Explore topic-wise InterviewSolutions in .

i saved a hijack this file so im going to copy and paste that but when i boot my computer the bottom taskbar is locked in the hidden position (windows xp sp3), also the internet sends me to a belkin hotel login screen, finally besides other problems i cannot drag and drop or open malwarebytes i hav kav 2010 and it cannot find anything.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:59:15 AM, on 3/22/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253326129388
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253326163263
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

--
End of file - 3959 bytes
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Once you've gotten one of them to run then try to immediately run the following.
 
Now download and Run exeHelper.

Please download exeHelper from Raktor to your desktop.

• Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.
  
  Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
  ================================
  
  SUPERAntiSpyware
  
  If you already have SUPERAntiSpyware be sure to check for updates before scanning!
  
  Download SuperAntispyware Free Edition (SAS)
  * Double-click the icon on your desktop to run the installer.
  * When asked to Update the program definitions, click Yes
  * If you encounter any problems while downloading the updates, manually download and unzip them from here
  * Next click the Preferences button.
  
  •Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
  * Click the Scanning Control tab.
  * Under Scanner Options make sure only the following are checked:
  
  •Close browsers before scanning
  •Scan for tracking cookies
  •Terminate memory threats before quarantining
  •Please leave the others unchecked
  
  •Click the Close button to leave the control center screen.
  
  * On the main screen click Scan your computer
  * On the left check the box for the drive you are scanning.
  * On the right choose Perform Complete Scan
  * Click Next to start the scan. Please be patient while it scans your computer.
  * After the scan is complete a summary box will appear. Click OK
  * Make sure everything in the white box has a check next to it, then click Next
  * It will quarantine what it found and if it asks if you want to reboot, click Yes
  
  •To retrieve the removal information please do the following:
  •After reboot, double-click the SUPERAntiSpyware icon on your desktop.
  •Click Preferences. Click the Statistics/Logs tab.
  
  •Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  
  •It will open in your default text editor (preferably Notepad).
  •Save the notepad file to your desktop by clicking (in notepad) File > Save As...
  
  * Save the log somewhere you can easily find it. (normally the desktop)
  * Click close and close again to exit the program.
  *Copy and Paste the log in your post
  ================================
  Malwarebytes' Anti-Malware (MBAM)
  
  If you already have Malwarebytes be sure to check for updates before scanning!
  
  Download Malwarebytes Anti-Malware and save it to your desktop. Alternate download link
  
  •Double-click mbam-setup.exe and follow the PROMPTS to install the program.
  
  •Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
  •If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  
  •If an update is found, it will download and install the latest version.
  •Once the program has loaded, select Perform Quick Scan, then click Scan.
  
  •When the scan is complete, click OK, then Show RESULTS to view the results.
  
  •Be sure that everything is checked, and click Remove Selected.
  
  •When completed, a log will open in Notepad. Save it to a convenient location like the Desktop.
  
  •The log is also automatically saved and can be viewed later by clicking the Logs tab in MBAM.
  
  •Copy and Paste the contents of the report in your reply.
  
  •Exit MBAM.
  .
  Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  
  
  

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools ]A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you.  Please include the contents of C:\ComboFix.txt in your next reply.
  

I'm kind of freaked out with what happened to my Documents folder. I plugged in a USB in my laptop which I used in another computer (which was used by A LOT of people already) earlier, then I opened a folder (in the USB) which was already turned into an application (.exe FILE). I was kinda puzzled at first but I just opened other files on the USB instead. After copying some files to my Documents folder, I noticed that all my other folders in the Documents area were turned into applications as well! I'm guessing I'm infected with some worm or virus, but for the first time I couldn't really FIND a specific solution on the net. I don't even have an idea on what this virus or worm is called.  I do hope you GUYS can help me out.

Thank you so much!There are many kind of virus that do this, they work and spread though infecting autorun.inf. As soon as you access an infected drive it can run automatically. To protect yourself from them it is recommended to disabled the Autorun FEATURE on all drives on your computer. When you do GET it cleaned ensure you also clean the external flash drives and devices like iPods, etc.

Someone else will have to tell you how to remove it as I'm not allowed to here (not a specialist).Oh my. Do you have any idea if I could still restore my infected folders and how? I can't seem to find my files anymore  Please go to this link and follow the directions and post the required logs.

I wrote in the windows xp section of the forum that a virus made to look LIKE an antivirus seemed to have DOWNLOADED itself onto my computer and that I tried to DELETE it before anything happened and run a scan, but my computer froze. I was told on the forum to follow the malware guide thing but before I can do anything, my computer freezes. I was then told to ask here. Also, sometimes before the screen to choose the user, it'll do some sort of chkdsk thing for a couple of seconds, but it doesn't seem to do anything. Not only that, but WHENEVER I try going into safe mode it freezes.

 I really need to fix this without having to put my computer back to factory settings. Any help will be GREATLY appreciated.

My Dell PC has a virus. I realized a reinstallation of the OS was the fix, but didn't have the original disk. So I reqeusted one from Dell and they sent one right away, to their credit. So I backed everything up and made a list of all my apps to reinstall and set about to try to boot from the disk.

However, I have run into a snag. My original Dell CD-Rom drive broke awhile back, so I installed a Sony CD/DVD-RW drive in the slot below the original drive, leaving the original drive in place. The Sony drive works fine for playing disks, but--and here's the problem--the computer will not boot from it.

I figured I would just disconnect the old drive so the computer would be forced to SEE the NEW drive, but that did not work. The computer then would not recognize any disk drive at all. Then I tried switching the positions of the two drives (replacing the cables accordingly), but again came up with a beep during the startup and a message saying no disk drive was recognized.

So, FRUSTRATED, I then PUT the broken drive back in again as drive O and the Sony as drive 1, as originally, and the computer started up and appeared to operate normally again (no beep during startup), but of course it STILL will not boot from the Sony drive in position 1.

I tried searching the web, but could find nothing for this particular set of facts.

Thanks in advance,

MitchPlease do not post the same question more than once. I've already responded in your other thread.Sorry.  Wasn't sure which was the proper forum.   How can j command acomputer with avirus

how can juse prompt command


[recovering DISK space - old attachment deleted by ADMIN]

Hi and me too but ye...
thanks for yur referral though
i looked at the post but i am unsure as to what to do and where to start from.
It seems the post is more genral for any type of virus/malware/spyware etc and
not specific to my particular one so i'm not too sure if it will work.
But thnanks anyways

Visio
xx

Ok I have 7 INFECTED files which is A Malware virus, None of the scanners I use can identify them or can't clean them such as

www.malwarebytes.org
AVG scanner ( in safe mode )
Windows defender
Eset online scanner
F-Secure scanner

Only F-secure IDENTIFIED the viruses but it can't clean them i really need A GOOD Malware scanner

any ideas? 
try spybot search and destroy or superantispyware.I apply for Geek university but it did not GET a reply from them. What should i do?Hi...

I will suggest that try for avast anti-virus and have experience of it. This anti-virus I am using from last many days and it is giving me good response. It is one of the decent malware.Please go to this link and follow the directions and post the required LOGS.

Hello,

Thank you in advance for whoever will help me! I was on theknot.com (My online wedding site) when all the sudden a window popped up trying to scan my computer for a virus which I immediately clicked out of and ended its processes. However, now I can no longer open the majority of files on my computer and anything I can open I have to bypass the simple "double-click" METHOD. I will so very much appreciate anyone who will help me!


