Hello,

I have read the thread and I seem to have the same problem.

I dont know if the same solution would apply in my case so I start again giving the DDS logs:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Guillaume at 1:05:58.93 on 02-07-2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.91.1033.18.3069.1944 [GMT 2:00]

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\vfsFPService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Guillaume\Desktop\gmer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Users\Guillaume\Desktop\dds.pif
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.HP.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Pavilion&pf=cnnb
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [ares] "c:\program files\ares\Ares.exe" -h
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: NameServer = 85.255.112.68,85.255.112.66
TCP: {0ECBD136-23E9-41FE-8373-11C4F97608E6} = 85.255.112.68,85.255.112.66
TCP: {9737D2AB-68FA-4999-B25B-0AF3DAF71C2D} = 85.255.112.68,85.255.112.66
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
LSA: Notification Packages = scecli DPPWDFLT

================= FIREFOX ===================

FF - ProfilePath - c:\users\guilla~1\appdata\roaming\mozilla\firefox\profiles\7epg4avp.default\
FF - component: c:\program files\digitalpersona\bin\firefoxext\components\dpffcli.dll
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\guillaume\appdata\local\google\update\1.2.183.7\npGoogleOneClick8.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-1 64160]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/01/21 03:06:23];c:\program files\hewlett-packard\media\dvd\000.fcl [2008-11-29 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_805f33de\AEstSrv.exe [2009-1-21 77824]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 921936]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-2-19 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2008-11-27 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2008-11-27 116096]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-11-18 599344]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-4 54784]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-1-21 22072]
S2 gupdate1c9e16bff8dc080;Google Update Service (gupdate1c9e16bff8dc080);c:\program files\google\update\GoogleUpdate.exe [2009-5-30 133104]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-2-19 222512]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-5-18 33176]
S3 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 19456]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-23 107360]

=============== Created Last 30 ================

2009-07-02 00:30--d-----c:\program files\common files\Wise Installation Wizard
2009-07-02 00:17--d-----c:\program files\Trend Micro
2009-07-02 00:16206,178,511a-------c:\windows\MEMORY.DMP
2009-07-01 23:5815,688a-------c:\windows\system32\lsdelete.exe
2009-07-01 21:1764,160a-------c:\windows\system32\drivers\Lbd.sys
2009-07-01 21:17-cd-h---c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-01 21:17-cd-h---c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-01 21:17--d-----c:\program files\Lavasoft
2009-07-01 13:42--d-----c:\users\guilla~1\appdata\roaming\.clamwin
2009-07-01 13:41--d-----c:\programdata\.clamwin
2009-07-01 13:41--d-----c:\program files\ClamWin
2009-07-01 13:41--d-----c:\progra~2\.clamwin
2009-06-30 14:57107,368a-------c:\windows\system32\GEARAspi.dll
2009-06-30 14:5715,464a-------c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-30 14:57--d-----c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-06-30 14:57--d-----c:\progra~2\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-06-30 12:57--d-----c:\users\guilla~1\appdata\roaming\Symantec
2009-06-30 12:49--d-----c:\program files\common files\Symantec Shared
2009-06-25 17:15--d-----c:\programdata\AVS4YOU
2009-06-25 17:15--d-----c:\progra~2\AVS4YOU
2009-06-25 17:15--d-----c:\users\guilla~1\appdata\roaming\AVS4YOU
2009-06-25 17:12974,848a-------c:\windows\system32\mfc70.dll
2009-06-25 17:12487,424a-------c:\windows\system32\msvcp70.dll
2009-06-25 17:12344,064a-------c:\windows\system32\msvcr70.dll
2009-06-25 17:12--d-----c:\program files\common files\AVSMedia
2009-06-25 17:121,700,352a-------c:\windows\system32\GdiPlus.dll
2009-06-25 17:1224,576a-------c:\windows\system32\msxml3a.dll
2009-06-25 17:12--d-----c:\program files\AVS4YOU
2009-06-24 10:36--d-----c:\users\guillaume\group
2009-06-21 16:43--d-----C:\mwdumper
2009-06-21 01:382,412,042a-------C:\mwdumper.jar
2009-06-17 22:34--d-----c:\users\guilla~1\appdata\roaming\Mozilla Embedded Browser
2009-06-17 18:12--d-----C:\Downloads
2009-06-14 13:5986,096a-------c:\windows\system32\php_mysqli.dll
2009-06-14 13:5945,135a-------c:\windows\system32\php_mysql.dll
2009-06-09 16:01--d-----C:\php5
2009-06-08 23:00--d-----c:\program files\Microsoft Visual Studio 8
2009-06-07 16:38--d-----c:\programdata\Lavasoft
2009-06-07 13:48--d-----c:\users\guillaume\Grupo
2009-06-06 11:23--d-----c:\users\guilla~1\appdata\roaming\Software
2009-06-06 11:23--d-----c:\program files\Quest Software
2009-06-06 11:23--d-----c:\program files\common files\Quest Shared
2009-06-05 20:43--d-----C:\wamp
2009-06-04 11:52--d-----c:\programdata\muvee Technologies
2009-06-02 15:09--d-----c:\users\guillaume\Divers
2009-06-02 11:54--d-----c:\users\guilla~1\appdata\roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-06-02 10:46--d-----c:\users\guilla~1\appdata\roaming\SolidDocuments
2009-06-02 10:4513,560a-------c:\windows\system32\solidlocalui.dll
2009-06-02 10:4521,240a-------c:\windows\system32\solidlocalmon.dll
2009-06-02 10:44--d-----c:\programdata\SolidDocuments
2009-06-02 10:44--d-----c:\progra~2\SolidDocuments

