Explore topic-wise InterviewSolutions in .

Hello i was wondering if this is to much protection and if having all of these could give less protection
I have

eusing free registry cleaner
malwarebytes antimalwar
ccleaner
superantispyware free edidtion
avira antivirus
hijack this
spybot
smart defrag 1.20
tweak cleaner

I heard that having two anti virus protections probably wouldn't hurt
if you only have ONE for live protection and use the others for just scanning

is having two or more registry cleaners are malware removers good for a computer are it bad for a computer i ran a registry cleaner and i found that i had to pay for it to fix most of the registrys it would only fix 15 it seemed to be the best registry program by the reviews i read online that it found more registry errors than the others so i thought i would try a couple others to get rid of most of the errors and i would use the other one to fix what was ever left over but it wasn't under 15 erros like i thought it would be  i think it was at are near what it said before like 300
but the other two got rid of like 350 why didn't the other registry detect
these.If I were you I'd get rid of the registry cleaners and spybot and I would ADD Spyware Blaster (for passive protection).

In other words, keep Avira, MalwareBytes, ccleaner (optional) & add spyware blaster. Don't care about your defragger.i agree with alan in a few things , keep

avira                     
ccleaner             use once a week
malwarebytes      ..    ..     ..     ..
superanti...          ..    ..     ..     ..

and i would keep smart defrag and use once a month or so
Hello James. The only full time protections you now have are Avira Anti-virus and Spybot S&D. All the others are just for scanning UNLESS you have the paid for versions. It won't hurt if you use another AV for scanning only. Just make you are not running both. You would be wise to install SpywareBlaster.Sorry if you guys frown on this tagging on, but l was interested in James's post and the replies, especially from Allen, and then Harry.
My list is not so large, ie -

Avast
SAS (paid)
MBAM
CCleaner
Auslogics Defrag
 
Downloaded SpywareBlaster just to see what it's all about, and it seems pretty good, and l QUITE like it. However, the question is -
I used to use Spybot, who's database is updated every Wednesday.
Have now downloaded Spyware Blaster, and the last available database update seems to be 23rd Sept.
So, why is SWB supposedly better than SPYBOT if its' database isn't as up to date as that of Spybot?
Thanks

for the "sheer *censored* of it" and found it a lot betternot all protection is updated every week i check them all and MAY only get 2 that need itthe database doesn't need to be as recently updated if  the program uses more accurate heuristics.Spyware Blaster is passive protection (it makes entries in the reigstry) - Spybot is active (RESIDENT or for scanning). And anyway, Spybot is now considered passe - the current best of breed are MalwareBytes & Super Antispyware.

I also had this pop up SAYING "AuthUpdater has encountered a problem and needs to CLOSE."  It created an error report and happened approximately every 30 seconds or so.  I DISCOVERED that it is a problem with Bigpond Security.  You need to call 133 933 and they will talk you through uninstalling the software and REINSTALLING it again.  You will need your Activation code, but don't worry if you don't have it anymore as they will read it back out to you.

currently i m using XP professional OS version 2002  (SP2).
while i m connecting to my internet, its working for 5mins (few mins).
then all pages displaying error. and after few mins its showing the following errors one by one...

an unhandled win32 exception occurred in svchost.exe[900]
an unhandled win32 exception occurred in svchost.exe[884]
an unhandled win32 exception occurred in svchost.exe[812]

 whn i try to play my audio its throwing an error "bad directsound driver. please install proper drivers or select another device in configuration.error code: 88780078"...

i used dds software (provided in this forum) and attached my files. plz do the needful ASAP

- karan

[attachment deleted by admin]try update your windows dude..oh my god. i have only one XP OS CD.... there is no way to escape from this problem? need to re-install or update it? i have only very less usage for my internet... :-( now other go? plz guide meI can see some temp viruses.
Please download TFC By Old Timer

• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program
• If prompted, click "Yes" to reboot.

I can see some temp viruses.
Please download TFC By Old Timer

• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program
• If prompted, click "Yes" to reboot.

This poped up what is it and is it anything to worry about

[attachment deleted by admin]I'm guessing you did not installed a proxy server or you forgot that you installed one.

Try asking around your family/room mates if they used your computer and installed a proxy server. If they did not try following the steps here.
].Actually, this isn't related to a "proxy server" but rather a "proxy desktop".

This thread here has a few suggestions; and a few members appear to have been SUCCESSFUL with them.

http://www.outpostfirewall.com/forum/showthread.php?t=6212this happend the day after i uninstalled my superanti spyware could this be why

And nobody else uses my computer I use a password and make sure my i'm log off everytime i'm not around but I do have a guest account
and no i didn't download this i never heard of this

and i run all those logs regularly I just did the logs two days and posted themI found this from here: http://www.outpostfirewall.com/forum/showthread.php?t=6212

Quote

The proxy desktop is related to windows Explorer freezing. If you open Task Manager you should see multiple instances of Explorer.exe. Ending the processes in Task Manager should stop the error message.

There's a rather OBFUSCATED explanation at MSDN, under remarks.

In addition, please untick- Windows Explorer >Tools > FOLDER Options > View > Launch folder windows in a separate PROCESS - and see if that helps. Having this on is supposed to increase system stability by opening each folder in a separate part of memory. But sometimes performance takes a hit and may be related to this problem. Experiment!

Yesterday my computer all of a sudden restarted and was then stuck in a restart loop. It went to the option to use safe mode so i selected the option to use the last known working settings which fixed the restart loop. After that i tried to scan for viruses/malware/spyware with spybot and malwarebytes neither of which will work. malwarebytes will start scan for about 2-5 seconds then closes and when i try to open it it tells me i dont have permissions. spybot tells me that spybotsd.exe is read only and wont install or run. i used combofix to create a log which is here:


ComboFix 09-09-30.01 - Charissa 09/30/2009 17:48.1.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1022.592 [GMT -7:00]
Running from: c:\documents and settings\Charissa\My Documents\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\17065314
c:\documents and settings\All Users\Application Data\17065314\17065314
c:\documents and settings\All Users\Application Data\17065314\17065314.exe
c:\documents and settings\All Users\Application Data\17065314\pc17065314ins
c:\program files\Adware Professional
c:\program files\Adware Professional\noadware4_092909.na
c:\windows\Installer\617438.msi
c:\windows\system32\drivers\gasfkyexmyeoqd.sys
c:\windows\system32\gasfkyesmusiwu.dat
c:\windows\system32\gasfkyjxomtivp.dll
c:\windows\system32\gasfkykaliubyb.dat
c:\windows\system32\gasfkymlgiyuht.dll
c:\windows\system32\gasfkywptevrxm.dat
c:\windows\system32\gasfkyxnbevmet.dll
c:\windows\system32\gasfkyxvbuyamd.dll

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


(((((((((((((((((((((((((   Files Created from 2009-09-01 to 2009-10-01  )))))))))))))))))))))))))))))))
.