Ok, so I followed the steps in the "Read this before requesting malware removal help." The results are as follows:

Step A: Antivirus

For my Antivirus, I am on the Christopher Newport University computer network and they require us to use Symmantec Antivirus. But I also already had SUPERAntiSpyware downloaded and I normally scan my computer with that once a week.

Step B: Firewall

I am running Windows XP, so I tried downloading the Online Armor that was recommended, but once it was downloaded and I tried to install it, everytime I double-clicked on it a window would pop-up saying that "This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel." So I moved on to the next step.


Step 1: Add or Remove Programs

The only programs I found that I do not know what are are as follows:

-Browser Defender 2.0.6.11
-Conexant D850 56K V.9x DFVc Modem
-MSXML 4.0 SP2 KB927978
-MSXML 4.0 SP2 KB936181
-MSXML 4.0 SP2 KB954430
-MSXML 4.0 SP2 KB973688
-Pando Media Booster
-TBS WMP Plug-in

Step 2: House Cleaning

Everything went as normal for this step.

Step 3: SUPERAntiSpyware

Performed the scan and rebooted the computer, however, when I tried to open the log to save it to the desktop, it said that there was an unexpected error and the program had to restart. Moved on to the next step.

Step 4: Malwarebytes' Anit-Malware

Performed the quick scan as normal and saved the log file:

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

3/29/2010 9:18:54 PM
mbam-log-2010-03-29 (21-18-54).txt

Scan type: Quick Scan
Objects scanned: 99358
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry DATA Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Step 5: Update Your Java

I checked my version and it was old so when I tried to download the newer version it came up with the: "This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel" message again, so I moved on to the next step.

Step 6: Hijack This

This program ran normally, this is the log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:31 PM, on 3/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.cnu.edu
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Adobe Photo DOWNLOADER] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [bncsaui.exe] %ProgramFiles%\Bradford Networks\Persistent Agent\bncsaui.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /schedule 300000
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
O4 - Startup: SCRABBLE Complete Registration.lnk = C:\Documents and Settings\Phixius\Local Settings\Temp\{674CC721-836B-41EA-BBF6-1C9A05153328}\{B36649A3-D0DD-4706-B042-F5B384529C7A}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - RES://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-fashion-dash/fashiondashweb.1.0.0.21.cab
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} (CPlayFirstDairyDashWControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-dairy-dash/DairyDashWeb.1.0.0.16.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {26e6b759-deeb-42a1-a21c-78cd29098411} (CPlayFirstFitnessDasControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-fitness-dash/FitnessDashWeb.1.0.0.11.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by112fd.bay112.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155753227468
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse.com/games/gamehouse/ghplayer.cab
O16 - DPF: {74EF5274-F439-2168-B543-14745B625C72} (CPlayFirstWeddingDasControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-wedding-dash-2/WeddingDash2Web.1.0.0.11.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab55579.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab55579.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.gamehouse.com/games/DinerDashFloGo.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {c0c0cb9b-bfeb-47c2-90fa-be9692875adb} (CPlayFirstPetShopHopControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-pet-shop-hop/petshophopweb.1.0.0.16.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-chocolatier-2-secret-ingredients/Chocolatier2Web.1.0.0.14.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {E9B80D94-D8BB-43CC-9138-75605A8D9666} (CPlayFirstWeddingDashControl Object) - http://aolsvc.aol.com/onlinegames/free-trial-wedding-dash/WeddingDash.1.0.0.50.cab
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} (CPlayFirstWeddingDashControl Object) - http://www.gamehouse.com/games/WeddingDash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bradford Persistent Agent Service (bnpagent) - Bradford Networks - C:\Program Files\Bradford Networks\Persistent Agent\bndaemon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 13470 bytes




This is the end of the "Read this before..."

Thanks so much for helping me!Also, for the SUPERAntiSpyware scan, it detected 3 harmful programs, all 3 of which were trojans and 1 of them was an installer. Just thought I'd mention that.UPDATE:

Ok, so last night, my Symmantec antivirus picked up on 2 Packed.Mistic! and 12 AntiVirus 2010 and quarantined them. Now I am able to open all my files and programs without getting the message saying that they do not have a program association so I am going to try and download the extra Firewall and update my java.

Sir, my data-traveller was somehow affected by the virus "Rahul'svirusprotection.vbe". It was affected somehow. When I scan it with the antivirus "Avira antivirus" it was REMOVED. But a new problem arose. Each time I turn on or restart Windows_xp SHOWS the dialogue, windows script engine error "C:\windows\system32\Rahul'svirusprotection.vbe" could not be found. Now how can I get rid of this bad message ? I also repair my OS in vain.
 If someone helps me I shall be highly obliged.'Lord rahul cool Virus' (Rahul'svirusprotection.vbe) can be an annoying ONE to remove, but is easy enough, it helps if you temporary kill of your scripting...

Edited.
Azzaboi, you are not authorized to POST such information. If you want to help, please go here.Please go to this link and follow the directions and post the required logs. Please start a new thread in this FORUM and include your logs.

okay so i have been doin reasearch and as it apears my atapi file is infected. i really need to get rid of this can ANYONE give me step by step instructions on how to get rid of this virus? i tried making a clean copy, delete the infected one and replace it but i keeps making copies of its self please help me atapi.sys is located in the folder C:\Windows\System32\drivers. file sizes on Windows XP are 95,360 bytes
Some malware camouflage themselves as atapi.sys, particularly if they are located in c:\windows or c:\windows\system32 folder. THUS check the atapi.sys process on your pc whether it is pest
Recommended: Identify atapi.sys related errors from 
http://www.liutilities.com/products/campaigns/affiliate/cb/offer/fileneuber/rb/2/
recommend :see Security TASK Manager for verifying your computer's security. from
http://www.neuber.com/taskmanager/Please GO to this LINK and follow the directions and post the required logs.

Hello Everybody,

   I am using xp. In my pc, there is one yellow or sometimes red cross sign symbol error i. Which give me a message, that your computer is being accessed by some other people. If you want to protect your data, click on this message. And if i click on that message. My pc automatically starts INSTALLING user protection . And then after some time, 4 to 5 files some are porn and some are trojan file name comes on my desktop. I even removed that user protection from revo uninstaller. But again it comes after starting the pc. becuase of that small (yellow  - !  and (red cross symbol) either one.
I even downloaded malware bytes antimalware as told by  you all. But user protection is giving me a message that an unwanted program is being INSTALLED in your pc (i.e : malware bytes antimalware) do you want to remove it . And if i click yes so it starts uninstalling. But i stoped in between. So in my pc malware bytes antimalware is also there but because of this virus i am not able to open that malware.  It doesn't open after CLICKING with mouse also.



So please help me to solve my problem.

Regards,
AnjeepPlease download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
Save Rkill to your desktop.

There are 4 different versions. If one of them won't run then download and try to run the other one.
 
Vista and Win7 users need to right click Rkill and choose Run as Administrator
 

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif

Once you've gotten one of them to run then try to IMMEDIATELY run the following.
 
Now download and Run exeHelper.

Please download exeHelper from Raktor to your desktop.

• Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed. A log file named log.txt will be created in the directory where you ran exeHelper.com Attach the log.txt file to your next message.
  
  Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).
  ======================
  If this runs SUCCESSFULLY, please download SAS, MBAM and HJT and send me the logs.

