext (Belarc SMBios Access) - c:\windows\system32\drivers\bantext.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 stylexphelper - c:\program files\tgtsoft\stylexp\stylexphelper.exe <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>

S1 NetworkX - c:\windows\system32\ckldrv.sys (file missing)
S3 btwmodem (Bluetooth Modem) - c:\windows\system32\drivers\btwmodem.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 4.0.1.3301>
S3 C-Dilla - c:\windows\system32\drivers\cdant.sys <Not Verified; Macrovision; Licence Management System>
S3 SABProcEnum - c:\program files\internet explorer\sabprocenum.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S4 fcc9a97f - c:\windows\system32\drivers\fcc9a97f.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 C-DillaSrv - c:\windows\system32\drivers\cdantsrv.exe <Not Verified; C-Dilla Ltd; CD-Secure/CD-Compress Windows NT>
R2 Crypkey License - crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
R2 stylexpservice - "c:\program files\tgtsoft\stylexp\stylexpservice.exe" <Not Verified; ; StyleXPService Module>

S2 PCA (PC Angel) - c:\windows\sminst\pcangel.exe <Not Verified; SoftThinks; PCAngel Application>
S2 wltrysvc (Broadcom Wireless LAN Tray Service) - c:\windows\system32\wltrysvc.exe c:\windows\system32\bcmwltry.exe (file missing)
S3 Autodesk Licensing Service - "c:\program files\common files\autodesk shared\service\adskscsrv.exe" <Not Verified; Autodesk; Autodesk Licensing Service>
S4 SQLBrowser (SQL Server Browser) - "c:\program files\microsoft sql server\90\shared\sqlbrowser.exe"
S4 SQLWriter (SQL Server VSS Writer) - "c:\program files\microsoft sql server\90\shared\sqlwriter.exe"