2009-10-01 00:38 . 2008-05-30 08:06   34296   ----a-w-   c:\windows\system32\drivers\mbamcatchme.sys
2009-09-30 21:47 . 2009-09-30 21:47   --------   d-----w-   C:\WTablet
2009-09-30 21:12 . 2009-09-10 21:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 11:17 . 2009-09-30 11:17   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-30 11:10 . 2009-10-01 00:37   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-09-30 11:10 . 2009-10-01 00:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-30 10:45 . 2008-12-11 15:38   159600   ----a-w-   c:\windows\system32\drivers\pctgntdi.sys
2009-09-30 10:44 . 2009-08-24 21:05   206256   ----a-w-   c:\windows\system32\drivers\PCTCore.sys
2009-09-30 10:44 . 2009-08-19 18:01   86888   ----a-w-   c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-30 10:43 . 2009-09-30 10:48   --------   d-----w-   c:\program files\Common Files\PC Tools
2009-09-30 10:43 . 2008-12-10 18:36   64392   ----a-w-   c:\windows\system32\drivers\pctplsg.sys
2009-09-30 10:42 . 2009-09-30 10:42   --------   d-----w-   c:\documents and settings\Charissa\Application Data\PC Tools
2009-09-30 10:42 . 2009-09-30 10:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\PC Tools
2009-09-30 10:40 . 2009-10-01 00:35   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-09-30 09:54 . 2009-09-30 09:54   --------   d-----w-   c:\documents and settings\Charissa\Application Data\Malwarebytes
2009-09-30 09:54 . 2009-09-30 09:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 09:54 . 2009-10-01 00:38   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-09-30 09:54 . 2008-05-30 08:06   15864   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-09-30 08:56 . 2009-09-30 08:56   --------   d-----w-   c:\program files\InterVideo Information Service
2009-09-30 08:56 . 2009-09-30 08:56   --------   d-----w-   c:\program files\Common Files\Ulead
2009-09-30 08:55 . 2009-09-30 08:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\InstallShield
2009-09-30 08:50 . 2008-05-30 21:18   238088   ----a-w-   c:\windows\system32\xactengine3_1.dll
2009-09-30 08:39 . 2009-09-30 09:07   --------   d--h--w-   c:\windows\msdownld.tmp
2009-09-30 07:04 . 2009-09-30 23:56   0   ----a-r-   c:\windows\win32k.sys
2009-09-30 01:37 . 2009-09-30 01:36   411368   ----a-w-   c:\windows\system32\deploytk.dll
2009-09-30 01:34 . 2009-09-30 01:34   152576   ----a-w-   c:\documents and settings\Charissa\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-28 08:24 . 2009-09-28 08:24   127872   ----a-w-   c:\documents and settings\Charissa\Application Data\Move Networks\uninstall.exe
2009-09-28 08:24 . 2009-09-28 08:24   --------   d-----w-   c:\documents and settings\Charissa\Application Data\Move Networks
2009-09-28 05:12 . 2009-09-28 05:12   --------   d-----w-   c:\documents and settings\LocalService\Application Data\WTablet
2009-09-23 20:22 . 2009-09-23 20:22   --------   d-----w-   c:\program files\iPod
2009-09-23 20:21 . 2009-09-23 20:23   --------   d-----w-   c:\program files\iTunes
2009-09-22 10:18 . 2009-09-22 10:18   --------   d-----w-   c:\program files\Veoh Networks
2009-09-16 18:42 . 2009-09-16 18:44   --------   d-----w-   c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 18:39 . 2009-09-16 18:40   --------   d-----w-   c:\program files\QuickTime
2009-09-15 00:02 . 2009-09-15 00:02   8704   ----a-w-   c:\documents and settings\Charissa\Application Data\Thinstall\Visual Thesaurus 3.0.2\400000c00003i\java.exe
2009-09-15 00:02 . 2009-09-15 00:02   --------   d-----w-   c:\documents and settings\Charissa\Application Data\Thinstall
2009-09-14 03:49 . 2009-09-14 03:49   --------   d-----w-   c:\program files\Black Isle
2009-09-14 01:12 . 2009-09-14 01:12   --------   d-----w-   c:\documents and settings\Charissa\Application Data\EPSON
2009-09-13 06:58 . 2009-09-28 05:14   --------   d-----w-   c:\program files\RapidBIT
2009-09-13 06:29 . 2009-09-13 06:29   --------   d-----w-   c:\documents and settings\Charissa\Application Data\dvdcss
2009-09-13 06:24 . 2008-05-06 06:01   45056   ----a-w-   c:\windows\system32\WNASPI32.DLL
2009-09-13 06:24 . 2008-05-06 06:01   16512   ----a-w-   c:\windows\system32\drivers\ASPI32.SYS
2009-09-13 06:23 . 2009-09-13 07:01   --------   d-----w-   c:\program files\ImTOO
2009-09-10 05:28 . 2009-09-10 05:28   --------   d-sh--w-   c:\documents and settings\Charissa\IECompatCache
2009-09-03 02:39 . 2009-10-01 00:55   --------   d-----w-   c:\documents and settings\Charissa\Application Data\WTablet
2009-09-03 02:38 . 2004-08-04 07:56   21504   -c--a-w-   c:\windows\system32\dllcache\hidserv.dll
2009-09-03 02:38 . 2004-08-04 07:56   21504   ----a-w-   c:\windows\system32\hidserv.dll
2009-09-03 02:38 . 2004-08-04 05:58   14848   -c--a-w-   c:\windows\system32\dllcache\kbdhid.sys
2009-09-03 02:38 . 2004-08-04 05:58   14848   ----a-w-   c:\windows\system32\drivers\kbdhid.sys
2009-09-03 02:38 . 2007-02-16 00:11   11440   ----a-w-   c:\windows\system32\drivers\WacomVKHid.sys
2009-09-03 02:38 . 2007-02-16 19:12   11312   ----a-w-   c:\windows\system32\drivers\wacommousefilter.sys
2009-09-03 02:38 . 2007-02-16 18:30   12848   ----a-w-   c:\windows\system32\drivers\wacomvhid.sys
2009-09-03 02:37 . 2009-09-03 02:37   --------   d-----w-   c:\windows\system32\WTablet
2009-09-03 02:37 . 2007-09-07 18:09   128296   ------w-   c:\windows\system32\Pen_Tablet.dll
2009-09-03 02:37 . 2007-09-07 17:55   181544   ------w-   c:\windows\system32\Wintab32.dll
2009-09-03 02:37 . 2007-09-07 18:16   1373480   ------w-   c:\windows\system32\Pen_Tablet.exe
2009-09-03 02:37 . 2009-09-03 02:38   --------   d-----w-   c:\program files\Tablet