Hello
My internet CONNECTION has limited traffic. For improvement of PC security, always I update my antivirus (nod32 internet security). Now I want to backup update files for future and save my traffic. How can I do this?

I SEARCH internet about this subject. Many of answers are not CORRECT. For example in yahoo answer updates stored in
C:\ProgramData\ESET\ESET Smart Security\Updfiles
There is no “updfiles” directory in installation path.

Maybe the updates stored in
C:\DOCUMENTS and Settings\All Users\Application DATA\ ESET\ESET Smart Security\Updfiles.
In this address there are many *.nup files, but they are not useable.

This started about 3 days ago, I was WATCHING YouTube videos, and then suddenly something started playing in the background. I turned off firefox, and all the other things i had open and listened, and it was some random music playing all by itself! I had no program open, and I thought, "MAYBE its nothing..."

Well then about 20 minutes ago i logged on to my user and it started playing some show about this guy who went to jail for abusing animals or something, he said stuff like "I'll never do this again", and other things. I was like WHAT THE?! and logged off, and logged back on then about 30 seconds after i logged on there were police saying "get on the ground! get on the ground now!" for like a minute, what is GOING on here? PLZ helpPlease go to this link and follow the directions and post the required logs. Please post your logs in this link.

avira suddenly reported about 10-15 trojan viruses in a few seconds, before I was able to deny them all access I got the blue SCREEN of death and my computer restarted. Now I can't load the OS at all ( yes, that means no safe MODE ... Sorry just came from yahoo answers lol).

I'm thinking I'll download Linux/ubuntu and install it but:
will installing a new os wipe my hdd?
Will the virus effect the new os?
Will a virus scan on the new os get rid of the Trojans on xp?
Any other advice?

remember, I have no OS lol...
I'm running windows xp, I wasn't downloading at the time of the crash it wax just random. BSOD occurs when OS tries to load. Well, we can try to diagnose and remove the threats and get your computer booted.

-OR-

You will have to reformat the DRIVE first, then install the Linux OS.

What would you like to do?I don't want to reformat the drive. My friend has suggested either install ubuntu alongside or run windows xp repair install, which I'm hoping will only overwrite the registry?
Thanks!I think we should try to disinfect, if you cannot reformat.

If there is a severe infection, it may still be on the machine even with a repair install.

Would you like to try to fix it?"disinfect" sounds good.. But what does that involve doing? First
ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic.  Instructions

Second

• Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  
• When downloaded double click and this will then open ISOBurner to burn the file to CD
• Reboot your system using the boot CD you just created.

• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings

• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved  in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.

Whenever i start internet explorer. it pops up with the same porn site! when i go to change it back to default home page (earthlink.net) it works temporarlily but when i restart my computer or have it on for a long period of time, it changes back to the same porn site! please help me find out what the problem is!Cory , several thing COME to mind, first what operating system are you using and exactly how did you reset your home page.
It sounds like your p/c probably has a bug from the porn site. You might also check your favourite list and see if you have porn links added there as well. For a start I would go to .....  http://www.lavasoftusa.com/support/download/
and D/L the free Ad-Aware and the current updates.
go to ...... http://download.com.com/3000-2144-10194058.html?tag=lst-0-1
D/l SpyBot search and destroy.
Please answer my earlier questions.
Hope this is some help.

dl65  try this>http://www.wilderssecurity.net/bhblaster.html had a similar problem went to my computer-windows-downloaded programs and deleted all the programs that I did not recognize then to control panel internet options temporary internet deleted cookies deleted files then cleared the history- when I reset my home page it stayed there--the adaware and spybot are great helps too and I have loaded a program called spyware blaster which keeps the spyware from loading it seems to make things better but does not completely ELIMINATE all spyware from loading if you still have problems it may be a virus go to site housecall.trendmicro.com and use their free online virus scanto help you more try this >http://www.webroot.com/  I had the same thing happen to me and I found that this handy tool works very good. What you have is a CWS hijack. This tool will get rid of it and return your start page to normal agin. After you get done downloading it just click on it and click FIX. http://www.spywareinfo.com/~merijn/Files/CWShredder.exe Sorry here is the link to the downloads page. The program is calles CWShedder. Go down to where it says official downloads and click CWShredder. http://www.spywareinfo.com/~merijn/downloads.htmlmaybe you shouldnt look at porn QUOTE from: kizza1645 on April 04, 2010, 03:35:30 AM

maybe you shouldnt look at porn

I was browsing the INTERNET yesterday and avira detected TWO virus HTML.webpage script. I selected to delete both. I then did a full scan with avira, and mbam, and super antispyware. they came up clean so I rebooted. I got to the windows loading screen with the bar moving across, then my computer restarted. I booted up in safe mode, ran the scans again. ran CC cleaner. I then restarted again and it rebooted itself. I booted to safemode and did a system restore to april 1st. Restarted. tried to boot normaly and it rebooted again. I booted to safemode and it said the restore was COMPLETE, so I tried restarting and booting normaly; it didn't work. I attempted to boot to safe mode again and dialogue poped up to the effect of:'Windows can not continue because you have not activated windows; please boot in normal mode to activate windows' It was several months AGO that I activated my copy of windows. I know the restore point was after that.

I do have my XP cds, I can get into windows setup and the XP recovery console.

I have windows XP home SP3Nevermind, I have worked it out. Thank you anyway.

Happy Easter.
Thanks for letting US know. =>CLOSED

i installed windows 7 on a 2nd hard drive from the 1ST hard drive. which means me downloading a COPY of windows 7 the making it into a virtual drive and installing it from my first hard drive to the second hard drive.

so my PROBLEM is whenever i take of the first hard drive i cant boot of second hard drive. is there a PROGRAM that allows me to make a boot file for the second hard drive?

I'm running windows 7 32bit

ThanksYou downloaded W7 from where?No need to post more than once.

Probably not a Virus issue so i'll close this one.

Please see your other Topic for replies.

I'm SURE that this is a virus and I need help getting rid of it. I keep having popups on my sidebar asking me to download this software to help my computer get rid of SUPPOSED trojans and keyloggers and a list of trojans and viruses popup in a supposed "scan result" and it tells me to get the software to save my computer. OBVIOUSLY its a trap. I have AVG scanning my whole computer at the moment but no sign of it so far. Also, I've tried downloading Malwarebytes but when I can't seem to download it. What should I do?  What should you do? Hmmm... Hi slipknotthe9, go to this link Read this before requesting malware removal help and FOLLOW the steps.

I was just wondering if it's a good idea to reinstall every now and then, to make sure there are no viruses in your system. 

Can anti-virus programs be trusted to find ALL malware ?I have systems that are 8 years old. I've never reinstalled an OS ever unless a system crashed and there was no backup available. I've never understood PEOPLE who do this. And it depends on the av - if it's good, if you scan on a regular basis with the av and MalwareBytes you should be fine. But you shouldn't be doing things that are LIKELY to "attract" malware in the first place. 26 years and DOZENS of systems LATER - I've never had any virus on any of them.No anti-virus will catch 100% of viruses.

That said, all anti-viruses will get almost all of them.
Odds are very low that you would have a virus, and no antivirus software will find it.

If your computer is having odd problems, and you are comfortable reformatting, go for it. As long as your data is backed up, it's not like it would hurt anything.

If you just want to do it as a sort of preventive maintenance, I would say, it's not worth it.