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\IFX0102\4&28738126&0
Manufacturer:
Name:
PNP Device ID: ACPI\IFX0102\4&28738126&0
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-08-01 17:16:48 382 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-05 10:42:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-05 10:41:53 0 d-------- C:\WINDOWS\privacy_danger
2008-08-05 10:41:47 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\TmpRecentIcons
2008-08-05 10:41:35 233472 --a------ C:\WINDOWS\xokvrpwg.dll
2008-08-05 10:41:35 393216 --a------ C:\WINDOWS\wnlmdakqfne.dll
2008-08-05 10:41:35 200704 --a------ C:\WINDOWS\tfnslopk.dll
2008-08-05 10:41:35 86016 --a------ C:\WINDOWS\lnvegaow.exe
2008-08-05 10:41:35 139264 --a------ C:\WINDOWS\eovn.exe
2008-08-05 10:41:35 192512 --a------ C:\WINDOWS\bgrqfetx.dll
2008-08-05 10:41:22 0 d-------- C:\Program Files\Antivirus 2008
2008-08-05 10:41:01 53760 --a------ C:\WINDOWS\xml2u32h.dll <Not Verified; Microsoft Corporation; XML parser library>
2008-08-05 10:40:51 82944 --a------ C:\1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-04 12:23:38 3840 --a------ C:\WINDOWS\system32\drivers\BANTExt.sys
2008-08-04 12:23:38 0 d-------- C:\Program Files\Belarc
2008-08-04 09:58:59 0 d-------- C:\Program Files\TGTSoft
2008-08-03 16:09:52 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-02 11:42:21 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Malwarebytes
2008-08-02 11:42:17 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-02 09:26:55 109762 --a------ C:\WINDOWS\system32\drivers\f30f50d6.sys
2008-08-02 09:26:28 151040 --a------ C:\Documents and Settings\LocalService\Application Data\672374863.exe
2008-08-02 09:11:53 109762 --a------ C:\WINDOWS\system32\drivers\fcc9a97f.sys
2008-08-02 05:56:08 20080 --a------ C:\WINDOWS\system32\Winsspi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
2008-08-02 05:56:08 32256 --a------ C:\WINDOWS\system32\Selfreg.dll <Not Verified; Microsoft; SelfReg>
2008-08-02 05:56:08 415504 --a------ C:\WINDOWS\system32\Msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-08-02 05:56:06 31744 --a------ C:\WINDOWS\system32\Hlp95en.dll <Not Verified; Microsoft Corporation; Microsoft Office>
2008-08-02 05:56:06 12288 --a------ C:\WINDOWS\system32\Hlinkprx.dll
2008-08-02 05:56:04 6144 --a------ C:\WINDOWS\system32\W95fiber.dll <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-08-02 05:56:04 195072 --a------ C:\WINDOWS\system32\Msodeusa.dll <Not Verified; Microsoft Corporation; Microsoft App-wide Setup for Windows>
2008-08-02 05:56:02 0 d-------- C:\Program Files\Access 97 Runtime
2008-08-02 05:56:01 0 d-------- C:\Program Files\PM FASTrack
2008-08-02 05:54:58 0 d--h----- C:\C_DILLA
2008-08-02 05:38:04 46080 --a------ C:\WINDOWS\system32\drivers\CDANTSRV.EXE <Not Verified; C-Dilla Ltd; CD-Secure/CD-Compress Windows NT>
2008-08-02 05:38:04 58288 --a------ C:\WINDOWS\system32\drivers\CDANT.SYS <Not Verified; Macrovision; Licence Management System>
2008-08-02 05:38:04 60416 --a------ C:\WINDOWS\CDILLA64.EXE <Not Verified; Macrovision; Licence Management System>
2008-08-02 05:38:04 55376 --a------ C:\WINDOWS\CDILLA40.DLL <Not Verified; C-Dilla Ltd; Licence Management System>
2008-08-02 05:38:04 260608 --a------ C:\WINDOWS\CDILLA32.DLL <Not Verified; Macrovision; Licence Management System>
2008-08-02 05:38:04 7056 --a------ C:\WINDOWS\CDILLA16.EXE <Not Verified; Macrovision; Licence Management System>
2008-08-02 05:38:04 44544 --a------ C:\WINDOWS\CDILLA13.DLL <Not Verified; Macrovision; Licence Management System>
2008-08-02 05:38:04 23856 --a------ C:\WINDOWS\CDILLA10.EXE <Not Verified; Macrovision; Licence Management System>
2008-08-02 05:38:04 63344 --a------ C:\WINDOWS\CDILLA05.DLL <Not Verified; Macrovision; Licence Management System>
2008-08-01 09:55:10 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Pertmaster
2008-08-01 00:09:18 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Real
2008-07-31 14:09:46 0 d-------- C:\Program Files\Dassault Systemes
2008-07-31 14:07:26 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\DassaultSystemes
2008-07-31 14:07:26 0 d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
2008-07-31 09:47:14 0 d-------- C:\Program Files\The Weather Channel FW
2008-07-31 06:42:52 45056 -----n--- C:\WINDOWS\system32\CleanUp.exe <Not Verified; adi; adi CleanUp>
2008-07-31 00:19:15 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\SampleView
2008-07-31 00:13:21 266240 --a------ C:\WINDOWS\system32\ShellvRTF64.dll <Not Verified; XSS; XSS ShellvRTF>
2008-07-31 00:13:21 122880 --a------ C:\WINDOWS\system32\ShellvRTF.dll <Not Verified; XSS; XSS ShellvRTF>
2008-07-31 00:13:21 241664 --a------ C:\WINDOWS\system32\HPEvents.dll <Not Verified; Hewlett-Packard; HP Events Listener>
2008-07-31 00:12:04 0 d-------- C:\WINDOWS\CREATOR
2008-07-31 00:12:03 0 d-------- C:\WINDOWS\SMINST
2008-07-30 06:04:27 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-07-30 06:03:23 248 --a------ C:\WINDOWS\system32\PavCPL.dat
2008-07-30 06:03:19 0 d-------- C:\WINDOWS\system32\PAV
2008-07-29 22:48:38 0 d-------- C:\Program Files\Common Files\Panda Software
2008-07-29 21:59:51 0 d-------- C:\Program Files\Exterminate It!
2008-07-28 14:22:56 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Uniblue
2008-07-28 12:28:51 0 d-------- C:\Program Files\InterMute
2008-07-28 12:01:50 0 d-------- C:\Program Files\Shareaza
2008-07-28 12:01:50 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Shareaza
2008-07-27 21:29:25 0 d-------- C:\Program Files\Panda Security
2008-07-27 20:24:22 0 d-------- C:\Program Files\Common Files\ArcSoft
2008-07-27 20:24:21 11776 --a------ C:\WINDOWS\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
2008-07-27 20:23:49 212480 --a------ C:\WINDOWS\PCDLIB32.DLL <Not Verified; Eastman Kodak; Kodak Photo CD Access Developer Toolkit>
2008-07-27 20:23:44 0 d-------- C:\Program Files\ArcSoft
2008-07-27 20:16:03 0 d-------- C:\WINDOWS\PixArt
2008-07-24 19:07:19 0 d-------- C:\Program Files\inKline Global
2008-07-23 19:03:23 0 dr------- C:\Downloads
2008-07-23 17:47:25 0 d-------- C:\Program Files\Peter
2008-07-23 00:10:07 0 d-------- C:\Program Files\FlashGet
2008-07-22 17:11:48 0 d-------- C:\Program Files\SweetIM
2008-07-22 17:11:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-07-16 11:14:30 0 dr-h----- C:\Documents and Settings\SHUBREDU\Recent
2008-07-16 09:10:50 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Ashampoo
2008-07-16 09:09:20 0 d-------- C:\Documents and Settings\All Users\Application Data\ashampoo
2008-07-16 09:09:11 0 d-------- C:\Program Files\Ashampoo
2008-07-15 06:52:23 0 d-------- C:\Program Files\Alcohol Soft
2008-07-15 06:49:51 715248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-10 20:17:00 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Flock
2008-07-10 20:16:32 0 d-------- C:\Program Files\Flock
2008-07-09 03:07:37 0 d-------- C:\WINDOWS\SQLTools9_KB948109_ENU
2008-07-09 03:04:58 0 d-------- C:\WINDOWS\SQL9_KB948109_ENU