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 00:55 . 2009-06-27 22:05   --------   d-----w-   c:\program files\DNA
2009-10-01 00:55 . 2009-06-27 22:05   --------   d-----w-   c:\documents and settings\Charissa\Application Data\DNA
2009-10-01 00:54 . 2009-06-18 06:02   0   ----a-w-   c:\windows\system32\drivers\lvuvc.hs
2009-10-01 00:54 . 2009-06-18 06:00   0   ----a-w-   c:\windows\system32\drivers\logiflt.iad
2009-09-30 21:47 . 2009-06-13 07:39   74096   ----a-w-   c:\documents and settings\Charissa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-30 21:12 . 2009-06-13 07:33   --------   d--h--w-   c:\program files\InstallShield Installation Information
2009-09-30 08:58 . 2009-06-27 22:06   --------   d-----w-   c:\documents and settings\Charissa\Application Data\BitTorrent
2009-09-30 08:57 . 2009-06-17 00:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-30 08:53 . 2009-06-13 07:32   --------   d-----w-   c:\program files\Common Files\InstallShield
2009-09-30 08:06 . 2009-06-17 06:40   --------   d-----w-   c:\documents and settings\Charissa\Application Data\Skype
2009-09-30 06:32 . 2009-06-17 06:41   --------   d-----w-   c:\documents and settings\Charissa\Application Data\skypePM
2009-09-30 01:36 . 2009-06-13 07:18   --------   d-----w-   c:\program files\Java
2009-09-28 08:24 . 2009-06-16 06:35   4183416   ----a-w-   c:\documents and settings\Charissa\Application Data\Move Networks\plugins\npqmp071503000010.dll
2009-09-24 18:40 . 2009-06-17 00:24   --------   d-----w-   c:\documents and settings\Charissa\Application Data\Apple Computer
2009-09-23 20:22 . 2009-06-17 00:23   --------   d-----w-   c:\program files\Common Files\Apple
2009-09-16 19:47 . 2009-08-26 06:12   --------   d-----w-   c:\program files\Diablo II
2009-09-16 19:47 . 2009-08-26 06:27   21840   ----atw-   c:\windows\system32\SIntfNT.dll
2009-09-16 19:47 . 2009-08-26 06:27   17212   ----atw-   c:\windows\system32\SIntf32.dll
2009-09-16 19:47 . 2009-08-26 06:27   12067   ----atw-   c:\windows\system32\SIntf16.dll
2009-09-10 01:56 . 2009-08-28 13:18   --------   d-----w-   c:\program files\RootsMagic
2009-09-05 00:44 . 2009-09-30 08:51   515416   ----a-w-   c:\windows\system32\XAudio2_5.dll
2009-09-05 00:44 . 2009-09-30 08:51   238936   ----a-w-   c:\windows\system32\xactengine3_5.dll
2009-09-05 00:29 . 2009-09-30 08:51   235344   ----a-w-   c:\windows\system32\d3dx11_42.dll
2009-09-05 00:29 . 2009-09-30 08:51   453456   ----a-w-   c:\windows\system32\d3dx10_42.dll
2009-09-05 00:29 . 2009-09-30 08:51   1974616   ----a-w-   c:\windows\system32\D3DCompiler_42.dll
2009-09-05 00:29 . 2009-09-30 08:51   5501792   ----a-w-   c:\windows\system32\d3dcsx_42.dll
2009-09-05 00:29 . 2009-09-30 08:51   1892184   ----a-w-   c:\windows\system32\D3DX9_42.dll
2009-09-03 04:19 . 2009-09-03 04:19   --------   d-----w-   c:\documents and settings\Charissa\Application Data\InstallShield
2009-09-03 04:19 . 2009-09-03 04:16   --------   d-----w-   c:\program files\epson
2009-08-31 09:31 . 2009-08-31 09:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-31 09:28 . 2009-08-31 09:28   --------   d-----w-   c:\program files\Microsoft Works
2009-08-31 09:28 . 2009-08-31 09:28   --------   d-----w-   c:\program files\MSBuild
2009-08-31 09:24 . 2009-08-31 09:24   --------   d-----w-   c:\program files\Microsoft.NET
2009-08-31 09:20 . 2009-08-31 09:20   --------   d-----w-   c:\program files\Microsoft Visual Studio 8
2009-08-31 09:08 . 2009-07-05 21:59   --------   d-----w-   c:\program files\RoughDraft
2009-08-29 06:08 . 2009-08-29 06:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-29 05:52 . 2009-08-27 04:09   --------   d-----w-   c:\program files\DAEMON Tools Lite
2009-08-29 05:41 . 2009-06-22 18:38   --------   d-----w-   c:\program files\Common Files\Adobe
2009-08-29 05:34 . 2009-08-29 05:34   --------   d-----w-   c:\program files\Common Files\Macrovision Shared
2009-08-28 20:32 . 2009-08-28 13:18   --------   d-----w-   c:\documents and settings\Charissa\Application Data\RootsMagic
2009-08-28 20:32 . 2009-08-28 13:18   --------   d-----w-   c:\documents and settings\All Users\Application Data\RootsMagic
2009-08-28 14:12 . 2009-08-28 14:12   --------   d-----w-   c:\program files\Common Files\RootsMagic Shared
2009-08-28 14:12 . 2009-08-28 14:12   --------   d-----w-   c:\program files\RootsMagic 4
2009-08-28 13:17 . 2009-08-27 01:14   --------   d-----w-   c:\documents and settings\Charissa\Application Data\DAEMON Tools Lite
2009-08-27 04:16 . 2009-08-26 06:18   34587   ----a-w-   c:\windows\DIIUnin.dat
2009-08-27 04:12 . 2009-08-27 04:12   --------   d-----w-   c:\documents and settings\Charissa\Application Data\DAEMON Tools Pro
2009-08-27 04:09 . 2009-08-27 04:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-08-27 04:09 . 2009-08-27 04:09   --------   d-----w-   c:\program files\DAEMON Tools Toolbar
2009-08-27 01:14 . 2009-08-27 01:14   721904   ----a-w-   c:\windows\system32\drivers\sptd.sys
2009-08-26 22:40 . 2009-08-26 22:39   --------   d-----w-   c:\program files\ATT-PRT22-WISE
2009-08-26 22:40 . 2009-08-26 22:40   --------   d-----w-   c:\program files\att-prt22
2009-08-26 22:40 . 2009-08-26 22:39   --------   d-----w-   c:\program files\Common Files\Motive
2009-08-26 22:40 . 2009-08-26 22:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\Motive
2009-08-26 09:01 . 2009-08-26 09:01   --------   d-----w-   c:\documents and settings\Charissa\Application Data\MSN6
2009-08-26 09:01 . 2009-08-26 09:01   --------   d-----w-   c:\documents and settings\All Users\Application Data\MSN6
2009-08-26 06:18 . 2009-08-26 06:18   94208   ----a-w-   c:\windows\DIIUnin.exe
2009-08-26 06:18 . 2009-08-26 06:18   2829   ----a-w-   c:\windows\DIIUnin.pif
2009-08-26 05:53 . 2009-08-25 05:02   --------   d-----w-   c:\documents and settings\Charissa\Application Data\Ahead
2009-08-25 05:02 . 2009-08-25 05:00   --------   d-----w-   c:\program files\Common Files\Ahead
2009-08-25 05:00 . 2009-08-25 05:00   --------   d-----w-   c:\program files\Nero
2009-08-24 11:31 . 2009-08-24 11:31   --------   d-----w-   c:\documents and settings\Charissa\Application Data\Final Draft
2009-08-14 13:58 . 2009-09-30 10:44   7396   ----a-w-   c:\windows\system32\drivers\pctcore.cat
2009-08-03 13:45 . 2009-08-03 13:45   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-08-03 13:45 . 2009-08-03 13:45   0   ---ha-w-   c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-08-03 13:43 . 2009-08-03 13:43   0   ---ha-w-   c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-07-05 22:20 . 2009-07-05 22:17   1102   ----a-w-   c:\windows\PowerReg.dat
2009-07-03 17:09 . 2003-03-31 12:00   915456   ----a-w-   c:\windows\system32\wininet.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & LEGIT default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2009-09-03 3342336]
"Google Update"="c:\documents and settings\Charissa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-16 133104]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-27 321344]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-21 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-08-20 2000120]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-04 61440]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-22 198160]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-30 149280]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2008-06-19 77824]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2008-06-19 2808832]

c:\documents and settings\Charissa\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [9/2/2009 7:37 PM 1373480]
S2 FlexService;Remote Connections Service;"c:\program files\RapidBIT\cisvc.exe" --> c:\program files\RapidBIT\cisvc.exe [?]
S2 gupdate1ca09a1297cbeca;Google Update Service (gupdate1ca09a1297cbeca);c:\program files\Google\Update\GoogleUpdate.exe [7/20/2009 6:18 PM 133104]
S3 PciCon;PciCon;\??\j:\pcicon.sys --> j:\PciCon.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-10-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-21 01:17]

2009-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 01:18]

2009-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-21 01:18]

2009-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-725345543-1004Core.job
- c:\documents and settings\Charissa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-16 06:41]

2009-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1220945662-73586283-725345543-1004UA.job
- c:\documents and settings\Charissa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-16 06:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-NWEReboot - (no file)
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 17:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
Denied: (A 2) (Everyone)
="FlashBroker"
"LocalizedString"="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
="c:\\WINDOWS\\System32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
Denied: (A 2) (Everyone)
="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3768)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\documents and settings\Charissa\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\ZuneBusEnum.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-01 17:59 - machine was rebooted
ComboFix-quarantined-files.txt  2009-10-01 00:59

Pre-Run: 99,820,617,728 bytes free
Post-Run: 102,137,978,880 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

316   --- E O F ---   2009-07-29 10:00
Hi, I see that you have used combofix. What website did you download it from?i don't remember, probably the main one. why is it bad if i hadn't?Download and SAVE the below to your PC (save it anywhere you can find it. The Desktop is fine). Then doube click on it to run it.