==================== Find3M ====================

2009-07-01 12:1786,016a-------c:\windows\inf\infstrng.dat
2009-07-01 12:1786,016a-------c:\windows\inf\infstor.dat
2009-07-01 12:1751,200a-------c:\windows\inf\infpub.dat
2009-05-18 14:182,076,672a-------c:\windows\system32\libmysql.dll
2009-05-16 10:2598,304a-------c:\windows\system32\CmdLineExt.dll
2009-05-14 04:160a--SHR--c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF9143YJF_E517901-371_4A_I3600_SHP_V98.32_F.23_T090105_WV3-1_L409_M3069_J320_
7AMD_8F31_92.20_#090121_N10EC8168;168C001C_(NU324PA#ACJ)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-05-01 20:303,366,912a-------c:\windows\system32\GPhotos.scr
2009-03-25 14:137,100,928a-------c:\program files\PocketDivXEncoder_0.3.96.exe
2009-01-21 13:00665,600a-------c:\windows\inf\drvindex.dat
2008-01-21 04:43174a--sh---c:\program files\desktop.ini
2006-11-02 14:42287,440a-------c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 14:42287,440a-------c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 14:4230,674a-------c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 14:4230,674a-------c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 11:20287,440a-------c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 11:20287,440a-------c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 11:2030,674a-------c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 11:2030,674a-------c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 1:06:30.45 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 21-01-2009 11:19:10
System Uptime: 07-02-2009 00:41:30 (3481 hours ago)

Motherboard: HP | | 3600
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-74 | Socket M2/S1G1 | 2200/1800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 287 GiB total, 86.189 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 1.857 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP26: 18-05-2009 16:52:24 - Installed MySQL Server 5.1
RP27: 18-05-2009 17:18:17 - Removed MySQL Server 5.1
RP28: 18-05-2009 19:05:39 - Installed MySQL Server 5.1
RP29: 18-05-2009 19:08:52 - Removed MySQL Server 5.1
RP30: 18-05-2009 21:23:52 - Windows Update
RP31: 19-05-2009 21:18:33 - Installed AVG Free 8.5
RP36: 20-05-2009 15:11:18 - Windows Update
RP37: 20-05-2009 22:26:05 - Installed MySQL Server 5.1
RP38: 20-05-2009 22:30:12 - Removed MySQL Server 5.1
RP39: 21-05-2009 08:58:04 - Windows Update
RP40: 24-05-2009 15:41:14 - Scheduled Checkpoint
RP41: 25-05-2009 19:53:23 - Windows Update
RP42: 26-05-2009 11:12:03 - Installed Opera 9.64
RP43: 26-05-2009 12:03:07 - Installed MySQL Server 5.1
RP44: 28-05-2009 16:07:30 - Windows Update
RP45: 28-05-2009 16:23:53 - Windows Update
RP48: 29-05-2009 11:21:15 - Installed Apache HTTP Server 2.0.63
RP49: 30-05-2009 15:04:57 - Scheduled Checkpoint
RP50: 01-06-2009 12:54:18 - Scheduled Checkpoint
RP51: 02-06-2009 09:59:08 - Windows Update
RP52: 02-06-2009 11:57:34 - Removed Solid Converter PDF v4
RP53: 02-06-2009 12:03:56 - Removed Adobe Reader 9.
RP54: 02-06-2009 12:09:10 - Installed Adobe Reader 8.1.0
RP55: 02-06-2009 12:19:45 - Removed Adobe Reader 8.1.0
RP56: 02-06-2009 12:26:42 - Removed Acrobat.com
RP127: 02-07-2009 00:40:23 - Restore Operation

==== Installed Programs ======================

Acrobat.com
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1
Adobe Shockwave Player
Agere Systems HDA Modem
AMD USB Audio Driver Filter
Atheros Driver Installation Program
ATI Catalyst Install Manager
Caesar IV
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
ClamWin Free Antivirus 0.95.2
CyberLink DVD Suite
DigitalPersona Personal 4.0
ESU for Microsoft Vista
FileZilla CLIENT 3.2.4.1
GearDrvs
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Common Access Service Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart TV
HP MediaSmart Webcam
HP MULTIPLE MODEM INSTALLER for VISTA
HP Quick Launch Buttons 6.40 L1
HP Total Care Advisor
HP Total Care Setup
HP Update
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
IDT Audio
Java(TM) 6 Update 7
JMicron JMB38X Flash Media Controller Driver
LabelPrint
LightScribe System Software 1.14.17.1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB954430)
My HP Games
MySQL Server 5.1
Norton Internet Security
Nvu 1.0PR
Opera 9.64
PHP 5.2.9-2
Picasa 3
Power2Go
PowerDirector
ProtectSmart Hard Drive Protection
Quest Software Toad for MySQL Freeware 4.1
Realtek 8169 8168 8101E 8102E Ethernet Driver
Skins
Skype™ 4.0
Synaptics Pointing Device Driver
Validity Sensors software
VLC media player 0.9.9
WampServer 2.0
Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
WinRAR archiver