I guess it all boils down to; do you have anything better to do with the next 2-5 hours you would be spending reinstalling everything? Quote from: Allan on April 07, 2010, 05:51:20 AM

I have systems that are 8 years old. I've never reinstalled an OS ever unless a system crashed and there was no backup available. I've never understood people who do this. And it depends on the av - if it's good, if you scan on a regular basis with the av and MalwareBytes you should be fine. But you shouldn't be doing things that are likely to "attract" malware in the first place. 26 years and DOZENS of systems later - I've never had any virus on any of them.

To be honest, I've worked with all sorts of AV's and heard several reports, but I find Kaspersky to be the top winner. It's just a TAD better than NOD32, which is ALREADY the top notch out there. Quote

*REMOVED website of bad reputation*

http://www.mywot.com
http://www.siteadvisor.com
http://www.trustedsource.org
http://linkscanner.explabs.com/linkscanner/default.aspx

I have a new computer that I don't want to connect to the internet at home. Is there an antivirus software that will allow me to update manually like  download the update from another pc and install the update to my other pc via a usb flash drive?ClamWin Portable is a portable freeware antivirus for detecting viruses and spyware on your computer. It can be place on a usb key and CD to be used on any computer.Thanks for the reply but I want to limit my search to the more established antivirus software out there like Kaspersky, NOD32, bitdefender, etc. Doesn't have to be free. I just want the option to update the antivirus definitions without internet connection. I think Bitdefender used to have that option in which you can download a weekly definition, save it on a usb flash drive and update from the saved file. Does it still do that? Are there any other antivirus that does that?i'v heard of people doing this with mcaffee.I recommend    Kasparsky . Antivirus 2010.
Updates can be downloaded from the website  like softpedia or from its website
http://www.kaspersky.com/avupdates/zipAgreeable. ESET or Kaspersky puts out very remarkable antivirus software. Not to mention their security suites are extra-remarkable. Full update downloads can be found on AVG. You download them on ONE PC and then take them over to you new offline PC.
The information is somewhere in this area:
http://free.avg.com/gb-en/download-update Quote

Full update downloads can be found on AVG

AVG is not recommended, as the software has a lot of false positives, and severely slows down systems.

AVG is not recommended, as the software has a lot of false positives, and severely slows down systems

There an empty folder with NAME PRINT on my thump drive.I am not being ABLE to REMOVE it all.I cant even format the thump drive.

So any suggestions.Thanks.

My Scanner finds 4+ infections some Trojans and some adware and stuff. I've RAN multiple scanners at differant times to remove them all.

My screen would go black out of nowhere then i have to LEAVE comp off for 10 or so mins to make it start right.

I've already did a system restore and registry fixes.

Sometimes a drive called something LIKE "nvvkdlm" will stop WORKING (for Nvidia i'm guessing)

I have malware BYTES and i ran it earlier. I need help removing my viruses. The scanner says i have 37 infectionsPlease go to this link and follow the directions and post the required logs. Please post your logs in this link.

Spybot is now considered "old school". The current best of breed are MalwareBytes & SuperAntispyware. I suggest you uninstall Spybot and install one or both of the other two.

Hi,
This is really frustrating! I have this folder which has weird file names. I am not able to delete the folder. I keep getting the error "Cannot delete file: cannot read from the source file or disk". I tried multiple methods to remove them:
- I tried deleting the individual files through command prompt by using the: del "\\?\C:\file name" command and also tried deleting the ENTIRE folder by using the: rd /s "\\?\C:\Folder name" command. Both didn't work. In command prompt, I got the errors "The system cannot find the file specified." and "The filename, directory name, or volume label syntax is incorrect".
- I SEARCHED ONLINE and got a link to download a software called "unlocker". I tried removing through that. Again doesn't work   

Please TELL me if anything else can be done. Getting REAL annoyed with this.I had a problem similar today, try using unlocker on the actual file not folder. If that works delete the files then delete the folders. Try a file shredder as well.

---

Have you tried booting into the Admin account and deleting it?What is the name and location of the folder?

my system is effected by two malicious CODE. every after few minute my anti virus( FREE VERSION AVAST antivirus) is detected the virus whose the detail is:

MALWARE BLOCKED
File system shield blocked a threat
 object:C:\WINDOWS\TEMP\ pbvs or ofgp\svchost.exe
 Infection: Win32:Malware-gen
 ACTION: move to CHEST
 Process: C:\WINDOWS\system32\svchost.exe

DROPPER BLOCKED
File system shield blocked a threat
 object:C:\WINDOWS\TEMP\ mmwn or wwre or eial \svchost.exe
 Infection: Win32:script_GBZ[Drp]
 Action: move to chest
 Process: C:\WINDOWS\system32\svchost.exe

 it is too irritate me every after few minute. I WANT to permanently remove malicious code from my SYSTEM.  PLS advise me.

 Please go to this link and follow the directions and post the required logs. Please post your logs in this link.

Hi, I have a serious problem with my system. Somehow some virus has infected my system. It keeps flashing me virus alert and whenever i try to run any program it says "Application cannot be executed. The file  **** is infected......." (not even a command prompt, notepad, task manager etc can be opened.. but with multiple tries, sometimes i get the command prompt but it is ridiculous).


Also, I've read previous topics and threads about this same issue and I tried to follow the instruction given, but I've hit a wall. In another computer, I downloaded rkill(as suggested in a previous post in this forum).
I copied the exe(or the other extensions) and then when I copy that file into my desktop using a memory stick and then execute the program, I get the same message" application cannot be executed..."
I am in a very bad state and any help would be appreciated. I have a Mcafee anti virus running all the TIME, but I believe that was completely useless.
Any help would be greatly appreciated.

Thanks!

In safe mode, I installed mbam(malware bytes anti malware) and ran the software, it detected and removed three INFECTIONS, but I still get the same problem when I login in normal mode.
Are you sure its a virus? Something could of messed up the registry. Do a system restore in Safe Mode to when it was working. Then download Avast or Avira free anti-virus. Do a scan on STRICT mode to find any thing that could be causing it.You are right. Even I believe it is a messed up registry.
For example, when I ran Malware Bytes Anti Malware, it found 1 problem, and in the log it claims
"
Registry Keys Infected:
HKEY_CURRENT_USE\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
"

If I run the scan again, I get the same message, so I believe the Registry Keys Infection is not fixed.


Thanks,
SubramaniamGo to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.Thanks SuperDave. I will create a USB right now. One clarification though "My infected system is running on vista, but the computer I am accessing the internet is a library computer running XP. By creating the USB on the library computer, will I be able to use it on vista?"
Quote from: vsubram on April 11, 2010, 12:24:50 PM

Thanks SuperDave. I will create a USB right now. One clarification though "My infected system is running on vista, but the computer I am accessing the internet is a library computer running XP. By creating the USB on the library computer, will I be able to use it on vista?"

My system was infected wit this digital protection antivirus. Firstly, I thought that it is SECURITY software but later on I come to know that this is not security tool, it is a deadly infection.
It is a fake anti-virus program that is generated USING Trojans and worms.