AVPFind.bat

It should take a couple minutes to run. You will see a black command prompt window while it is running and it should close when it is finished. Once it finishes, attach the c:\avplog.txt file that is will hopefully create as long as the malware does not block the batch file from running.

----------

Now download and Run exeHelper

• Please download exeHelper to your desktop.
  
• Double-click on exeHelper.com to run the fix.
  
• A black window should pop up, press any key to close once the fix is completed.
• Post the contents of log.txt (Will be created in the DIRECTORY where you ran exeHelper.com)
  

• AVPFind log
• exeHelper log
• Superantispyware log (if you could save one)

generic HOST process for win32 services has encountered a problem and needs to close,  i ALWAYS recieve this message everytime i open my computer, when it accurs i will be disconnected to the network, and my audio also will be lost.

im using microsoft windows XP version 2002 service pack 2, celeron(R) CPU 2.53GHZ, 2.00GB of ram......

could someone pls help me when this error ACCUR and how to fix this error..... thank you very much... and sorry for my bad english..See if this helps: http://support.microsoft.com/?kbid=894391#top

I have somehow downloaded a virus or malware and it keeps opening porn icons on my desktop I've tried to scan it with my trend MICRO INTERNET security it gets to 41% and the current target it stops at is, HKLM\SOFTWARE\Cla...539c680f,',1.1) then wont go no further. I tried the procedures under malware removal and the program starts the scan gets so far then stops with no log files. Then when i try to run the program again i get a message that says (Windows cannot access the specified device, path, or file. You may not have permission to access them.) Any help with my problem WOULD be much appreciated thank you.Try DOWNLOADING ubuntu and burning it to a CD on another computer. Then BOOT from the Ubuntu CD and use it as a live CD (don't install). When it boots put Avast or Malwarebytes on it and use it to scan your hard drive.

I had malwarebytes' anti-malware on my computer before.  After a trip to myspace my computer started running very slow and explorer opens by itself, even when i am running firefox.  I have been back to the malwarebytes WEBSITE and tried to download it again and i get an error message:

Unable to execute file:
c:\ProgramFiles\Malwarebytes' Anti-Malware\mbam.exe

Create Process failed; CODE 2
The system cannot find the file specified.

Has anybody had this problem?  And, can SOMEONE please help me out?

ThanksThe first thing I will need you to do is to go to this link and follow the directions precisely. If you can't access the internet with your INFECTED computer you will have to download and transfer any PROGRAMS to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line. If you can't run any step, just jump to the next one. Please let me know how you are doing or have any questions. Initially, I will need the SuperAntiSpyware, MBAM and HJT logs. Please post any logs that you can generate.Thank you for your help.  I have tried the suggestions and tried to follow the instructions to download the c batch file.  When I try to open up my taskmanager, i get the message that it has been disabled by my administrator!  This is very aggravating and I've tried every way to find it and open it.  Any other suggestions? Quote

download the c batch file.

When I try to open up my taskmanager, i get the message that it has been disabled by my administrator! 

I've read pretty much everything and done pretty much everything about this problem. I have Norton Antivirus 2009, and have used Avast! antivirus, I have and have used spybot search and destroy, and have used Malwarebytes, I have used hijack this and killbox and all that other crap but nothing works. I am using windows vista business, and now everytime i restart my computer, there is a blue screen which says "error_page_nonpage_area" or something along those lines, and will not restart until i put in the windows vista business install cd. The black "start windows normally, etc" screen says 1)put in the OS install cd, 2) select language and click next, 3) click "repair my computer." I have not done that YET, as the  computer starts up when I put the cd into the drive. The reason I haven't done that yet is because I fear I will have to do it every time I attempt to get rid of this virus, SINCE nothing works.

Can you help me?
What more information would you need?
Post the EXACT and complete error message please.I've restarted 4 times each a different way, and the message never came up again, and the vista business cd was not in the cd drive. However, something that i forgot about every time the computer starts up I get 2 messages reading 1

"Error Loading: C/users/PATRIC~1/ntload.dll
C/users/PATRIC~1/ntload.dll is not a valid Win32 application."

and 2 is the same format but the file is "C/windows/system32/notepad.dll"

Also, if it helps my computer is under a constant barrage of viruses, I get a message from norton saying my computer was just attacked by a virus, but everything is safe almost every 5 minutes.Go to the malware forum on this site and follow the instructions at the top of that forum.C:\Windows\System32\Drivers\ucchpibq.sys

avast just found this file...what does it do? should i delete it? Quote from: Allan on December 26, 2009, 02:36:10 PM

Go to the malware forum on this site and follow the instructions at the top of that forum.

Now I have to reformat my computer because no one here was nice enough to actually help me with my problem.

We also request patience.  The Experts here are Volunteers and are not here 24/7.  This is not a live session either.  If it takes a few hours or overnight for them to get back to you, trust me it is worth the wait.  See here* why not to not bump your thread.

*WHEN YOU BUMP YOUR THREAD OR ADD UNNECESSARY POSTS YOU LENGTHEN THE TIME TO GET A RESPONSE!
 
It does not matter whether the bump is intentional or not. Each time you bump your thread by posting another message you do not bump to the top, you bump to the bottom of the list. You are better off posting once and waiting for an answer. Even starting another thread (which you should not do anyway) will not help because of the procedure we use to work through new threads. We work from oldest thread to newest. Bumping your thread could cost you hours or even days of additional waiting time. Also when a topic has multiple answers it looks as if someone is already helping you. Be patient.

Dave - You really super.  No redirects and computer SEEMS to be operating properly.  Is there anything a lay person can do (besides just saying thank you) to insure that the INVALUABLE help that you and this website will carry on ?  Thank you very much !
Quote

Is there anything a lay person can do (besides just saying thank you) to insure that the INVALUABLE help that you and this website will carry on ?  Thank you very much !

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

The mouse on my laptop is not working at all.
I am having to NAVIGATE AROUND using only the keypad.
I have tried a full restart but I am a real BEGINNER to fixing computer problems so I  don't KNOW what ELSE to do. I really hope someone can help me.

Quote

I still need to reinstall antivirus, is there a preference between avast or avg?

During Comodo install the options to uncheck did not come up, there were 3 versions to choose from, think I chose the middle and the Geek Buddy?

still got the elevation notice and the repetitive insstaller.

Sorry, it is the comodo firewall, not the AV

Howdy people,

iMesh is on my laptop and will not go, been through uninstall/remove, nothing there, still as my homepage etc. no MATTER how MANY times I have CHANGED it. Please help, this is a trojan/virus no?

Rim.its not a virus, its peer to peer, TRY this

http://www.hmc.edu/cis/doc/how-to/network/sharing/remove_imesh.shtml

So... I've looked at the criteria for posting and recieving help, and I've tried to download and run the programs necessary... but even when I try to do that, I still end up staring perplexed at the "Open With" window, and can't run the programs.

I'm not very software-savvy, so maybe there's something I'm missing that would seem obvious to someone else. Please help?

EDIT: I guess it might help if I told you that I'm running Windows XP Home Edition on a laptop, huh?Click on the link below, then look to the "EXE File Association Fix", and download the .zip file to your computer desktop.. Once there, unzip the file, then double click on the "xp_exe_fix.reg" file that is inside, CHOOSE "OK/Yes, when it asks "Are you sure?".. Restart the computer.. It should now run those problem programs and Control Panel icons.

http://www.dougknox.com/xp/file_assoc.htmThank you so much! Quote from: LadyViolet on APRIL 11, 2011, 05:47:56 PM

Thank you so much!