-- Find3M Report ---------------------------------------------------------------

2008-08-05 11:39:54 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\uTorrent
2008-08-05 11:39:48 0 d-------- C:\Program Files\PeerGuardian2
2008-08-05 11:39:33 0 d-------- C:\Program Files\eMule
2008-08-05 10:40:53 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Adobe
2008-08-04 14:24:22 0 d-------- C:\Program Files\HP
2008-08-04 14:19:46 0 d-------- C:\Program Files\Common Files
2008-08-01 09:49:07 0 d-------- C:\Program Files\Pertmaster Software
2008-08-01 00:07:11 0 d-------- C:\Program Files\JetAudio
2008-07-31 00:12:03 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-29 22:48:05 0 d-------- C:\Program Files\Common Files\Filseclab
2008-07-28 16:14:10 0 d-------- C:\Program Files\Ascentive
2008-07-28 11:18:17 0 d-------- C:\Program Files\Bitcollider
2008-07-28 06:26:31 0 d-------- C:\Program Files\Trust
2008-07-24 17:07:37 0 d-------- C:\Program Files\Winamp Toolbar
2008-07-24 12:41:03 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Yahoo!
2008-07-24 10:03:11 0 d-------- C:\Program Files\Yahoo!
2008-07-24 01:37:34 0 d-------- C:\Program Files\uTorrent
2008-07-24 00:52:57 0 d-------- C:\Program Files\Common Files\Autodesk Shared
2008-07-16 07:10:30 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\LimeWire
2008-07-15 06:47:54 0 d-------- C:\Program Files\Nero
2008-07-15 06:47:43 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Nero
2008-07-15 06:47:34 0 d-------- C:\Program Files\Common Files\Simple Star Shared
2008-07-15 06:44:36 0 d-------- C:\Program Files\Common Files\Nero
2008-07-14 17:37:56 0 d-------- C:\Program Files\Opera
2008-07-10 19:54:47 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Apple Computer
2008-07-09 03:07:59 0 d-------- C:\Program Files\Microsoft SQL Server
2008-07-07 09:38:37 0 d-------- C:\Program Files\Aide PDF to DXF Converter
2008-07-05 10:05:03 0 d-------- C:\Program Files\LizardTech
2008-07-04 09:34:55 0 d-------- C:\Program Files\Common Files\LizardTech Shared
2008-07-03 10:40:44 0 d-------- C:\Program Files\FinePixViewer
2008-06-30 15:06:15 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Pertmaster8
2008-06-30 11:18:23 0 d-------- C:\Program Files\Common Files\Crystal Decisions
2008-06-29 09:35:58 0 d-------- C:\Program Files\QuickTime
2008-06-24 20:12:40 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Opera
2008-06-24 19:53:36 0 d-------- C:\Program Files\Trustix
2008-06-24 19:15:13 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-24 18:39:18 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\CallingID
2008-06-24 16:45:58 6 --a------ C:\WINDOWS\system32\mkghj.dll
2008-06-16 07:20:57 0 d-------- C:\Program Files\DivX
2008-06-11 13:51:40 0 d-------- C:\Documents and Settings\SHUBREDU\Application Data\Help
2008-06-06 09:52:47 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-31 02:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-31 02:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 02:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 02:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-31 02:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-23 01:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-23 01:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-23 01:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-23 01:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-14 20:29:40 1160 --a------ C:\WINDOWS\mozver.dat
2008-05-14 17:48:47 0 --a------ C:\WINDOWS\nsreg.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17c24e63-9a2c-4c50-bf01-86212b497bc7}]
08/05/2008 07:02: VIRUS ALERT! 393216 --a------ C:\WINDOWS\wnlmdakqfne.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
03/20/2008 01:36: VIRUS ALERT! 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72a128e0-2240-40c8-9e92-5387d64f839e}]
08/05/2008 10:41: VIRUS ALERT! 53760 --a------ C:\WINDOWS\xml2u32h.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
06/03/2008 16:17: VIRUS ALERT! 86032 --a------ C:\Program Files\MSN\Toolbar\3.0.0311.0\msneshellx.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [03/20/2008 01:36: VIRUS ALERT! 1267040]