==== Event Viewer Messages From Past Week ========

30-06-2009 21:16:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LiveUpdate Notice service.
30-06-2009 21:16:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CLTNetCnService service.
30-06-2009 21:15:57, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ccSetMgr service.
30-06-2009 21:15:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ccEvtMgr service.
30-06-2009 14:33:19, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp psc 1300 series with shared resource name hp psc 1300 series. Error 2114. The printer cannot be used by others on the network.
30-06-2009 14:33:07, Error: Service Control Manager [7022] - The IPsec Policy Agent service hung on starting.
30-06-2009 14:30:21, Error: EventLog [6008] - The previous system shutdown at 14:21:55 on 30-06-2009 was unexpected.
29-06-2009 23:05:02, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
29-06-2009 10:44:45, Error: Service Control Manager [7000] - The AVG Free On-access Scanner Minifilter Driver x86 service failed to start due to the following error: The system cannot find message text for message number 0xAVG Free On-access Scanner Minifilter Driver x86 in the message file for The system cannot find message text for message number 0x%1 in the message file for %2..
29-06-2009 10:44:43, Error: Service Control Manager [7000] - The AVG Free AVI Loader Driver x86 service failed to start due to the following error: The system cannot find message text for message number 0xAVG Free AVI Loader Driver x86 in the message file for The system cannot find message text for message number 0x%1 in the message file for %2..
27-06-2009 22:17:05, Error: EventLog [6008] - The previous system shutdown at 22:10:26 on 27-06-2009 was unexpected.
26-06-2009 10:38:11, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.34 for the Network Card with network address 00242C2F27B4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
25-06-2009 22:35:15, Error: EventLog [6008] - The previous system shutdown at 22:29:40 on 25-06-2009 was unexpected.
25-06-2009 12:52:30, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
25-06-2009 12:52:28, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.33 for the Network Card with network address 00242C2F27B4 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
25-06-2009 09:47:17, Error: PlugPlayManager [12] - The device 'JMB38X xD Host Controller' (PCI\VEN_197B&DEV_2384&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0450) disappeared from the system without first being prepared for removal.
25-06-2009 09:47:17, Error: PlugPlayManager [12] - The device 'JMB38X SD/MMC Host Controller' (PCI\VEN_197B&DEV_2382&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0150) disappeared from the system without first being prepared for removal.
25-06-2009 09:47:17, Error: PlugPlayManager [12] - The device 'JMB38X SD Host Controller' (PCI\VEN_197B&DEV_2381&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0250) disappeared from the system without first being prepared for removal.
25-06-2009 09:47:17, Error: PlugPlayManager [12] - The device 'JMB38X MS Host Controller' (PCI\VEN_197B&DEV_2383&SUBSYS_3600103C&REV_00\4&2c5d624a&0&0350) disappeared from the system without first being prepared for removal.
25-06-2009 09:47:05, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
02-07-2009 00:34:16, Error: EventLog [6008] - The previous system shutdown at 00:32:57 on 02-07-2009 was unexpected.
02-07-2009 00:32:30, Error: EventLog [6008] - The previous system shutdown at 00:30:20 on 02-07-2009 was unexpected.
02-07-2009 00:21:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
02-07-2009 00:17:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
02-07-2009 00:17:49, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
02-07-2009 00:17:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
02-07-2009 00:17:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
02-07-2009 00:17:14, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
02-07-2009 00:17:13, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
02-07-2009 00:17:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
02-07-2009 00:16:48, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
02-07-2009 00:16:48, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
02-07-2009 00:16:42, Error: EventLog [6008] - The previous system shutdown at 00:14:15 on 02-07-2009 was unexpected.
01-07-2009 21:17:31, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
01-07-2009 13:32:19, Error: Service Control Manager [7023] - The Secure Socket Tunneling Protocol Service service terminated with the following error: The RPC server is unavailable.
01-07-2009 13:32:19, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The RPC server is unavailable.
01-07-2009 12:16:04, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
01-07-2009 12:16:04, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.