I have been using Microsoft Security Essentials which did not FIND this file with a complete SCAN. So I uninstalled MSE and INSTALLED AVG 2011 version10.0.1209. AVG did find the file (corrupted executable file) and it is now in the AGV 'virus vault'.
Subsequent full scan with SAS shows 'no problems found'.
Is it safe to keep this file as is - in the AVG virus vault - or is further action needed?Now, a NEW AVG scan shows C:\WINDOWS\SYSWOW64\temp.000 (corrupted executable file) (moved to virus vault).

What now SD? Quote

Is it safe to keep this file as is - in the AVG virus vault - or is further action needed?

I un-installed the AVG.Free 9.0.
Here the log that poped up.
Thank you for the advise and the avast uninstall tool.
I will try that now.

ComboFix 11-04-03.01 - Owner 03/04/2011  21:55:56.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.2.1033.18.4085.2841 [GMT -4:00]
Running from: c:\users\Owner\Pictures\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\jusched.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WMPNetworkSvc
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-04 to 2011-04-04  )))))))))))))))))))))))))))))))
.
.
2011-04-04 02:02 . 2011-04-04 02:04   --------   d-----w-   c:\users\Owner\AppData\Local\temp
2011-04-04 02:02 . 2011-04-04 02:02   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-04-03 23:07 . 2011-04-03 23:07   --------   d-----w-   C:\_OTL
2011-03-28 20:30 . 2011-03-28 20:30   --------   d-----w-   c:\program files (x86)\Common Files\McAfee
2011-03-28 20:29 . 2011-03-29 16:15   --------   d-----w-   c:\program files (x86)\McAfee
2011-03-27 16:25 . 2011-03-27 16:25   --------   d-----w-   c:\users\Owner\AppData\Local\{CBBA9F6A-5EBB-4741-821E-D82E75EEC89E}
2011-03-26 13:16 . 2011-03-26 13:16   --------   d-----w-   c:\users\Owner\AppData\Local\{4470D77A-E11F-45A6-A9E0-729F4C4E9CE9}
2011-03-25 20:10 . 2011-03-25 20:10   --------   d-----w-   c:\users\Owner\AppData\Local\{A9E1FAD2-22DD-48B0-8E29-55EF316C4171}
2011-03-24 23:36 . 2011-03-24 23:36   --------   d-----w-   c:\program files (x86)\Microsoft
2011-03-24 11:05 . 2011-03-24 11:06   --------   d-----w-   c:\users\Owner\AppData\Local\{DF441B98-1BF7-4E6D-B31A-2D764105DE28}
2011-03-23 23:05 . 2011-03-23 23:05   --------   d-----w-   c:\users\Owner\AppData\Local\{47D884B2-F3B4-47E7-9BED-FC7BF6AED343}
2011-03-23 10:49 . 2011-02-22 14:47   479744   ----a-w-   c:\windows\system32\XpsGdiConverter.dll
2011-03-23 10:49 . 2011-02-22 14:13   288768   ----a-w-   c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-23 10:49 . 2011-02-22 13:53   1555968   ----a-w-   c:\windows\system32\DWrite.dll
2011-03-23 10:49 . 2011-02-22 13:53   1149440   ----a-w-   c:\windows\system32\FntCache.dll
2011-03-23 10:49 . 2011-02-22 13:33   1068544   ----a-w-   c:\windows\SysWow64\DWrite.dll
2011-03-23 10:42 . 2011-03-23 10:43   --------   d-----w-   c:\users\Owner\AppData\Local\{E572A2F1-6DA3-4321-A0FE-1E12F4D8D404}
2011-03-22 11:45 . 2011-03-22 11:45   --------   d-----w-   c:\users\Owner\AppData\Local\{1621B3CC-19D5-4933-A98E-CC9DAC557333}
2011-03-21 07:07 . 2011-03-21 07:07   --------   d-----w-   c:\users\Owner\AppData\Local\{A6C7E9B1-8BAF-4F9F-AA7F-91D0E4CA6358}
2011-03-20 17:38 . 2011-03-20 17:39   --------   d-----w-   c:\users\Owner\AppData\Local\{98A71E93-2707-4C25-AC5C-108B8094C478}
2011-03-19 19:21 . 2011-03-19 19:21   --------   d-----w-   c:\users\Owner\AppData\Local\{7F7537D7-FB8E-47EB-8320-2A466ED1CA2A}
2011-03-19 16:37 . 2011-03-21 17:36   --------   d-----w-   c:\program files (x86)\McAfee Security SCAN
2011-03-19 15:12 . 2011-03-19 15:12   605960   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-03-17 11:22 . 2011-03-17 11:22   --------   d-----w-   c:\users\Owner\AppData\Local\{8E111FB5-56A1-4F21-9911-CC369D808F46}
2011-03-17 07:01 . 2009-10-09 21:56   2048   ----a-w-   c:\windows\SysWow64\winrsmgr.dll
2011-03-17 07:01 . 2009-10-09 21:35   2048   ----a-w-   c:\windows\system32\winrsmgr.dll
2011-03-17 07:01 . 2009-10-09 21:35   13312   ----a-w-   c:\windows\system32\wsmplpxy.dll
2011-03-17 07:01 . 2009-10-09 21:34   13312   ----a-w-   c:\windows\system32\winrssrv.dll
2011-03-17 04:26 . 2011-03-17 04:26   159744   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-03-17 04:25 . 2011-03-17 04:25   --------   d-----w-   c:\programdata\Apple Computer
2011-03-17 04:25 . 2011-03-17 04:25   --------   d-----w-   c:\users\Owner\AppData\Local\Apple
2011-03-17 04:25 . 2011-03-17 04:25   --------   d-----w-   c:\program files (x86)\Apple Software Update
2011-03-17 04:24 . 2011-03-17 04:24   --------   d-----w-   c:\program files\Common Files\Apple
2011-03-17 04:24 . 2011-03-17 04:24   --------   d-----w-   c:\program files\Bonjour
2011-03-17 04:24 . 2011-03-17 04:24   --------   d-----w-   c:\program files (x86)\Bonjour
2011-03-17 04:23 . 2011-03-17 04:24   --------   d-----w-   c:\program files (x86)\Common Files\Apple
2011-03-17 04:23 . 2011-03-17 04:23   --------   d-----w-   c:\programdata\Apple
2011-03-17 04:16 . 2010-12-17 17:34   2425344   ----a-w-   c:\windows\system32\mstscax.dll
2011-03-17 04:16 . 2010-12-17 15:45   2067968   ----a-w-   c:\windows\SysWow64\mstscax.dll
2011-03-17 04:16 . 2010-12-17 15:41   731136   ----a-w-   c:\windows\system32\mstsc.exe
2011-03-17 04:16 . 2010-12-17 13:54   677888   ----a-w-   c:\windows\SysWow64\mstsc.exe
2011-03-17 04:16 . 2010-12-29 19:01   416768   ----a-w-   c:\windows\system32\sbe.dll
2011-03-17 04:16 . 2010-12-29 19:01   559616   ----a-w-   c:\windows\system32\EncDec.dll
2011-03-17 04:16 . 2010-12-29 18:59   226816   ----a-w-   c:\windows\system32\mpg2splt.ax
2011-03-17 04:16 . 2010-12-29 18:28   322560   ----a-w-   c:\windows\SysWow64\sbe.dll
2011-03-17 04:16 . 2010-12-29 18:28   429056   ----a-w-   c:\windows\SysWow64\EncDec.dll
2011-03-17 04:16 . 2010-12-29 18:26   177664   ----a-w-   c:\windows\SysWow64\mpg2splt.ax
2011-03-17 04:16 . 2010-12-29 19:01   210944   ----a-w-   c:\windows\system32\sbeio.dll
2011-03-17 04:16 . 2010-12-29 18:28   153088   ----a-w-   c:\windows\SysWow64\sbeio.dll
2011-03-17 04:15 . 2011-03-17 04:15   --------   d--h--w-   c:\programdata\Common Files
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 04:06 . 2010-06-24 15:33   18328   ----a-w-   c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-20 16:46 . 2011-02-14 19:13   900480   ----a-w-   c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:17 . 2011-02-14 19:13   366592   ----a-w-   c:\windows\system32\winspool.drv
2011-01-20 16:17 . 2011-02-14 19:13   625152   ----a-w-   c:\windows\system32\dxgi.dll