[-HKEY_CLASSES_ROOT\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [10/19/2007 13:05: VIRUS ALERT!]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [09/15/2007 02:29: VIRUS ALERT!]
"FLMOFFICE4DMOUSE"="C:\Program Files\Trust\MI-2500X OPTICAL MOUSE\Mouse32a.exe" [04/15/2008 18:51: VIRUS ALERT!]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [04/23/2008 02:08: VIRUS ALERT!]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [05/27/2008 10:50: VIRUS ALERT!]
"PAC7311_Monitor"="C:\WINDOWS\PixArt\PAC7311\Monitor.exe" [07/30/2008 03:22: VIRUS ALERT!]
"APVXDWIN"="C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.exe" [10/04/2007 15:15: VIRUS ALERT!]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [01/18/2008 11:04: VIRUS ALERT!]
"Recguard"="C:\WINDOWS\Sminst\Recguard.exe" [12/20/2005 16:51: VIRUS ALERT!]
"Reminder"="C:\WINDOWS\Creator\Remind_XP.exe" [03/09/2006 17:38: VIRUS ALERT!]
"Scheduler"="C:\WINDOWS\SMINST\Scheduler.exe" [10/09/2006 11:23: VIRUS ALERT!]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [01/05/2007 17:36: VIRUS ALERT!]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 08:12: VIRUS ALERT!]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [11/20/2007 07:44: VIRUS ALERT!]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [07/27/2007 15:00: VIRUS ALERT!]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34: VIRUS ALERT!]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 17:43: VIRUS ALERT!]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [09/18/2005 18:40: VIRUS ALERT!]
"uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [05/12/2008 20:18: VIRUS ALERT!]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [06/10/2008 16:18: VIRUS ALERT!]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [05/24/2006 21:31: VIRUS ALERT!]
"Antivirus-2008.exe"="C:\Program Files\Antivirus 2008\Antivirus-2008.exe" [08/05/2008 10:41: VIRUS ALERT!]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [05/11/2008 14:19: VIRUS ALERT!]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [4/16/2008 10:40:18 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"NoDispCPL"=1 (0x1)
"NoDispAppearancePage"=1 (0x1)
"NoDispSettingPage"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xokvrpwg"= {73F8980C-1FBE-48B6-ABD2-F543979B4A09} - C:\WINDOWS\xokvrpwg.dll [08/05/2008 07:02: VIRUS ALERT! 233472]
"tfnslopk"= {5D30DF0E-0681-4CB4-9B09-F93567B92804} - C:\WINDOWS\tfnslopk.dll [08/05/2008 07:02: VIRUS ALERT! 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 02/15/2007 19:02: VIRUS ALERT! 50736 C:\WINDOWS\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"MsnMsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe -AutoStart
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"ToolBoxFX"="C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"HPUsageTracking"="C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a914f19e-0b77-11dd-8b18-001a6b8585fd}]
AutoRun\command- "G:\Install FreeAgent Tools.exe" /run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a914f1a6-0b77-11dd-8b18-001a6b8585fd}]
AutoRun\command- nideiect.com
explore\Command- nideiect.com
open\Command- nideiect.com