==== End Of File ===========================


Thanks in advance for helping me out here.Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

DDS::
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
mURLSearchHooks: H - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TCP: NameServer = 85.255.112.68,85.255.112.66
TCP: {0ECBD136-23E9-41FE-8373-11C4F97608E6} = 85.255.112.68,85.255.112.66
TCP: {9737D2AB-68FA-4999-B25B-0AF3DAF71C2D} = 85.255.112.68,85.255.112.66

Folder::
c:\program files\avg

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa
* Unzip the file and open the JavaRa.exe
* Click Remove Older Versions
* JavaRa will search for and remove any outdated version of Java and remove any that are found.
* Click Additional Tasks
* Place a check next to Remove Useless JRE Files and click Go
* Exit JavaRa
* Delete the JavaRa files from the Desktop

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
Sorry, forgot this.

Download Security Check from one of the following links and save it to your Desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.[/list]

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

----------

Also let me know what antivirus you prefer to use. I see ClamWin and Norton but it looks like Norton isn't running.Hi,


Thanks for the quick reply.

I am using ClamWin now.

The log after running ComboFIx is here:


ComboFix 09-07-01.01 - Guillaume 02-07-2009 1:58.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.91.1033.18.3069.2062 [GMT 2:00]
Running from: c:\users\Guillaume\Desktop\ComboFix1.exe
Command switches used :: c:\users\Guillaume\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gxvxcoxyqisirdbgrshqltjfqpnppynxitbow.sys
c:\windows\system32\gxvxccount
c:\windows\system32\gxvxckvcnewtfoyxnwodiwnsxjpnofqpdpnuw.dll
c:\windows\system32\gxvxcxtsvyvnqvjtubxrlrdhegupcxbdluvhf.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.