2011-01-20 16:16 . 2011-02-14 19:13   287232   ----a-w-   c:\windows\system32\d3d10core.dll
2011-01-20 16:16 . 2011-02-14 19:13   327680   ----a-w-   c:\windows\system32\d3d10_1core.dll
2011-01-20 16:16 . 2011-02-14 19:13   196096   ----a-w-   c:\windows\system32\d3d10_1.dll
2011-01-20 16:16 . 2011-02-14 19:13   1268224   ----a-w-   c:\windows\system32\d3d10.dll
2011-01-20 16:16 . 2011-02-14 19:13   748544   ----a-w-   c:\windows\system32\stobject.dll
2011-01-20 16:16 . 2011-02-14 19:13   47104   ----a-w-   c:\windows\system32\cdd.dll
2011-01-20 16:16 . 2011-02-14 19:13   3548672   ----a-w-   c:\windows\system32\mf.dll
2011-01-20 16:16 . 2011-02-14 19:13   35840   ----a-w-   c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:14 . 2011-02-14 19:13   278528   ----a-w-   c:\windows\system32\mfplat.dll
2011-01-20 16:14 . 2011-02-14 19:13   195072   ----a-w-   c:\windows\system32\mfps.dll
2011-01-20 16:08 . 2011-02-14 19:13   478720   ----a-w-   c:\windows\SysWow64\dxgi.dll
2011-01-20 16:08 . 2011-02-14 19:13   219648   ----a-w-   c:\windows\SysWow64\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-14 19:13   160768   ----a-w-   c:\windows\SysWow64\d3d10_1.dll
2011-01-20 16:08 . 2011-02-14 19:13   1029120   ----a-w-   c:\windows\SysWow64\d3d10.dll
2011-01-20 16:08 . 2011-02-14 19:13   189952   ----a-w-   c:\windows\SysWow64\d3d10core.dll
2011-01-20 16:07 . 2011-02-14 19:13   258048   ----a-w-   c:\windows\SysWow64\winspool.drv
2011-01-20 16:07 . 2011-02-14 19:13   586240   ----a-w-   c:\windows\SysWow64\stobject.dll
2011-01-20 16:06 . 2011-02-14 19:13   2873344   ----a-w-   c:\windows\SysWow64\mf.dll
2011-01-20 16:04 . 2011-02-14 19:13   209920   ----a-w-   c:\windows\SysWow64\mfplat.dll
2011-01-20 16:04 . 2011-02-14 19:13   98816   ----a-w-   c:\windows\SysWow64\mfps.dll
2011-01-20 15:01 . 2011-02-14 19:13   3068416   ----a-w-   c:\windows\system32\xpsservices.dll
2011-01-20 15:01 . 2011-02-14 19:13   1653760   ----a-w-   c:\windows\system32\XpsPrint.dll
2011-01-20 14:59 . 2011-02-14 19:13   1032192   ----a-w-   c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:58 . 2011-02-14 19:13   1461760   ----a-w-   c:\windows\system32\OpcServices.dll
2011-01-20 14:57 . 2011-02-14 19:13   231936   ----a-w-   c:\windows\system32\XpsRasterService.dll
2011-01-20 14:42 . 2011-02-14 19:13   1257984   ----a-w-   c:\windows\system32\MFH264Dec.dll
2011-01-20 14:41 . 2011-02-14 19:13   428544   ----a-w-   c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:40 . 2011-02-14 19:13   345088   ----a-w-   c:\windows\system32\mfreadwrite.dll
2011-01-20 14:40 . 2011-02-14 19:13   34304   ----a-w-   c:\windows\system32\mfpmp.exe
2011-01-20 14:40 . 2011-02-14 19:13   377344   ----a-w-   c:\windows\system32\mfmp4src.dll
2011-01-20 14:37 . 2011-02-14 19:13   2002944   ----a-w-   c:\windows\system32\d3d10warp.dll
2011-01-20 14:35 . 2011-02-14 19:13   566272   ----a-w-   c:\windows\system32\d3d10level9.dll
2011-01-20 14:28 . 2011-02-14 19:13   1554432   ----a-w-   c:\windows\SysWow64\xpsservices.dll
2011-01-20 14:27 . 2011-02-14 19:13   876032   ----a-w-   c:\windows\SysWow64\XpsPrint.dll
2011-01-20 14:25 . 2011-02-14 19:13   847360   ----a-w-   c:\windows\SysWow64\OpcServices.dll
2011-01-20 14:24 . 2011-02-14 19:13   135680   ----a-w-   c:\windows\SysWow64\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-14 19:13   979456   ----a-w-   c:\windows\SysWow64\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-14 19:13   357376   ----a-w-   c:\windows\SysWow64\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-14 19:13   302592   ----a-w-   c:\windows\SysWow64\mfmp4src.dll
2011-01-20 14:14 . 2011-02-14 19:13   261632   ----a-w-   c:\windows\SysWow64\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-14 19:13   1172480   ----a-w-   c:\windows\SysWow64\d3d10warp.dll
2011-01-20 14:11 . 2011-02-14 19:13   486400   ----a-w-   c:\windows\SysWow64\d3d10level9.dll
2011-01-20 14:06 . 2011-02-14 19:13   834048   ----a-w-   c:\windows\system32\d2d1.dll
2011-01-20 13:47 . 2011-02-14 19:13   683008   ----a-w-   c:\windows\SysWow64\d2d1.dll
2011-01-13 10:20 . 2011-01-28 07:11   7844688   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F58F427-5672-44B3-87E9-477EA0C28659}\mpengine.dll
2011-01-13 08:47 . 2011-01-24 00:26   237168   ----a-w-   c:\windows\system32\aswBoot.exe
2011-01-08 09:03 . 2011-02-14 19:12   48128   ----a-w-   c:\windows\system32\atmlib.dll
2011-01-08 08:47 . 2011-02-14 19:12   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2011-01-08 06:45 . 2011-02-14 19:12   367104   ----a-w-   c:\windows\system32\atmfd.dll
2011-01-08 06:28 . 2011-02-14 19:12   292352   ----a-w-   c:\windows\SysWow64\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-06 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"AdobeUpdater"="c:\program files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\CONTROL\SafeBoot\Minimal\!SASCORE]
=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-06 135664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 LVcKap64;Logitech AEC Driver;c:\windows\system32\DRIVERS\LVcKap64.sys

• Once you have downloaded the file, double click the sarsfx icon
  
• Review the licence agreement and click on the Accept button
  
• The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
  
  
• Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  
• Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  
• Allow the program to scan your computer - please be patient as it may take some time
• Once the scan has completed a window will POP-up with the results of the scan - click OK to this
  
• In the main window, you will see each of the entries found by the scan (if any)
• If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
• Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
• If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
• To clean up these entries click on the Clean up checked items button
  
• If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
• Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
• When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now

• Double click it to start the tool.Vista and Windows7 run as administrator.
• Click Scan.
  
• Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
  

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few seconds a new window should APPEAR.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

If someone were to hack your root, how would you make sure that you're rooted and what should you do to get it REMOVED?