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8947 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-05 12:04:23 ------------

2. The extra report
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 CPU T5600 @ 1.83GHz
CPU 1: Intel® Core™2 CPU T5600 @ 1.83GHz
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 1023.36 MiB / 465.18 MiB
Pagefile Memory (total/avail): 2459.84 MiB / 2017.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1890.08 MiB

C: is Fixed (NTFS) - 102.88 GiB total, 41.44 GiB free.
D: is Fixed (NTFS) - 7.36 GiB total, 0.77 GiB free.
E: is Fixed (NTFS) - 1.55 GiB total, 0.94 GiB free.
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - FUJITSU MHW2120BH - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 102.88 GiB - C:
\PARTITION1 - Installable File System - 7.36 GiB - D:
\PARTITION2 - Installable File System - 1589 MiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

AV: Panda Antivirus 2008 v3.01.00 (Panda Security) Disabled

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Pertmaster Software\\BB\\Bin\\BBXCOMServer.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Bin\\BBXCOMServer.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM Server"
"C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_C\\BBXCOMClient.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_C\\BBXCOMClient.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM Client Sample"
"C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_CMDLine\\bbx.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_CMDLine\\bbx.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM Command Line Sample"
"C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_VB\\bbxsrvdemo.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_VB\\bbxsrvdemo.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM VB Sample"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Canon\\Color Network ScanGear\\SgTool.exe"="C:\\Program Files\\Canon\\Color Network ScanGear\\SgTool.exe:*:Enabled:SGTOOL"
"F:\\STHIW\\stInstall.exe"="F:\\STHIW\\stInstall.exe:*:Enabled:SpeedTouch Home Install Wizard"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"F:\\setup\\HPZNET01.EXE"="F:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"F:\\setup\\hppapd.exe"="F:\\setup\\hppapd.exe:*:Enabled:hppapd.exe"
"F:\\setup\\HPNTWKEXE.EXE"="F:\\setup\\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"="C:\\Program Files\\QuickTime\\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\\Program Files\\Pertmaster Software\\BB\\Bin\\BBXCOMServer.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Bin\\BBXCOMServer.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM Server"
"C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_C\\BBXCOMClient.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_C\\BBXCOMClient.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM Client Sample"
"C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_CMDLine\\bbx.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_CMDLine\\bbx.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM Command Line Sample"
"C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_VB\\bbxsrvdemo.exe"="C:\\Program Files\\Pertmaster Software\\BB\\Samples\\BBxComClient_VB\\bbxsrvdemo.exe:LocalSubNet:Enabled:Identify AppSight Black Box COM VB Sample"
"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Shareaza\\Shareaza.exe"="C:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza"
"C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler "
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\SHUBREDU\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SHUBREDU
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
GDAL_DATA=C:\Program Files\Common Files\LizardTech Shared\GDAL_ETC
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\SHUBREDU
KMP_DUPLICATE_LIB_OK=TRUE
LOGONSERVER=\\SHUBREDU
NUMBER_OF_PROCESSORS=2
OMP_NUM_THREADS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Autodesk\DWG TrueView\;C:\Sybase\shared;;C:\Sybase\im6\tutorial;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Pertmaster Software\BB\Bin;C:\Program Files\Panda Security\Panda Antivirus 2008\;C:\SYBASE\SQLANY~1.0\WIN32;C:\SYBASE\IM6
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f02
ProgramFiles=C:\Program Files
PROJSO=C:\Program Files\Common Files\LizardTech Shared\GDAL_LIB\proj.dll
PROJ_LIB=C:\Program Files\Common Files\LizardTech Shared\GDAL_ETC
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\SHUBREDU\LOCALS~1\Temp
TMP=C:\DOCUME~1\SHUBREDU\LOCALS~1\Temp
USERDOMAIN=SHUBREDU
USERNAME=SHUBREDU
USERPROFILE=C:\Documents and Settings\SHUBREDU
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

