Explore topic-wise InterviewSolutions in .

My parents are paying for stopsign and she was wondering if this was a good program? I was telling her how you helped me. What are the best ones out there to catch everything for those of us who don't know that much about computers. We are just wondering if you could point us in a direction.

Thanks,

ChristalThey are both ROGUES, and are not recommended.

They are listed in some HOSTS files as well:

http://hosts-file.net/?s=stop-sign.com
http://hosts-file.net/?s=eacceleration.com

with classification: EMD.

EMD=Engaged in malware distribution.Thank you for the information.

They have been paying a yearly fee for this "security". What do you suggest they do? What TYPE of program should they be using... It is a Vista OS.Attempt to get refund.

Go with something much more trusted, which would be:

Avira Free, or Premium: http://www.avira.com (Premium is a low cost, and powerful SOLUTION.)
Kaspersky Antivirus: http://www.kaspersky.com
ESET Nod32 Antivirus: http://www.eset.com
Avast Free antivirus: http://www.avast.comThank you again. They chose Avast. They are on dial up and evidently it takes 13 hours to download...they started the download then stopped it now it appears they can't go back to it now.... I am 18 hours away. LOL

was told to post here since i might have virus or something.

couple weeks after i upgraded from windows vista to windows 7 my hard drive been saying its full when i have like NOTHING. it makes my INTERNET use show up all weird and says not enough memory.. when i try to clean up the hard drive which theres nothing to clean up besides temporary internet files and thumnails. after doing that im ABLE to use net to the fullest for about 1-2 days sometimes less and then i have to repeat the process. i dont know wats making the hard drive full. any help??

Only (C) drive is filling up nothing happens to (D) drive. Please go to this link and follow the directions and post the required logs. well guess WAT i went to the link u posted and since my antivirus isnt working properly any more and as stated on one of the steps i had to download a new working anti virus i uninstalled my current antivirus which was kasperky antivirus and it solved the problem!!!! i am suprised that a simple antivirus program would be filling up my hard drive!! i am still wondering why it would be filling up my hard drive?? but EVERYTHING is back to normal i guess i just need a new anti virus now.I doubt that your problem is completely solved. You should follow the link in SuperDave's post and follow all instructions therein.

Thank you for your time in advance. I just got this computer from another person, and I followed the Malware Removal Guide on this website to a T. I have fully updated versions of AVG, Online Armor, SUPER Anti-Spyware, Malwarebytes anti-malware. Again I've followed that guide to a T. Since I am not an expert at this, how do I know if my computer is 100% clean and safe to use? I have sensitive data that I need this computer for, but I'm not going to start until I know it is 100% clean. I also have the logs for anti-spyware, MBAM, and hijackthis ready and waiting on my desktop. Thank you for your time and help.If you don't know the history of the computer, the only way to know that it is absolutely clean is to do a re-format and re-install the Operating System. The computer may have had some serious infections that may have compromised the security of the machine. I've included the warning below that we give to those whose computers have been affected. This is very important especially if you're going to use this computer for financial transactions. We can run scans and check the logs but we can't guarantee it's security.

A backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Read this article: Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

I would counsel you to disconnect this PC from the Internet immediately.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very LIKELY compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall?

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next postI don't have any personally or financially identifiable information on this computer. And I won't start either. This is a home PC with Windows XP service pack 2 running. I use this computer for surfing the internet/watching movies/video games/ and music. Nothing else. I would like to go ahead and try to secure/clean this computer as much as possible. Unfortunately this is my father's PC who passed away a few months ago, and all of the XP re-install discs are missing. So re-installing isn't much of an option. Any help would be great, thank you.First of all, my sincere condolences. Let's run some scans to see what we have. Could you please copy and paste the logs that you have from the different scans that you've run already

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

If I'm reading this correctly then this is uglier than I thought.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/03/2010 at 07:28 AM

Application Version : 4.38.1004

Core Rules Database Version : 5024
Trace Rules Database Version: 2836

Scan type : Complete Scan
Total Scan Time : 03:37:45

Memory items scanned : 489
Memory threats detected : 0
Registry items scanned : 6314
Registry threats detected : 0
File items scanned : 158689
File threats detected : 220

Adware.HotBar/SpamBlockerUtility (Low Risk)
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\3_Shot Gun.wav
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\ASAPCom.dll
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\Redemption.dll
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SBClientSinkPS.dll
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SBInst.exe
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SBOLExp.dll
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SBOLExt.dll
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SBSrvPS.dll
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SBTrayAppPS.dll
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SBUIRes.dll
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SBUISkin.dll
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0\SpamBlocker.exe
C:\Program Files\SpamBlockerUtility\Bin\4.8.4.0
C:\Program Files\SpamBlockerUtility\Bin\SbUninst.exe
C:\Program Files\SpamBlockerUtility\Bin
C:\Program Files\SpamBlockerUtility\SBTV\sbtvau.dat
C:\Program Files\SpamBlockerUtility\SBTV\sbtv_hpk.dat
C:\Program Files\SpamBlockerUtility\SBTV\sbtv_kyf.dat
C:\Program Files\SpamBlockerUtility\SBTV
C:\Program Files\SpamBlockerUtility