It is just interest out of personal hobby and because I had this sad happening like MANY years ago.By 'root hacking' you mean 'rootkit'.
Rootkit
http://en.wikipedia.org/wiki/Rootkit

The like above gives a good definition of what a Rootkit is. (There term at one time had a more narrow meaning. It was a rick to be used by administrators to recover a failing system.)

Here on this FORUM they do not encourage 'root hacking' as a politically corret hobby.

For more info, use the term 'rootkit' in yurt SEARCH.

Want to know if you get a dll error what do you need to do to FIX it? Should you download the missing file? What if you cannot enter the internet then? Where do you copy the missing file to? Thanksi think this is in the wrong aria, this section os about PC viruses, you may need to POST this question somewere elce, SORRY for not beeing helpful. you can download the .dll FILES but they MIGHT not be the right vertion.

Quote

Do I need to Delete the quarantined files? and also is this a program that I should uninstall or will I use it regularly from now on?

Should I back it up now or wait a week to delete the quarantined files?

Also, what do you suggest I as a virus protection. I use Malwarebytes every couple of weeks. Honestly I have never had any problems until this past week.

The only thing I notice that is different now is the it seems to take FOREVER to boot up. I dont remember it ever taking so long.

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

My computer still takes a long time to boot up....it still seems longer than it used to but I have not used a couple of the clean up tools listed on the "SLOW computer" page that you suggested.

I have used a program called: "Clean up" by Steven Gould that seems to have worked well in the past....are you familiar with this? and if so is it adequate or would the "CCleaner" be better?

Is there anything else I should be running?

How much time are we talking about?

Can you tell me another way to get into safe mode? I am apparently under attack by worms,trojan, etc. I TRIED to open in safe mode to do the fix but it does not work. Any other way to get in? The screen stays black when I TRY to restart and hit F8....
Thank youDuplicate post. I'm WORKING with this OP on the original post. I will lock this ONE.

Still got some the Background on my screen is just black now no picture i have tried to put the 1 back on but will not let me also When you go into documents all the files have no picture of a file just a name but you have to click the invisible file Maybe be easier just to make back up disc of WINDOWS VISTA  if can find the file of it put on disc then wipe computer not done that for over 2 years so might just need wiping clean GOOD CLEAN UP, Like still don't know what the TASK ENG.EXE running 3 times when i look at task manager it will not let me close it all them down when  i close others it just starts up again few seconds later.
I tried to run ComboFix again to try get you a log but still says CORRUPT COPY.

Sorry about all the trouble SuperDave i know you good cos it was you that got my computer going last time on different computer

THANK YOU FOR THE HELP WILL WAIT TO SEE WHAT YOU WANT NEXT.

JENZO  Still no good with ComboFix i have kept trying & have tried different links to it as well but still said Corrupt Copy. Do you think we will be able to work out what the trouble is ??, Have you seen anything wrong so far in any of the logs that might be 1 of the problems if there is more than 1 i say they is. Hope you can help me out SuperDave will check in today every 2hrs to see if any replies.

THANK YOU SuperDave

JENZO    Done a new HTJ log for you so you can look at it just in case there is something new on it from last time , Also done other scans but they have found nothing so far.

HTJ LOG:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:41:16, on 16/04/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\dvd43\DVD43_Tray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Electronic Arts\EADM\EADMUI\EADM.exe
C:\PROGRA~1\ELECTR~1\EADM\EADMUI\EACoreServer.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Defender\MSASCui.exe
c:\users\Jenzo\Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/?ocid=OIE9HP
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENGB/110
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\rmtray.exe /H
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [EADM] "C:\Program Files\Electronic Arts\EADM\EADMUI\EADMUI.exe"
O9 - Extra button: C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7137 bytes
Quote

Still got some the Background on my screen is just black now no picture i have tried to put the 1 back on but will not let me also When you go into documents all the files have no picture of a file just a name but you have to click the invisible file

Do you think we will be able to work out what the trouble is ??, Have you seen anything wrong so far in any of the logs that might be 1 of the problems if there is more than 1 i say they is.

Also i did run the SFC scan that you ask me to as i said in last report it would not let me get logs from CBS kept saying ACCESS DENIED. but did run the scan as you said just the logs could not get for you i found them no problem but would not let me open them.

• Double click on the icon to run it. Make sure all other windows are CLOSED and to let it run uninterrupted.
• Under the Custom Scan box paste this in

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
    

I HAVE NO RECOVERY DISC  did not get 1 with computer when new it came installed with VISTA  already is there a way to make RECOVERY DISC if so if you can tell me i do that & wipe computer start from new because you cannot find nothing so what ever it is attacking my computer is hiding well from you IF YOU CANNOT FIND IT SuperDave then i have no chance but to wipe it 

If you can please tell me where to get main Vista file to make BACK UP DISC i do that will not take up more of your time you have tried your best for me you helped me out 2 times before & we cleaned up the computers but this 1 has got me 

THANK YOU FOR THE HELP SO FAR SuperDave  sorry if wasted your time if i wipe computer 

i think i look into one of the courses that teach you how to look for & fix spyware & malaware  would be good to help people give something back.

Hi

I did a scan with AVG and it came up with broken digital signatures from MALAWARE BYTES. What does this mean and should I remove Malaware bytes. Is this harmful to my computer?

I READ AVG is difficult to install unlike other problems where you simply uninstall at CONTROL panel wondering the best way to go about this and if it is true.

thanks
LeighDuplicate post. Locked

Hi,
    I need your help. I read a few threads where you helped people resolve w32.sillyFDC virus.

    My laptop- windows 7- was working perfectly fine untill 2 days back. I was watching a show on VLC media player, the sound suddenly started scratching and then disappeared. Since then I have done the following:-
    1. Updated all drivers
    2. Cleaned up temporary files
    3. ran ad-aware, malware as well as norton anti virus protections. They all showed different problems and said they were fixed. the latest one is on norton which shows three HIGH risks- 1. w32.sillyFDC 2. w32.changeup.C 3. Trojanhorse. The norton log says it has been fixed and no action required.
    4. I also tried system restore to an earlier point, but it gives me an error "not successfull as an anti-virus program is running in the background" even when there is no spyware running.

    Please help me in fixing this.

i have read the manula and below are my logs from superantispyware, mbam and hijack this-

superantispyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/10/2011 at 10:18 PM

Application Version : 4.50.1002

Core Rules Database Version : 6799
Trace Rules Database Version: 4611

Scan type       : Complete Scan
Total Scan Time : 01:43:04

Memory items scanned      : 753
Memory threats detected   : 0
Registry items scanned    : 10921
Registry threats detected : 0
File items scanned        : 155425
File threats detected     : 119

Adware.Tracking Cookie
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Namrata\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   s0.2mdn.net [ C:\Users\Guest\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3ENSHXAY ]
   .chitika.net [ C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\piiaz0s2.default\cookies.sqlite ]
   .statcounter.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   statse.webtrendslive.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .doubleclick.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .mm.chitika.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .technoratimedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   wstat.wibiya.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .yieldmanager.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.googleadservices.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .imrworldwide.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   vlc-media-player.en.softonic.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   vlc-media-player.en.softonic.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   vlc-media-player.en.softonic.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .zedo.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vlcmediaplayer.org [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vlcmediaplayer.org [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .vlcmediaplayer.org [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   trekmedia.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.trekmedia.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.biz [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.trekmedia.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.biz [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.visit-tracker.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .xiti.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .smartadserver.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .kontera.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .interclick.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .revsci.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   segment-pixel.invitemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .collective-media.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .atdmt.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.at.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tacoda.net [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .invitemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .advertising.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .ar.atwola.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   ad.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .www.burstnet.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .casalemedia.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .burstnet.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   www.burstnet.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .tribalfusion.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .content.yieldmanager.com [ C:\Users\Namrata\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
   .adserver.adtechus.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .statcounter.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .doubleclick.net [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .mm.chitika.net [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .zedo.com [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]
   .2o7.net [ C:\Users\Namrata\AppData\Roaming\Mozilla\Firefox\Profiles\febi2yip.default\cookies.sqlite ]