SHUBREDU (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> .
--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 8.0 Professional Edition --> MsiExec.exe /I{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat 7.1.0 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AOEMView 2008 --> C:\Program Files\AOEMView 2008\Setup\Setup.exe /P {6F411DB4-EC41-482B-AD46-384957928F69} /M AOEM
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AppSight 5.7 COM Black Box --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{535BC0ED-35DC-4EFA-89F8-CF410F4BBA31}
ArchiCAD 11 INT --> C:\Program Files\Graphisoft\ArchiCAD 11\Uninstall.AC\uninstaller.exe
ArcSoft VideoImpression 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\setup.exe" -l0x9
Ashampoo Burning Studio 7.21 --> "C:\Program Files\Ashampoo\Ashampoo Burning Studio 7\unins000.exe"
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoBackup --> C:\Program Files\InstallShield Installation Information\{8920EF0D-633E-46D1-9561-90E713E3145A}\setup.exe -runfromtemp -l0x0409
AutoCAD 2007 - English --> MsiExec.exe /I{5783F2D7-5001-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer --> C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
Belarc Advisor 7.2 --> C:\PROGRA~1\Belarc\Advisor\Uninstall.exe C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG
Bitzi's Bitcollider 0.6.0 --> C:\PROGRA~1\BITCOL~1\UNWISE.EXE C:\PROGRA~1\BITCOL~1\INSTALL.LOG
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11_App\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11"
Broadcom 802.11 Wireless LAN Adapter --> "C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Broadcom NetXtreme Ethernet Controller --> MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
C-Dilla Licence Management System --> C:\C_DILLA\setup\cdunin16.exe
Catalyst Control Center - Branding --> MsiExec.exe /I{3F93B2BA-18EC-462B-9ACD-396599353EE1}
Color Network ScanGear Ver.2.01 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A73C27A6-A848-11DA-A395-000E7F60AD33} UNINSTALL
COWON Media Center - jetAudio Plus VX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe" -l0x9 -removeonly
Dassault Systemes Software B18 --> "C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\Uninstall.exe" "C:\Program Files\Dassault Systemes\B18" "CODE" "GUI" "B18" "0"
Dassault Systemes Software Prerequisites x86 --> MsiExec.exe /I{9877BCD9-6698-4951-AE19-D5F398D83D5A}
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DWG TrueView 2007 --> MsiExec.exe /I{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}
eMule --> "C:\Program Files\eMule\Uninstall.exe"
FinePix Studio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource --> C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.3 --> C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Flock 1.2 --> C:\Program Files\Flock\uninst.exe
FreeAgent Pro Tools --> C:\Program Files\InstallShield Installation Information\{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}\setup.exe -runfromtemp -l0x0409
French interface language for ABBYY FineReader 8.0 Professional Edition --> MsiExec.exe /X{C9469E12-1A0F-4D62-9C2D-E1B652A5D31E}
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109) --> C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109) --> C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
HDAUDIO Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA_hpq0033m\UIU32m.exe -U -Ihpq0033m.INF
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Backup and Recovery Manager Installer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x9 -uninst -removeonly
HP BatteryCheck 1.00 A7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69DAC00A-7665-4E9B-B441-093D40736429}\setup.exe" -l0x9 -removeonly uninst
HP Extended Capabilities 6.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Product Detection --> MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Quick Launch Buttons 6.30 J1 --> C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Update --> MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP Wireless Assistant --> MsiExec.exe /I{A5CE7175-080D-49AC-B5A3-E7E3502428F5}
ImageMixer VCD2 LE for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
InfoMaker 6.5 --> C:\WINDOWS\IsUninst.exe -fC:\Sybase\IMUninst.isu
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Lizardtech DjVu Control (autoinstall) --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DjVuLite.us.inf,DefaultUninstall,5
Lizardtech Express View Browser Plug-in --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C066DCF1-6E5D-4197-A290-7F1F30538DB6}\Setup.exe" -l0x9
Macromedia Flash Player 8 --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office OneNote 2003 --> MsiExec.exe /I{90A10409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft WSE 3.0 Runtime --> MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MSN Toolbar --> MsiExec.exe /I{3B438F0E-21BE-4E80-B921-5A9AA4DAA402}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda Antivirus 2008 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\SETUP.exe" -l0x9 -removeonly
PC Booster --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0601E1-B65C-11D5-80A9-0000B494D9A6}\setup.exe" -l0x9 -removeonly
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
Pertmaster v7.81 --> MsiExec.exe /X{A7C3C127-983D-48A0-B07F-841F86A70907}
PM FASTrack® --> "C:\Program Files\PM FASTrack\uninstall.exe" C:\PROGRA~1\PMFAST~1\install.log
Post-it® Digital Notes --> MsiExec.exe /I{AA2DC6BC-F088-46DD-994B-07F6C5A32EC1}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
SecurDisc Viewer --> MsiExec.exe /X{9AE57057-8E31-40EC-A8DD-A357E5291033}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sony Ericsson Media Manager 1.0 --> MsiExec.exe /X{06AC45D1-CB9B-48CC-B5C8-1A55DEE26AD0}
Sony Ericsson PC Suite 3.108.00 --> C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
StyleXP (remove only) --> "C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
SweetIM for Messenger 2.5 --> MsiExec.exe /X{C3576005-01B0-4C25-AA5F-40134CC78C42}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers. --> C:\Program Files\InstallShield Installation Information\{DB780B85-B4B5-4864-A49C-9B706B169C93}\setup.exe -runfromtemp -l0x0409
The Weather Channel Desktop 6 --> C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
The Weather Channel Toolbar --> C:\PROGRA~1\THEWEA~2\UNWISE.EXE C:\PROGRA~1\THEWEA~2\twcINSTALL.LOG
TRUST MI-2500X OPTICAL MOUSE --> C:\Program Files\Trust\MI-2500X OPTICAL MOUSE\uninst00.exe
Trust Photo Tools --> MsiExec.exe /I{84975365-177A-42EB-A265-9C9B6DB1FEA1}
Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe
WebVideo Support --> C:\WINDOWS\lnvegaow.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE


-- Application Event Log -------------------------------------------------------

Event Record #/Type15210 / Warning
Event Submitted/Written: 08/05/2008 11:32:40 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type15202 / Success
Event Submitted/Written: 08/05/2008 09:08:08 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type15200 / Error
Event Submitted/Written: 08/05/2008 09:02:49 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application qlbctrl.exe, version 6.3.6.1, faulting module qlbctrl.exe, version 6.3.6.1, fault address 0x00003de4.
Processing media-specific event for [qlbctrl.exe!ws!]

Event Record #/Type15163 / Error
Event Submitted/Written: 08/04/2008 03:43:30 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application pg2.exe, version 1.0.6.4, faulting module comctl32.dll, version 6.0.2900.2982, fault address 0x000048c6.
Processing media-specific event for [pg2.exe!ws!]

Event Record #/Type15088 / Warning
Event Submitted/Written: 08/04/2008 02:28:36 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type10086 / Warning
Event Submitted/Written: 08/05/2008 11:53:25 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type10078 / Error
Event Submitted/Written: 08/05/2008 11:42:39 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments "-Service"
in order to run the server:
{F5539356-2F02-40D4-999E-FA61F45FE12E}

Event Record #/Type10077 / Error
Event Submitted/Written: 08/05/2008 11:42:29 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments "-Service"
in order to run the server:
{F5539356-2F02-40D4-999E-FA61F45FE12E}

Event Record #/Type10076 / Error
Event Submitted/Written: 08/05/2008 11:42:19 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments "-Service"
in order to run the server:
{F5539356-2F02-40D4-999E-FA61F45FE12E}

Event Record #/Type10075 / Error
Event Submitted/Written: 08/05/2008 11:42:09 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service hpqwmiex with arguments "-Service"
in order to run the server:
{F5539356-2F02-40D4-999E-FA61F45FE12E}



-- End of Deckard's System Scanner: finished at 2008-08-05 12:04:23 ------------

BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:12:10 AM

Posted 07 August 2008 - 11:18 AM

Hello Gentorix and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Restart your computer.

4. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users