No REMOVAL advice UNLESS you are a MALWARE Removal Specialist. ~DragonMaster Jay

It is well known. It must not be RUNNING 2 anti-virus program at the same time.
Question: I use Kasparsky Internet Security 2010 and it contains Anti-spyware and  Anti-Malware.
Can i used with my Kasparsky Internet Security 2010 a separate  anti-spyware and Anti-Malware.programs such as ( Malwarebytes Anti-Malware   and SuperAntiSpyware )One AV, one AS and one Firewall running resident.You can run more than one Anti-Spyware programs if you wish. I have four running on my COMPUTER with no problems. Quote from: SUPERDAVE on April 11, 2010, 11:58:49 AM

You can run more than one Anti-Spyware programs if you wish. I have four running on my computer with no problems.

Realtime?

Three realtime.

Oh right. I thought it was the same as AVs....

Hi,
 I have been infected with "Rootkit.Win32.TDSS.d" that Kaspersky claims is residing in my system memory. I have also been infected with rogue anitspyware called "vista antivirus" and "total vista security". I believe I have been able to remove both using a combination of malwarebytes, the kaspersky system rescue disk, hitman pro, the kaspersky tool "TDSSkiller" and combofix.
 However, I still get redirected on google searches and Kaspersky still INFORMS me I am infected with Rootkit.Win32.TDSS.d residing in system memory. This is even after it performs its "special disinfection procedure" and reboots.
 Any help would be greatly appreciated. Thanks

My GSI log:
http://www.getsysteminfo.com/read.php?file=738955a92cfb22e4cbe6d825ce44bc11
------------------------------------------------------------------------------------------------------------------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/13/2010 at 05:02 AM

Application Version : 4.35.1002

Core Rules Database Version : 4798
Trace Rules Database Version: 2610

Scan type       : Complete Scan
Total Scan Time : 05:57:10

Memory items scanned      : 668
Memory threats detected   : 0
Registry items scanned    : 8717
Registry threats detected : 0
File items scanned        : 311224
File threats detected     : 72

Adware.Tracking Cookie
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][6].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][4].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][6].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][7].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][4].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][5].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt

------------------------------------------------------------------------------------------------------------------------------------------------My  MBAM log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3983

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

4/13/2010 8:59:19 PM
mbam-log-2010-04-13 (20-59-19).txt

Scan type: Quick scan
Objects scanned: 107559
Time elapsed: 6 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Temp\ggak.tmp\svchost.exe (Adware.Agent) -> Quarantined and deleted successfully.

------------------------------------------------------------------------------------------------------------------------------------------------

My HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:02:32 PM, on 4/13/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {7557F5AA-D486-401D-BE55-0163FA78B5B8} (SkyFex Expert Object) - https://skyfex.com/download/SkyFexExpert.cab
O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} (Enlite 2.x Simulation Engine Installer) - http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
O18 - PROTOCOL: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Ave's FolderBg - {73526E5A-FD53-4BE7-B5E2-D3C89D7413DC} - C:\Windows\System32\Branding\folderbg\VistaFolderBackground.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - (no file)
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: Access Utility Service - SprintNextel - C:\Program Files\Sprint\Mobile Broadband\SMBAUtilSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative TECHNOLOGY Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 9742 bytes

Hello there everyone,

I'm posting this on behalf of my BOYFRIEND, hoping to GET to the bottom of something. He had a Dell PC, running Vista Home Premium service pack 2. When he boots up the computer, it plays a clip of an ADVERT for Runes of Magic Elven Prophecy. He's tried hoovering the inside of it out in case it was being caused by overheating, ran a virus scan, and used Malwarebytes to check for SPYWARE. None of them have made a difference. Does anyone here know what's causing it and how to get rid of it?Please go to this link and follow the directions and post the required LOGS. Please post your logs in this link.

I have had problems as i uninstalled avira anti virus from my machine ,but today when trying to remove windows defender and windows firewall,which will not dissapear ,it said in the security that my firewall was avira, so i have been in regedit, system root and searched ,i have found a file called avi,as i am not a computer expert hence my name not a pc ,instead of im a pc lol!,im not sure if this is the file im searching for as i cannot FIND avira,and im thinking if i delete this i may regret it,so its best to ask some one,is there any WINDOWS components called avi in system root,or have i correctly identified the file i am looking for?Please do not mess around in the registry. Please run this tool and post the log in your next reply

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions INSIDE of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the INTERNET, allow it to do so.Thanks but im QUITE experienced. Any threats or rootkits are now dead ,My current bullguard 9.0 and SUPERAntiSpy have done a brilliant job. Along with autoruns -system INTERNALS check and rootkit revealer, to check that anything unwanted is removed. Yes you are correct in the sense regedit is hard to use and dangerous for a novice. But autoruns is brilliant and far simpler. Thankyou for reply ,I had a doubleclick virus which has gone it was using a fake avira firewall.I have thought this link you suggested would be handy ,But neither have a valid signature, Do you have a link for one that does? ,thankyouThe links I gave you are safe.

Where do you work ? ?

I like to mess with them.
Start asking them questions about BSD and Linux compatability.

Ñòàáèëüíûé äîõîä.Hi

We are not able to speak INDONESIAN or TRANSLATE it. Are you able to write or translate to ENGLISH?

I have a Dell Inspiron 530 running Windows Vista with Trend Micro antivirus software.  I suspect a virus because when I turn on my COMPUTER it wont boot up.  It is stuck on the main start up screen and F2 and F12 will not WORK as is the keyboard (USB) is not working.  My mouse isnt lighting up.  I have checked all connections. 
Thanks in advance for any help.Based on the information you've provided a virus is the last thing I'd suspect. What happened the last TIME the system worked properly (new hw, sw, error, etc)? And please define "the main startup screen".A few days ago it was acting up on start up and shutting down.  As far as I know there hasnt been anything new put on there.  I have teens thats use the computer so there is really no telling.  The only screen that comes up when I turn on the computer says "Dell bios 1.0 something or another and it its when you have the option to press F2 or F12 for set up or boot menu.  I cant SELECT those options as the keyboard  hasnt started up and wont start.  It just gets stuck and all I can do is manually shut it down by holding the power button down.

If your computer's CURRENT state contains malware, can that malware find it's way into restore points ?

I'm not talking about creating a restore point without knowing malware is on installed on the current state.. 

Say you're sitting in front of your computer and it's booted to the desktop and VIRUSES are running care free in the background, can they enter into restore points that have already been created ? Quote from: EEVIAC on April 23, 2010, 10:57:22 AM

If your computer's current state contains malware, can that malware find it's way into restore points ?

I'm not talking about creating a restore point without knowing malware is on installed on the current state.. 

Say you're sitting in front of your computer and it's booted to the desktop and viruses are running care free in the background, can they enter into restore points that have already been created ?

Do you know of any times this has happened, with anyone ?

A few weeks ago i had something going on with my computer, every time i tried to open anything i would get a message saying the file was infected and to activate virus software, or something to that EFFECT, well i did a system restore and everything was fine, or so i thought, yesterday i turned on my computer and i noticed that my task bar(i think thats what it's called, the bar with the start button and clock and everything) was gone(i was able to get it back by right clicking where it should be and clicking toolbar and desktop, then unclicking desktop), and i wasn't getting an internet connection, i tried to start my netgear PROGRAM to see if i could get it WORKING with no luck, the program would open but it couldn't connect to the network(clearly it's not the internet because i'm on my husbands computer right now, with no problems with the connection) anyway, i thought maybe i still had the bug so i tried to first run mcafee, program wouldn't open, i get no response when i click on it at all, so i decided to run mbam, when i click on that i get "run time ERROR '372' failed to load 'vbalgrid' from vbalgrid6.ocx..." i ran a defrag, spybots, and cc cleaner and repaired everything that needed to be with no luck, my last resort was trying to do another system restore, i figured it fixed the problem once, it will do it again, but nope i click to run the restore and i get a message "system restore is not able to protect your computer. Please restart and then run system restore again" i have tried going into safe mode and running it, along with the virus scans all with no luck, please please please help me!!!


i was not able to run SUPERAntiSpyware, HijackThis or mbam, as i didn't have the first 2 installed(and as i said i can't get online with that computer) and i get the error message with mbamThis will have to be done on a clean, functioning computer.

Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.I just tried doing that, but i can't get my computer to read the cd...after doing some reading i'm pretty sure that my problem is caused by mcafee deleting the svchost.exe but i can't get any of the fixes i've read to workYou will need to change your boot sequence so that it will boot from your CD drive.

If you do not know how to set your computer to boot from CD follow the steps here

If you're sure that your problem has been caused by McAfee you can follow the directions here.

Viruses .... etc are usually deleted.
Sometimes making a quarantine.
Antivirus often. Operate automatically. Or give options and recommended

delete them

Viruses .... etc are usually deleted

Sometimes making a quarantine.

you :Absolutely true
 
i think if you want to be able to send a file to your antivirus company to have them analyze the file it found you still need to have it on your pc. This in turn requires quarantining so file can't spread while you take the time to submit the file.
and
if it's something like explorer.exe that was infected for example, it's a critical file needed to run windows, you wouldn't want to delete something like this lightly.

I was just wondering....after u run a virus scan & it sends things like malaware,adaware,trojans,etc... to the vault....should I DELETE all the things in that vault?
  Thanks,
          Tammi

I got a few various ways of doing this...but basically deleting them is the best way to go,after about a week...?
  Thanksa for so many replies & the help.Really appreciated!!
                 Tammi

Ok i have had a few issues over the past month and have been using the ehelp guides to try and resolve these issues and all seemed ok. Now on Saturday my computer got taken over by a virus called "Vista Anti Malware 2010" and seemed to bed itself in and change a few desktop apps etc etc - it blocked me from using malware bytes and searching solutions on google and it also stopped me from doing a system restore.
Now i managed to boot into safe mode but in safe mode the virus was still EVIDENT - i ran another scan and no infections were found, although they were OBVIOUSLY there !! i then managed to system restore and it appears this virus as vanished from my main system but i am not 100% confident it isn't lurking somewhere.
I really need some step by step help before i concede defeat and take my laptop to be checked/repaired, so is their anybody on here who can help ? i have a few other issues which are only trivial but also need checking ..... if someone could maybe reply on here or inbox me ? i would like to maybe chat with someone who can help over msn and fix these problems ..... any help much APPRECIATED ... Thanks !PLEASE go to this link and follow the directions and post the required logs. Please post your logs in this link.scan the drive as an external drive, try vundofix etcYou want to ignore the above post and follow SUPERDAVE's advice.

hye ,    i m in big trouble..
i have xp, last day i scan my COMPUTER from trojanhorse remover software for trojan virus..
it scan all my  "c"  drive and FOUND 3 trojan program ....
then it automatically remove that, i feel well as the virus vr removed then it REQUEST for restart th os.
i clk on restart....

  but when i start my pc again .......
it boot my bios screen then WINDOWS booting logo appear and a blue screen is flash less then a second
, computer is start again.....
this process is repated for as i start my computer....
also i try it safe mode but it does not works..

note: i have not change any my hardware configration...
i have 2gb ram,dual 2.0gz cpu,160gb hdi would recommend you hook up your internal drive VIA a sata/ide cable and retrieve your photos and what not. then reformat with killdisk and reinstall windows What did you scan your computer with? What program?

i m using windows 7 sony vaio vgn-nw270f laptop,
from last couple of week, i've been facing some problem,
when i start the system,
after some time, a message popping up, "this tab has been recovered""a problem with this webpage caused internet explorer to close and reopen the tab"
it SEEMS like some process goin on in background,
i am using NORTON internet SECURITY 2010, pretty up to date.
i don't know what's goin on ?
if you guys have any fix,
please share.
thank you

[recovering disk space - old attachment deleted by admin] Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has LOADED, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

How do i remove trojan from my coomputer?There are programs such as
Anti-Trojan ELITE 4.9.4 - Loaris Trojan Remover 1.2.1.2

Or. Do you mean the manual method or remove  flashing trojan
Please go to this link and FOLLOW the directions and post the required logs. Please post your logs in this link.Reboot your computer.Launch an ANTIVIRUS program that you should have installed on your computer, such as Symantec's Norton or McAfee. Wait for the program's window to appear, then go to "Disk View." Highlight your computer, then select "Scan/Repair" so that the antivirus can detect the Trojan and trash it.
Exit the antivirus program . Restart your computer again to ensure that the Trojan has been deleted. Empty the trash can on your computer once it is back up and running.
Disable the System Restore feature. Go to "Start" at the bottom of your screen, then right-click the "My Computer" icon to go to "Properties." Check "TURN off System Restore" under the System Restore tab in the "Properties" window, then select "Apply." Confirm that you want to disable System Restore by clicking "Yes" and "OK."
Update your virus definitions in your antivirus program. Open the program, or go to the WEBSITE, to download the latest definitions so that you can receive the most recent alerts and keep your computer protected.
Scan your files to detect the Trojan file. Follow the instructions in your antivirus program to delete any suspicious files. You may want to write down the path and file name of the Trojan, which is usually found in the "C:\" hard drive. Please do not instruct anyone to edit the Registry.

Ok. Let's try this one.

Download GMER Rootkit Scanner from here.

•Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
•If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO


 
Click the image to enlarge it

•In the right panel, you will see several boxes that have been checked. Uncheck the following ...
   *SECTIONS
   *IAT/EAT
   *Drives/Partition other than Systemdrive (typically C:\)
   *Show All (don't miss this one)
•Then click the Scan button & wait for it to finish
•Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
•Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Attached is the GMER Rootkit Scanner log.

[recovering disk space - old attachment deleted by admin]I'd like us to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate BROWSERS only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

I scanned my system with ESET OnlineScan but it did not find any threat or infected files.

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in commy /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

Surprisingly my system drive C: is not affected by this issue however its partition D: is affected.

ComboFix 10-04-17.07 - Patrick 04/24/2010  21:38:20.6.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1022.598 [GMT -4:00]
Running from: c:\documents and settings\Patrick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Patrick\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: PC Tools Firewall Plus *disabled* {ABBD5028-5A95-4B6D-996E-98D64AE88D52}

FILE ::
"c:\documents and settings\Patrick\udpcrawl.tmp"
"c:\windows\system32\corpol.dll"
.

(((((((((((((((((((((((((   Files Created from 2010-03-25 to 2010-04-25  )))))))))))))))))))))))))))))))
.