Adware.Agent/Gen-Zango
   C:\USERS\NAMRATA\DOWNLOADS\EMULESETUP.EXE



MBAM log:-

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6325

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10-04-2011 23:09:12
mbam-log-2011-04-10 (23-09-12).txt

Scan type: Quick scan
Objects scanned: 184349
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\supxwatraqwvcgdch.dll (Adware.AdRotator) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{862C6A68-E35F-A359-9031-79DFA8FF365E} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{862C6A68-E35F-A359-9031-79DFA8FF365E} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{862C6A68-E35F-A359-9031-79DFA8FF365E} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{862C6A68-E35F-A359-9031-79DFA8FF365E} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\hfdfwjpsrmiowup (Adware.AdRotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kbgrecvqxkyyg (Adware.AdRotator) -> Value: kbgrecvqxkyyg -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\supxwatraqwvcgdch.dll (Adware.AdRotator) -> Delete on reboot.
c:\Users\Namrata\AppData\Local\Temp\browserhotfix1.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Namrata\local settings\temporary internet files\Content.IE5\3MMH8ISL\setup[1].exe (Adware.Agent) -> Quarantined and deleted successfully.


hijackthislog:-

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:20:25, on 10-04-2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\OEM13Mon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\SUPERAntiSpyware\6354c80e-8a16-4371-beda-9ff4579d8d9e.com
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\NOTEPAD.EXE
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\NOTEPAD.EXE
C:\Windows\System32\NOTEPAD.EXE
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Namrata\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,START Page = http://search.conduit.com?SearchSource=10&ctid=CT2405280
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
O3 - Toolbar: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [basicsmssmenu] "C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java UPDATE\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [googletalk] C:\Users\Namrata\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Namrata\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TimeSheet] C:\Program Files\TimeSheet\TimeSheet.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TimeSheet] C:\Program Files\TimeSheet\TimeSheet.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: []  (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MIF5BA~1\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IPOD Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: O2FLASH - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_5f120bca41bba11b\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 9975 bytes
Your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. First Warning!Ignore the above post.

Please uninstall Antivirus 2010. It is malware.

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]:OTL
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} -  File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -  File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} -  File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ClientGW]  File not found
O4 - HKLM..\Run: [PCDrProfiler]  File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)

:Files
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At18.job
 C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At1.job
:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
***************************************************
Download Security CHECK by screen317 from one of the following links and SAVE it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
As I mentioned earlier, 'Anti virus 2010' will not uninstall through control panel. If I could find the file, perhaps I could wipe it with DPwiper, but I don't know how to find it, and a search for 'anti virus 2010' comes up blank.

Below are the logs you requested:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ClientGW deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\internet\ deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2096855 bytes
->Flash cache emptied: 456 bytes
 
User: All Users
 
User: Compaq_Owner
->Temp folder emptied: 57661349 bytes
->Temporary Internet Files folder emptied: 15735455 bytes
->Java cache emptied: 2379 bytes
->FireFox cache emptied: 94265900 bytes
->Flash cache emptied: 7167 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: LocalService
->Temp folder emptied: 1056392 bytes
->Temporary Internet Files folder emptied: 33264 bytes
->FireFox cache emptied: 3717997 bytes
 
User: misc pics
 
User: NetworkService
->Temp folder emptied: 1982008 bytes
->Temporary Internet Files folder emptied: 1008811 bytes
->Flash cache emptied: 3557 bytes
 
User: New Folder
 
User: savanah pics
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2952721 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27838375 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 885602 bytes
RecycleBin emptied: 26624 bytes
 
Total Files Cleaned = 200.00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04232011_073419

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


--------------------------------



 Results of screen317's Security Check version 0.99.10 
 Windows XP Service Pack 3 (UAC is disabled!)
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
 Windows Firewall Disabled! 
 Avira AntiVir Personal - Free Antivirus
 WWII: Normandy     
 Antivirus 2010     
 PC Tools Firewall Plus 6.0 
 ZoneAlarm Spy Blocker Toolbar   
 ZoneAlarm     
 Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
 Malwarebytes' Anti-Malware   
 CCleaner     
 Java(TM) 6 Update 17 
 Out of date Java installed!
 Adobe Flash Player    10.1.102.64 
Adobe Reader 7.0
Out of date Adobe Reader installed!
 Mozilla Thunderbird (3.1.9)
````````````````````````````````
Process Check: 
objlist.exe by Laurent
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 PC Tools Firewall Plus FirewallGUI.exe   
 PC Tools Firewall Plus FWService.exe   
``````````End of Log````````````



Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*************************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
*****************************************************
Quote

As I mentioned earlier, 'Anti virus 2010' will not uninstall through control panel. If I could find the file, perhaps I could wipe it with DPwiper, but I don't know how to find it, and a search for 'anti virus 2010' comes up blank.

• Double click Sysprot.exe to start the program.
• Click on the Log tab.
• In the Write to log box select the following items.
• Process << Selected
  
• Kernel Modules << Selected
  
• SSDT << Selected
  
• Kernel Hooks << Selected
  
• IRP Hooks << NOT Selected
  
• Ports << NOT Selected
  
• Hidden Files << Selected
  
• At the bottom of the page
• Hidden Objects Only << Selected
  
• Click on the Create Log button on the bottom right.
• After a few SECONDS a new window should appear.
• Select Scan Root Drive. Click on the Start button.
• When it is complete a new window will appear to indicate that the scan is finished.
• The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

Quote

I use Firefox and also Internet explorer.

Dave, I hope I'm not speaking prematurely but that appears to have done it.  I can access Microsoft Update, Google Chrome is working, the Windows theme is finally back to normal, this is great. I can't thank you enough.

Only one thing, on your template (well, I'm assuming your instruction guides are templates) for the Recovery Console, the second and third pictures are inverted. It caused a second of minor confusion until I realized what it was supposed to look like. Very minor, I just thought I might let you know about that. Quote

Only one thing, on your template (well, I'm assuming your instruction guides are templates) for the Recovery Console, the second and third pictures are inverted. It caused a second of minor confusion until I realized what it was supposed to look like. Very minor, I just thought I might let you know about that.

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the ICON on your desktop.
  

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

I removed SysProt and ESET. Is there SOMETHING I installed that replaces SAS and MBAM? I don't mind keeping them around as I've had them for years.

My computer has 1GB installed ram and it's using up to 16% when I checked.
It has 76.6GB on the hard drive and I'm using 37.4GB.

I know it's old and I should UPGRADE, but this is what I've got for now.

I installed Windows Defender, TFC, and Secunia. Should I delete CCLEANER if I installed TFC?

And the Avast situation...why isn't it coming on automatically anymore?
Quote

Is there something I installed that replaces SAS and MBAM?

TFC, and Secunia. Should I delete CCleaner if I installed TFC?

And the Avast situation...why isn't it coming on automatically anymore?

That's GREAT news. PLEASE keep me updated.Sorry, I was PREMATURE in thinking that the PROBLEM was solved. I'm still LOOKING though.

Please run ESET again and this time, fix the infections and post the log.doneSo, how's your computer running now? Any other issues?Still unable run the pgm. Quote

Still unable run the pgm.

They eventually responded and said I needed the .net 4 framework.

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the RESULTS pane.
  
• In the field, type in ComboFix /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

I have a virus that is preventing me from UPLOADING my files to a CD. I don't need help with the virus. Just with transferring my files. I just bought a mac and need to transfer the files. Is there a virtual website that I can TEMPORARILY store my files? Or, would I have better LUCK with a flash DRIVE? Many thanks.