2009-07-02 00:18 . 2009-07-02 00:18--------d-----w-c:\users\Guillaume\AppData\Local\temp
2009-07-01 23:41 . 2009-07-01 23:41410984----a-w-c:\windows\system32\deploytk.dll
2009-07-01 22:30 . 2009-07-01 22:30--------d-----w-c:\program files\Common Files\Wise Installation Wizard
2009-07-01 22:17 . 2009-07-01 22:17--------d-----w-c:\program files\Trend Micro
2009-07-01 21:58 . 2009-01-18 21:3515688----a-w-c:\windows\system32\lsdelete.exe
2009-07-01 19:17 . 2009-01-18 21:3064160----a-w-c:\windows\system32\drivers\Lbd.sys
2009-07-01 19:17 . 2009-07-01 19:17--------dc-h--w-c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-01 19:17 . 2009-01-18 21:432892112-c--a-w-c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-07-01 19:17 . 2009-07-01 19:17--------d-----w-c:\program files\Lavasoft
2009-07-01 11:42 . 2009-07-01 11:48--------d-----w-c:\users\Guillaume\AppData\Roaming\.clamwin
2009-07-01 11:41 . 2009-07-01 11:41--------d-----w-c:\programdata\.clamwin
2009-07-01 11:41 . 2009-07-01 11:41--------d-----w-c:\program files\ClamWin
2009-06-30 12:57 . 2008-04-17 11:1215464----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2009-06-30 12:57 . 2008-04-17 11:12107368----a-w-c:\windows\system32\GEARAspi.dll
2009-06-30 12:57 . 2009-06-30 12:57--------d-----w-c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-06-30 10:57 . 2009-07-01 07:40--------d-----w-c:\users\Guillaume\AppData\Roaming\Symantec
2009-06-30 10:49 . 2009-07-01 11:31--------d-----w-c:\program files\Common Files\Symantec Shared
2009-06-30 09:08 . 2009-06-30 09:08--------d-----w-c:\users\Public\InOut
2009-06-29 21:20 . 2009-06-29 21:20680----a-w-c:\users\Guillaume\AppData\Local\d3d9caps.dat
2009-06-25 15:15 . 2009-06-25 15:15--------d-----w-c:\programdata\AVS4YOU
2009-06-25 15:15 . 2009-06-25 15:15--------d-----w-c:\users\Guillaume\AppData\Roaming\AVS4YOU
2009-06-25 15:12 . 2009-07-01 19:11--------d-----w-c:\program files\Common Files\AVSMedia
2009-06-25 15:12 . 2003-05-21 21:50344064----a-w-c:\windows\system32\msvcr70.dll
2009-06-25 15:12 . 2002-01-05 12:48974848----a-w-c:\windows\system32\mfc70.dll
2009-06-25 15:12 . 2002-01-05 11:40487424----a-w-c:\windows\system32\msvcp70.dll
2009-06-25 15:12 . 2009-07-01 19:11--------d-----w-c:\program files\AVS4YOU
2009-06-25 15:12 . 2008-07-11 09:521700352----a-w-c:\windows\system32\GdiPlus.dll
2009-06-25 15:12 . 2003-05-21 21:5024576----a-w-c:\windows\system32\msxml3a.dll
2009-06-24 08:36 . 2009-06-25 11:14--------d-----w-c:\users\Guillaume\group
2009-06-21 14:43 . 2009-06-21 14:43--------d-----w-C:\mwdumper
2009-06-17 20:34 . 2009-06-22 17:55--------d-----w-c:\users\Guillaume\AppData\Roaming\Mozilla Embedded Browser
2009-06-17 16:12 . 2009-06-24 15:20--------d-----w-C:\Downloads
2009-06-15 12:58 . 2009-06-15 12:58--------d-----w-c:\users\Guillaume\AppData\Local\Quest Software
2009-06-14 11:59 . 2009-04-09 06:2586096----a-w-c:\windows\system32\php_mysqli.dll
2009-06-14 11:59 . 2009-04-09 06:2545135----a-w-c:\windows\system32\php_mysql.dll
2009-06-09 14:01 . 2009-06-09 14:01--------d-----w-C:\php5
2009-06-08 21:03 . 2009-06-08 21:03--------d-----w-c:\program files\Microsoft Works
2009-06-08 21:00 . 2009-06-08 21:00--------d-----w-c:\program files\Microsoft Visual Studio 8
2009-06-08 20:59 . 2009-06-08 20:59--------d-----w-c:\users\Guillaume\AppData\Local\Microsoft Help
2009-06-08 20:58 . 2009-06-08 20:58--------d--h--r-C:\MSOCache
2009-06-08 20:39 . 2009-06-08 20:39--------d-----w-c:\users\Guillaume\AppData\Local\Seven Zip
2009-06-07 14:38 . 2009-07-01 19:17--------d-----w-c:\programdata\Lavasoft
2009-06-07 14:32 . 2009-06-07 14:32--------d-----w-c:\windows\Sun
2009-06-07 11:48 . 2009-06-07 11:53--------d-----w-c:\users\Guillaume\Grupo
2009-06-06 09:23 . 2009-06-06 09:233584----a-r-c:\users\Guillaume\AppData\Roaming\Microsoft\Installer\{D58340FF-57D2-4AF3-81DB-073DDD4FAEA9}\IconTmpl7.15B59236_99D3_4DBB_BC63_B5BF7D73F468.exe
2009-06-06 09:23 . 2009-06-06 09:23244224----a-r-c:\users\Guillaume\AppData\Roaming\Microsoft\Installer\{D58340FF-57D2-4AF3-81DB-073DDD4FAEA9}\Icon8EEA8E04.exe
2009-06-06 09:23 . 2009-06-06 09:23--------d-----w-c:\users\Guillaume\AppData\Roaming\Software
2009-06-06 09:23 . 2009-06-06 09:23--------d-----w-c:\program files\Common Files\Quest Shared
2009-06-06 09:23 . 2009-06-06 09:23--------d-----w-c:\program files\Quest Software
2009-06-05 18:43 . 2009-06-09 15:50--------d-----w-C:\wamp
2009-06-04 09:52 . 2009-06-04 09:52--------d-----w-c:\programdata\muvee Technologies
2009-06-04 09:51 . 2009-06-04 09:52--------d-----w-c:\users\Guillaume\AppData\Roaming\muvee Technologies
2009-06-02 13:09 . 2009-06-29 11:41--------d-----w-c:\users\Guillaume\Divers
2009-06-02 11:38 . 2009-06-02 11:38--------d-----w-c:\program files\Common Files\Adobe AIR
2009-06-02 10:09 . 2009-06-02 11:37--------d-----w-c:\program files\Common Files\Adobe
2009-06-02 09:54 . 2009-06-02 09:54--------d-----w-c:\users\Guillaume\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-06-02 08:46 . 2009-06-02 08:50--------d-----w-c:\users\Guillaume\AppData\Roaming\SolidDocuments
2009-06-02 08:45 . 2008-08-01 16:3213560----a-w-c:\windows\system32\solidlocalui.dll
2009-06-02 08:45 . 2008-08-01 16:3221240----a-w-c:\windows\system32\solidlocalmon.dll
2009-06-02 08:44 . 2009-06-02 08:44--------d-----w-c:\programdata\SolidDocuments