2010-04-22 12:39 . 2010-04-22 12:39   242696   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-04-22 12:38 . 2010-04-22 12:38   1689952   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-11 23:14 . 2010-04-11 23:14   --------   d-----w-   c:\documents and settings\Patrick\Local Settings\Application Data\Collectorz.com
2010-04-11 23:13 . 2010-04-11 23:13   --------   d-----w-   c:\program files\Collectorz.com
2010-04-11 21:11 . 2010-04-11 21:12   --------   d-----w-   c:\documents and settings\Patrick\Application Data\Disk Explorer Professional 3
2010-04-11 20:46 . 2010-04-11 20:46   --------   d-----w-   c:\documents and settings\Patrick\.JavaHelp
2010-04-11 20:39 . 2010-04-11 20:50   --------   d-----w-   c:\documents and settings\Patrick\.jajuk
2010-04-11 20:37 . 2010-04-11 20:50   --------   d-----w-   c:\program files\Jajuk
2010-04-11 20:08 . 2010-04-11 20:24   --------   d-----w-   c:\program files\Media Catalog Studio
2010-04-11 19:59 . 2010-04-11 19:59   --------   d-----w-   c:\documents and settings\Patrick\Application Data\Pmcc
2010-04-11 11:47 . 2010-04-11 11:47   1956656   ----a-w-   c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-04-11 11:47 . 2010-04-11 13:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\NOS
2010-04-09 20:47 . 2010-04-09 20:47   4255072   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-06 15:33 . 2010-04-06 15:33   4076824   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-06 15:33 . 2010-04-06 15:33   2059544   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-06 15:33 . 2010-04-06 15:33   1598744   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-06 15:33 . 2010-04-06 15:33   1274136   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-06 15:33 . 2010-04-06 15:33   598296   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-06 15:33 . 2010-04-06 15:33   556824   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-06 15:33 . 2010-04-06 15:33   459544   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-06 15:33 . 2010-04-06 15:33   341272   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxch32.dll
2010-04-06 15:33 . 2010-04-06 15:33   313112   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-06 15:33 . 2010-04-06 15:33   301336   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-06 15:33 . 2010-04-06 15:33   1515224   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-06 15:33 . 2010-04-06 15:33   1086744   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-06 15:32 . 2010-04-06 15:32   813336   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-04-06 15:32 . 2010-04-06 15:32   624920   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-04-06 15:32 . 2010-04-06 15:32   1038688   ----a-w-   c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-04 20:54 . 2010-04-04 20:54   --------   d-----w-   C:\desktopclean
2010-04-04 17:05 . 2010-04-04 17:05   --------   d-----w-   c:\documents and settings\Anna\Application Data\PCToolsFirewallPlus
2010-04-03 23:12 . 2010-04-03 23:12   --------   d-----w-   C:\$AVG
2010-04-03 22:59 . 2010-04-03 22:59   12464   ----a-w-   c:\windows\system32\avgrsstx.dll
2010-04-03 22:59 . 2010-04-22 12:39   242896   ----a-w-   c:\windows\system32\drivers\avgtdix.sys
2010-04-03 22:59 . 2010-04-03 22:59   216200   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2010-04-03 22:59 . 2010-04-03 22:59   29512   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
2010-04-03 22:59 . 2010-04-24 22:26   --------   d-----w-   c:\windows\system32\drivers\Avg
2010-04-03 22:57 . 2010-04-03 22:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg9
2010-04-03 22:27 . 2010-04-03 22:40   52224   ----a-w-   c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-03 22:26 . 2010-04-03 22:43   117760   ----a-w-   c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-03 22:24 . 2010-04-03 22:24   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2010-03-27 22:54 . 2010-03-27 22:55   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-27 22:53 . 2010-03-27 22:55   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-27 20:31 . 2010-03-27 20:31   --------   d-----w-   c:\documents and settings\Patrick\Application Data\PCToolsFirewallPlus
2010-03-27 20:29 . 2009-11-23 17:54   88040   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-27 20:29 . 2009-11-09 15:20   207792   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2010-03-27 20:29 . 2010-01-07 16:40   233136   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2010-03-27 20:29 . 2010-03-27 20:29   --------   d-----w-   c:\program files\Common Files\PC Tools
2010-03-27 20:29 . 2010-01-12 13:34   70664   ----a-w-   c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2010-03-27 20:29 . 2010-01-07 15:35   58816   ----a-w-   c:\windows\system32\drivers\pctNdis.sys
2010-03-27 20:29 . 2010-01-07 15:35   32680   ----a-w-   c:\windows\system32\drivers\pctNdis-DNS.sys
2010-03-27 20:29 . 2010-01-13 12:59   115216   ----a-w-   c:\windows\system32\drivers\pctplfw.sys
2010-03-27 20:29 . 2010-03-27 20:32   --------   d-----w-   c:\program files\PC Tools Firewall Plus
2010-03-27 03:14 . 2010-03-27 19:28   --------   d-----w-   c:\program files\a-squared Free
2010-03-26 19:54 . 2010-03-26 19:55   --------   d-----w-   c:\program files\DVD Shrink

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 02:01 . 2006-12-20 16:35   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-04-18 12:57 . 2008-10-18 19:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\DVD Shrink
2010-04-09 20:44 . 2008-11-27 19:41   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-04-04 17:56 . 2007-07-20 22:26   --------   d-----w-   c:\documents and settings\Patrick\Application Data\LimeWire
2010-04-03 22:39 . 2006-12-20 16:24   --------   d-----w-   c:\program files\Common Files\Symantec Shared
2010-04-03 22:25 . 2008-11-27 19:41   --------   d-----w-   c:\documents and settings\Patrick\Application Data\SUPERAntiSpyware.com
2010-03-27 22:57 . 2010-03-27 20:29   120   ----a-w-   c:\documents and settings\Administrator\udpcrawl.tmp
2010-03-27 20:37 . 2009-10-23 13:57   --------   d-----w-   c:\program files\Panda Security
2010-03-27 18:12 . 2006-12-20 16:26   --------   d-----w-   c:\program files\Trend Micro
2010-03-26 21:05 . 2006-12-29 20:10   --------   d-----w-   c:\program files\Civil Series 2004
2010-03-21 14:45 . 2006-12-20 16:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Symantec
2010-03-21 00:00 . 2008-08-09 11:39   --------   d-----w-   c:\program files\Security Task Manager
2010-03-20 20:33 . 2010-03-20 20:33   --------   d-----w-   c:\program files\AVG
2010-03-20 13:53 . 2009-01-19 20:09   --------   d-----w-   c:\program files\Postal2STP
2010-03-19 20:42 . 2010-01-17 18:02   --------   d-----w-   c:\documents and settings\All Users\Application Data\WinZip
2010-03-19 18:29 . 2010-03-19 18:29   --------   d-----w-   c:\documents and settings\Patrick\Application Data\Uniblue
2010-03-19 14:14 . 2010-01-10 00:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-18 02:50 . 2010-03-18 02:50   --------   d-----w-   c:\documents and settings\Patrick\Application Data\Intermedia Software
2010-03-18 01:18 . 2010-03-18 01:18   --------   d-----w-   c:\documents and settings\Patrick\Application Data\Digital Media Solutions
2010-03-14 04:01 . 2010-01-20 04:43   42   ----a-w-   c:\documents and settings\Anna\Application Data\MTC-savedinstructor.dat
2010-03-14 03:17 . 2010-03-14 03:17   38   ----a-w-   c:\documents and settings\Anna\Application Data\MTC-savedfolder.dat
2010-03-13 19:24 . 2010-03-13 19:24   54   ----a-w-   c:\documents and settings\Patrick\Application Data\MTC-savedfolder.dat
2010-03-11 12:38 . 2004-08-11 23:00   832512   ------w-   c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-11 23:00   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-11 23:00   17408   ------w-   c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2004-08-11 23:00   430080   ----a-w-   c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2004-08-11 23:00   455680   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 16:51 . 2010-02-02 04:38   3247296   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-16 14:08 . 2004-08-11 23:00   2146304   ------w-   c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2004-08-04 04:59   2024448   ------w-   c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-11 23:00   100864   ----a-w-   c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-11 23:00   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys
2010-01-22 22:12 . 2006-12-24 19:58   88   --sh--r-   c:\windows\system32\A97C080420.sys
2010-01-22 22:12 . 2006-12-24 19:58   2516   --sha-w-   c:\windows\system32\KGyGaAvL.sys
1997-06-23 17:06 . 1997-06-23 17:06   287504   --sha-w-   c:\windows\system32\Msxbse35.dll
.

(((((((((((((((((((((((((((((   [email protected]_19.18.27   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-25 01:43 . 2010-04-25 01:43   16384              c:\windows\temp\Perflib_Perfdata_204.dat
+ 2010-04-25 01:43 . 2010-04-25 01:43   16384              c:\windows\temp\Perflib_Perfdata_198.dat
+ 2010-01-13 14:01 . 2010-01-13 14:01   86016              c:\windows\system32\dllcache\cabview.dll
+ 2004-08-11 23:00 . 2010-01-13 14:01   86016              c:\windows\system32\cabview.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21   21504              c:\windows\assembly\NativeImages_v2.0.50727_32\TVM\d5f6c4ddc906680d085f6e6a76246b19\TVM.ni.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21   68608              c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Inte#\4108fbcfcb9c25c35a98fa51aa4a45b4\Intuit.Ctg.Wte.InterviewControlLibrary.ni.dll
+ 2004-08-11 23:00 . 2009-12-24 06:59   177664              c:\windows\system32\wintrust.dll
+ 2009-12-24 06:59 . 2009-12-24 06:59   177664              c:\windows\system32\dllcache\wintrust.dll
+ 2008-05-09 10:53 . 2010-03-09 11:09   430080              c:\windows\system32\dllcache\vbscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53   430080              c:\windows\system32\dllcache\vbscript.dll
+ 2008-06-20 11:08 . 2010-02-11 12:02   226880              c:\windows\system32\dllcache\tcpip6.sys
+ 2008-11-12 22:36 . 2010-02-24 13:11   455680              c:\windows\system32\dllcache\mrxsmb.sys
+ 2010-02-12 04:33 . 2010-02-12 04:33   100864              c:\windows\system32\dllcache\6to4svc.dll
+ 2010-03-18 01:18 . 2003-08-26 20:03   757760              c:\windows\system32\CDDBUI.dll
+ 2010-03-18 01:18 . 2003-08-26 20:01   630784              c:\windows\system32\CDDBControl.dll
+ 2008-11-12 22:36 . 2010-02-24 13:11   455680              c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2010-04-11 23:21 . 2010-04-11 23:21   656384              c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Wte.Serv#\a1d5c654e44f6641673fc184784bd694\Intuit.Ctg.Wte.Service.Interface.ni.dll
+ 2008-10-16 02:50 . 2010-02-17 13:10   2189952              c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25   2024448              c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25   2066816              c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-16 02:50 . 2010-02-16 14:08   2146304              c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-10-16 02:50 . 2010-02-17 13:10   2189952              c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25   2024448              c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-16 02:50 . 2010-02-16 13:25   2066816              c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-16 02:50 . 2010-02-16 14:08   2146304              c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-04-11 23:21 . 2010-04-11 23:21   4153344              c:\windows\assembly\NativeImages_v2.0.50727_32\ttax\90187d61a7bc5ba56307c85d2d93c418\ttax.ni.dll
+ 2010-04-11 23:21 . 2010-04-11 23:21   1323520              c:\windows\assembly\NativeImages_v2.0.50727_32\Intuit.Ctg.Map\99639ace6996426854e3ce6cd8b1ffcb\Intuit.Ctg.Map.ni.dll
+ 2007-12-25 12:23 . 2010-04-06 17:52   31971272              c:\windows\system32\MRT.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit DEFAULT entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2007-12-10 18:46   1510424   ----a-w-   c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2007-12-10 1510424]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-04-09 2010864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-11-01 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"dlcimon.exe"="c:\program files\Dell AIO Printer 946\dlcimon.exe" [2006-02-13 430080]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"HostManager"="c:\program files\Common Files\AOL\1172251831\ee\AOLSoftware.exe" [2006-09-26 50736]
"DLCICATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll" [2006-10-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-20 98304]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-01-12 3168216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NoActiveDesktopChanges"="00000000" [X]
"NoActiveDesktop"="0 (0x0)" [X]
"NoSaveSettings"="0 (0x0)" [X]
"ClassicShell"="0 (0x0)" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-12-20 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-04-03 22:43   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-03 22:59   12464   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 SPTD;sptd;c:\windows\system32\drivers\sptd.sys [12/31/2008 8:57 PM 715248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2010 6:59 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2010 6:59 PM 242896]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [3/27/2010 4:29 PM 233136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [11/17/2008 3:11 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/17/2008 3:11 PM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/3/2010 6:58 PM 308064]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [7/14/2006 3:01 AM 13824]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [3/27/2010 4:29 PM 88040]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [7/14/2006 3:02 AM 13696]
R3 dlci_device;dlci_device;c:\windows\system32\dlcicoms.exe -service --> c:\windows\system32\dlcicoms.exe -service [?]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [3/27/2010 4:29 PM 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [3/27/2010 4:29 PM 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [3/27/2010 4:29 PM 115216]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/17/2008 3:11 PM 12872]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
.

**************************************************************************
scanning hidden processes ... 

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCICATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCItime.dll,[email protected]??
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
  NoActiveDesktopChanges = 3F 00 00 00
  NoActiveDesktop = 63
  NoSaveSettings = 63
  ClassicShell = 63

scanning hidden files ... 

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1480)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(340)
c:\windows\system32\WININET.dll
c:\program files\Common Files\AOL\ACS\WLHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\nvsvc32.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\wdfmgr.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\windows\system32\dlcicoms.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
.
**************************************************************************
.
Completion time: 2010-04-24  22:03:11 - machine was rebooted
ComboFix-quarantined-files.txt  2010-04-25 02:03
ComboFix2.txt  2010-04-23 20:20
ComboFix3.txt  2010-04-17 21:29
ComboFix4.txt  2010-04-11 19:19

Pre-Run: 121,364,553,728 bytes free
Post-Run: 121,385,558,016 bytes free

- - End Of File - - 431618CA79C8B3B0C594C070898155DB
That log looks clean. How's your computer working now?No error messages for about 8 days, speed is slightly better...more importantly I am much more aware of practices, firewall usage and tools available to repair things (i.e. registry changes).

Thanks for your patience over these few weeks and your follow up!

Sláinte!

 That sounds good. If there are no other issues, it's time for some clean-up. You can uninstall HJT and delete TDSSKiller. You may keep SAS and MBAM, if you wish. Update them and run them on a regular basis. There is also a very effective tool installed on your computer called MRT, installed by MicroSoft. You can access it by going to Start, Run and type in MRT.exe  It doesn't produce a log so that's why we don't use it on this forum but I use it all the time on my computers.
===============================

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.
================================
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update ANYTHING listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!