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 23:57 . 2009-01-21 10:1812----a-w-c:\windows\bthservsdp.dat
2009-07-01 23:41 . 2009-02-19 11:40--------d-----w-c:\program files\Java
2009-07-01 11:31 . 2009-02-19 09:35--------d-----w-c:\programdata\Symantec
2009-06-29 22:28 . 2009-02-19 10:26--------d-----w-c:\program files\Microsoft SQL Server
2009-06-29 22:24 . 2009-02-19 10:23--------d-----w-c:\program files\Microsoft.NET
2009-06-29 22:12 . 2009-05-26 17:09--------d-----w-c:\users\Guillaume\AppData\Roaming\NuSphere
2009-06-29 22:09 . 2009-02-19 10:02--------d-----w-c:\programdata\WildTangent
2009-06-29 22:09 . 2009-02-19 10:02--------d-----w-c:\program files\HP Games
2009-06-23 16:00 . 2009-05-22 11:29--------d-----w-c:\users\Guillaume\AppData\Roaming\CyberLink
2009-06-20 18:12 . 2009-05-26 11:00--------d-----w-c:\users\Guillaume\AppData\Roaming\DBDesigner4
2009-06-19 13:00 . 2009-05-18 12:02--------d-----w-c:\program files\PHP
2009-06-17 19:54 . 2009-06-01 08:32--------d-----w-c:\users\Guillaume\AppData\Roaming\Skype
2009-06-17 19:40 . 2009-06-01 08:45--------d-----w-c:\users\Guillaume\AppData\Roaming\skypePM
2009-06-08 21:45 . 2009-05-14 02:20104560----a-w-c:\users\Guillaume\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-08 21:06 . 2009-02-19 10:21--------d-----w-c:\programdata\Microsoft Help
2009-06-08 21:03 . 2006-11-02 12:37--------d-----w-c:\program files\MSBuild
2009-06-08 08:26 . 2009-05-14 02:52--------d-----w-c:\users\Guillaume\AppData\Roaming\Hewlett-Packard
2009-06-08 08:25 . 2009-02-19 09:33--------d-----w-c:\programdata\Hewlett-Packard
2009-06-07 17:07 . 2009-05-31 20:18--------d-----w-c:\users\Guillaume\AppData\Roaming\FileZilla
2009-06-03 13:47 . 2009-02-19 09:32--------d--h--w-c:\program files\InstallShield Installation Information
2009-06-02 10:25 . 2009-05-19 19:41--------d-----w-c:\program files\File Recover
2009-06-01 08:45 . 2009-06-01 08:4556---ha-w-c:\windows\system32\ezsidmv.dat
2009-06-01 08:32 . 2009-06-01 08:32--------d-----w-c:\program files\Common Files\Skype
2009-06-01 08:32 . 2009-06-01 08:32--------d-----r-c:\program files\Skype
2009-06-01 08:32 . 2009-06-01 08:32--------d-----w-c:\programdata\Skype
2009-05-31 20:18 . 2009-05-31 20:18--------d-----w-c:\program files\FileZilla FTP Client
2009-05-30 21:18 . 2009-05-15 03:52--------d-----w-c:\program files\Google
2009-05-28 20:00 . 2009-05-28 20:00--------d-----w-c:\program files\EASEUS
2009-05-28 18:02 . 2009-02-19 12:35--------d-----w-c:\program files\SMINST
2009-05-26 10:53 . 2009-05-26 10:53--------d-----w-c:\program files\Common Files\fabFORCE
2009-05-26 10:53 . 2009-05-26 10:53--------d-----w-c:\program files\fabFORCE
2009-05-26 10:03 . 2009-05-26 10:03--------d-----w-c:\programdata\MySQL
2009-05-26 09:12 . 2009-05-26 09:12--------d-----w-c:\program files\Opera
2009-05-25 23:40 . 2009-05-25 22:13--------d-----w-c:\users\Guillaume\AppData\Roaming\vlc
2009-05-25 22:12 . 2009-05-25 22:12--------d-----w-c:\program files\VideoLAN
2009-05-20 21:09 . 2009-02-19 09:35--------d-----w-c:\programdata\Norton
2009-05-19 19:34 . 2009-05-19 19:34--------d-----w-c:\programdata\ParetoLogic
2009-05-19 19:33 . 2009-05-19 19:33--------d-----w-c:\programdata\Cached Installations
2009-05-19 19:19 . 2009-05-19 19:19--------d-----w-c:\program files\AVG
2009-05-19 09:06 . 2006-11-02 11:18--------d-----w-c:\program files\Windows Mail
2009-05-18 19:26 . 2009-05-18 19:26--------d-----w-c:\program files\MSXML 4.0
2009-05-18 17:49 . 2009-05-18 17:49--------d-----w-c:\programdata\NOS
2009-05-18 17:49 . 2009-05-18 17:49--------d-----w-c:\program files\NOS
2009-05-18 15:34 . 2009-05-18 15:34--------d-----w-c:\users\Guillaume\AppData\Roaming\Nvu
2009-05-18 15:34 . 2009-05-18 15:34--------d-----w-c:\program files\Nvu
2009-05-18 12:18 . 2009-05-29 10:152076672----a-w-c:\windows\system32\libmysql.dll
2009-05-17 06:24 . 2009-05-17 06:24--------d-----w-c:\program files\Western Digital Corporation
2009-05-16 15:39 . 2009-05-16 15:390----a-w-c:\windows\nsreg.dat
2009-05-16 08:25 . 2009-05-16 08:25--------d--h--r-c:\users\Guillaume\AppData\Roaming\SecuROM
2009-05-16 08:25 . 2009-05-16 08:2598304----a-w-c:\windows\system32\CmdLineExt.dll
2009-05-16 08:14 . 2009-05-16 08:14--------d-----w-c:\program files\Sierra
2009-05-16 08:11 . 2009-05-16 08:11--------d-----w-c:\users\Guillaume\AppData\Roaming\InstallShield
2009-05-15 03:53 . 2009-05-15 03:53--------d-----w-c:\program files\Common Files\PX Storage Engine
2009-05-14 02:55 . 2009-05-14 02:55--------d-----w-c:\users\Guillaume\AppData\Roaming\WildTangent
2009-05-14 02:52 . 2009-05-14 02:52--------d-----w-c:\users\Guillaume\AppData\Roaming\Macrovision
2009-05-14 02:52 . 2009-05-14 02:52--------d-----w-c:\users\Guillaume\AppData\Roaming\ATI
2009-05-14 02:51 . 2009-05-14 02:51--------d-----w-c:\users\Guillaume\AppData\Roaming\DigitalPersona
2009-05-14 02:18 . 2009-05-14 02:18--------d-----w-c:\users\Guillaume\AppData\Roaming\HP TCS
2009-05-14 02:18 . 2006-11-02 12:37--------d-----w-c:\program files\Windows Sidebar
2009-05-14 02:16 . 2009-05-14 02:160--sha-r-c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv5 Notebook PC_Y5335KV_0U_QCNF9143YJF_E517901-371_4A_I3600_SHP_V98.32_F.23_T090105_WV3-1_L409_M3069_J320_7AMD_8F31_92.20_#090121_N10EC8168;168C001C_(NU324PA#ACJ)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-05-01 18:30 . 2009-05-01 18:303366912----a-w-c:\windows\system32\GPhotos.scr
2009-03-25 12:13 . 2009-05-15 03:357100928----a-w-c:\program files\PocketDivXEncoder_0.3.96.exe
2009-02-19 10:47 . 2009-02-19 10:338192--sha-w-c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-12-11 842816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-06-11 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-01 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification PackagesREG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{E6DB3961-07E4-45A0-AA3C-F3B3B7F4F9F7}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{353CF60D-E2AD-4F09-B76F-C1CDD3478789}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe:HP TouchSmart Music
"{4AA41B04-FF93-4B2D-A7A8-6DA731383642}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{3A5169F5-3859-4E6E-BB92-5B35B8C6911B}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe:HP TouchSmart Video
"{BC92971A-983D-4974-88A3-576F943534BC}"= c:\program files\Hewlett-Packard\Media\DVD\TSMAgent.exe:HP TouchSmart Media Resident Program
"{A7467990-D655-4E94-80E7-FA9E8BA1E3FA}"= c:\program files\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{A00F1E0E-FBE5-4BB6-97FB-380E719F92E5}"= c:\program files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe:HP MediaSmart DVD
"{6F13DC25-28CE-42DB-ABD0-5682B2024A79}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe:HP TouchSmart Music
"{67D587A5-DEB8-4A93-B3B1-3226CAB96983}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{94801C04-866B-4BF4-A902-F4195C37EA9B}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe:HP TouchSmart Video
"{8B4BBE2F-DFEB-4EA4-BCC8-2734E5E8A9FB}"= c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe:HP TouchSmart Media Resident Program
"{92E60A91-51C1-4153-914B-020EE33F6C60}"= c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{535552D7-2F2E-457A-A653-B94E417C029B}"= c:\program files\Hewlett-Packard\Media\TV\QP.exe:Quick Play
"{445E2C51-CF0E-4F90-83EB-C1903B572927}"= c:\program files\Hewlett-Packard\Media\TV\QPService.exe:Quick Play Resident Program
"TCP Query User{6B46CD09-8566-434F-A3FF-CBDA4B0B7331}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{C11FEE4C-5B54-453A-83D4-25941667E24E}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{844E49C1-FDE0-4617-8D07-9CE36D1BF429}c:\\program files\\ares\\ares.exe"= UDP:c:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{EB116974-69E3-4B3F-8A6A-A7CCDB2A6FCA}c:\\program files\\ares\\ares.exe"= TCP:c:\program files\ares\ares.exe:Ares p2p for windows
"{8F9629FE-2EC6-4DB4-B73F-DE5398BD5FA1}"= UDP:c:\program files\nusphere\phped\Srv.exe:NuSphere PhpED SRV web server
"{809437AF-EDE8-42B0-AB49-89B0183A1352}"= TCP:c:\program files\nusphere\phped\Srv.exe:NuSphere PhpED SRV web server
"{9D1960D7-5A1C-451F-9530-A2A63A482EE7}"= UDP:c:\program files\nusphere\phped\debugger\DbgListener.exe:NuSphere PhpED Dbg Listener
"{125EECFC-463C-41F6-99FD-F26D456CF288}"= TCP:c:\program files\nusphere\phped\debugger\DbgListener.exe:NuSphere PhpED Dbg Listener
"{C420771C-6514-4124-9253-5143600D9699}"= UDP:c:\program files\nusphere\phped\phped.exe:NuSphere PhpED Embedded browser
"{4C5C4A73-C523-4639-AA30-079FF741791B}"= TCP:c:\program files\nusphere\phped\phped.exe:NuSphere PhpED Embedded browser
"{0858C917-6AE0-47FD-9220-529AC026C79A}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{2ABB040C-C949-4C0A-99A1-698D45CF9014}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{0F855C04-E7EE-4B44-AE86-C5E8541D7566}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{640C01A5-F4AC-47DF-8372-C676D3CE567E}c:\\program files\\nusphere\\phped\\debugger\\dbglistener.exe"= UDP:c:\program files\nusphere\phped\debugger\dbglistener.exe:Listener for php debugger DBG
"UDP Query User{29EC753F-84F2-48F1-8170-B813D5537431}c:\\program files\\nusphere\\phped\\debugger\\dbglistener.exe"= TCP:c:\program files\nusphere\phped\debugger\dbglistener.exe:Listener for php debugger DBG
"TCP Query User{79D3A5C4-4E33-4AF6-BF9E-375EC79BEB93}c:\\program files\\nusphere\\phped\\srv.exe"= UDP:c:\program files\nusphere\phped\srv.exe:SRV Local WEB server
"UDP Query User{08869455-D764-4AAD-823E-A744B1FDA516}c:\\program files\\nusphere\\phped\\srv.exe"= TCP:c:\program files\nusphere\phped\srv.exe:SRV Local WEB server
"{1B779A5F-1F93-4A92-8729-18090A1ECBA2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C16D5914-BA67-4BE6-B6E9-E7790E83F72C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{6797A88C-F4AD-4568-A9B5-5B435E0C06E8}"= c:\program files\Skype\Phone\Skype.exe:Skype

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [01-07-2009 21:17 64160]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/01/21 03:06];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [29-11-2008 04:04 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe [21-01-2009 12:29 77824]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [18-01-2009 23:34 921936]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [19-02-2009 14:35 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [27-11-2008 03:13 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [27-11-2008 03:13 116096]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [18-11-2008 16:09 599344]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [04-09-2008 19:47 54784]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [21-01-2009 12:33 22072]
S2 gupdate1c9e16bff8dc080;Google Update Service (gupdate1c9e16bff8dc080);c:\program files\Google\Update\GoogleUpdate.exe [30-05-2009 23:17 133104]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [19-02-2009 11:49 222512]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [18-05-2009 19:49 33176]
S3 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19-03-2008 02:24 19456]
S3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [23-10-2008 11:42 107360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcsREG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 21:34]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 21:16]

2009-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-30 21:16]

2009-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809033370-1981303550-699846253-1003Core.job
- c:\users\Guillaume\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-29 21:16]

2009-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809033370-1981303550-699846253-1003UA.job
- c:\users\Guillaume\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-29 21:16]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ares - c:\program files\Ares\Ares.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_in&c=91&bd=Pavilion&pf=cnnb
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Guillaume\AppData\Roaming\Mozilla\Firefox\Profiles\7epg4avp.default\
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\Guillaume\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-02 02:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\mysql\bin\mysqld\" --defaults-file=\"c:\mysql\my.ini\" MySQL"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3809033370-1981303550-699846253-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a5,c6,03,b0,fe,da,19,0e,13,6f,1d,be,81,54,7e,02,98,7a,e5,db,eb,9e,6e,
b8,0d,f4,3e,c1,a9,b2,25,b3,df,5f,35,0d,bb,d1,a9,20,18,46,31,f0,11,60,81,fe,\
"??"=hex:03,ed,aa,f5,c2,c1,45,25,6f,40,71,e2,b3,45,2f,79

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\DPPWDFLT.dll
.
Completion time: 2009-07-02 2:20
ComboFix-quarantined-files.txt 2009-07-02 00:20

Pre-Run: 92,222,681,088 bytes free
Post-Run: 92,724,477,952 bytes free

298--- E O F ---2009-06-02 07:59


and the checkup.txt :


Results of screen317's Security Check version 0.98.4
Windows Vista Service Pack 1
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````
Windows Firewall Enabled!
ClamWinFreeAntivirus0.95.2
NortonInternetSecurity
ECHO is off.
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````
Ad-Aware
Java(TM) 6 Update 14
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````

Scan took 3517 seconds.
`````````End of Log```````````




ClamWin is a good antivirus scanner but it offers no real-time blocking so you need to install an actual real-time antivirus ASAP.

Please do this while I am looking over the ComboFix log.

Go to Add or Remove Programs and uninstall: NortonInternetSecurity

Also make sure Java(TM) 6 Update 7 is NOT still there. If so please uninstall it also.

---

Next:

Download the Norton Removal Tool (SymNRT) to your desktop.

Once downloaded please close ALL open browsers, also save any work because this may require a restart.

• Go to your desktop and double click on the 'Norton_Removal_Tool' and then click Setup.
  
• Once open Click Next
  
• Accept the license agreement and click Next
  
• Type in the letters/numbers that you see into the text box then click Next.
  
• Then click Next and the tool will start running.
  
• Once finished restart the PC.
• Delete the 'Norton_Removal_Tool' from your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to the following:
• Update Malwarebytes' Anti-Malware
  
• Launch Malwarebytes' Anti-Malware

• Then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Be sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply.

• Click Start Now
  
• Check the box next to Enable thorough system inspection.
  
• Click Start
  
• Allow the scan to finish and scroll down to see if any updates are needed.
• Update anything listed.