Trojan.Media-Codec
C:\Program Files\Perfect Codec

Adware.Tracking Cookie
.2o7.net [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.aprilteens.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.bigbanners.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.bigbanners.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.bigbanners.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.bigbanners.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.bigbanners.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.bigbanners.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.bigfreesex.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.bravenet.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.bravenet.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.bravenet.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.bravenet.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.burstnet.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.coolsavings.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.coolsavings.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.coolsavings.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.coolsavings.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.coolsavings.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.coolsavings.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.cs.sexcounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.discount-cigarettes-store.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.e-2dj6wfmyaiajagp.stats.esomniture.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.edge.ru4.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.elitematureporn.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.estat.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.fortunecity.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.fortunecity.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.freefind.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.funwebproducts.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.gostats.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.gostats.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.gostats.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.gostats.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.hairypornpics.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.hairypornpics.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.hurricanedigitalmedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.hurricanedigitalmedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.hurricanedigitalmedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.hurricanedigitalmedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.icc.intellisrv.net [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.imrworldwide.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpresserdd.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpresserdd.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.insightexpresserdd.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.internet-*adult URL* [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.kanoodle.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.locator.metadata.windowsmedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.maxserving.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.maxserving.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.metareward.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.mywebsearch.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.mywebsearch.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.mywebsearch.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.mywebsearch.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.mywebsearch.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.mywebsearch.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.mywebsearch.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.mywebsearch.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.naked-celebrityes.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.naked-celebrityes.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.naked-celebrityes.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.onlinerewardcenter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.onlinerewardcenter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.onlinerewardcenter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.onlinerewardcenter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.onlinerewardcenter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.onlinerewardcenter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.onlinerewardcenter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.overture.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.paycounter.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.perf.overture.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.*censored*-paradise.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.qksrv.net [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.qksrv.net [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.qnsr.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.realmedia.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.revenue.net [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.roiservice.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.sav.coolsavings.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.sex-superstore.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.sex-superstore.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.smileycentral.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.stat.onestat.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.stat.onestat.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.stat.onestat.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.stat.onestat.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.stat.onestat.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.tribalfusion.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.uk.sitestat.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.uk.sitestat.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.valuead.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.valuead.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.valuead.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.valuead.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.valueclick.net [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.webpower.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.webpower.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.wetrack.it [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.wvw.silkroadtech.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.wvw.silkroadtech.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.wvw.silkroadtech.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.wvw.silkroadtech.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.3dstats.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.addfreestats.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.bigtitpornstars.net [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.dapornstars.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.dialysisfinder.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.dialysisfinder.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.girlsfuckinghard.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.internet-*adult URL* [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.jimmyspornstars.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.jimmyspornstars.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.porninspector.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.*censored*-galleries.net [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.sexsweety.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www.toyboxxx.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www1.addfreestats.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www3.addfreestats.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www4.addfreestats.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.www5.addfreestats.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.xiti.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.xxxcreatures.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
.xxxcreatures.com [ C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\i0o7rq8j.default\cookies.txt ]
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected].bridgetrack[2].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\HP_Owner\Cookies\[emailprotected][2].txt

Trojan.Agent/Gen-Tmp[27]
C:\DOCUMENTS AND SETTINGS\HP_OWNER\LOCAL SETTINGS\TEMP\1E.TMP

Rootkit.TDSServ/Fake
C:\DOCUMENTS AND SETTINGS\HP_OWNER\LOCAL SETTINGS\TEMP\TDSS6B19.TMP

Unclassified.Unknown Origin
C:\PYTHON22\NMSKSSRVC.EXE

MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4168

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/3/2010 4:14:36 PM
mbam-log-2010-06-03 (16-14-36).txt

Scan type: Quick scan
Objects scanned: 164981
Time elapsed: 33 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry VALUES Infected: 0
Registry Data Items Infected: 0
Folders Infected: 42
Files Infected: 1165

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\HP_Owner\Application Data\SpamBlocker (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility (Adware.Hotbar) -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\eskin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\IESkins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0 (Adware.Hotbar) -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOL (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOL\dynamic (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOL\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOL\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility (Adware.Hotbar) -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic (Adware.Hotbar) -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\344stat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML (Adware.Hotbar) -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\TooltipXML (Adware.Hotbar) -> Files: 1569 -> Delete on reboot.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\dynamic\ustat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static\DownLoad (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\SpamBlockerUtility\v3.0\SpamBlockerUtility\static (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility_Icons (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0 (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\repair-bar (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-100 (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\Angle Interactive\RD Platinum v5.0\scan-bar-pulse (Rogue.RegistryDefender) -> Quarantined and deleted successfully.
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\VVSN (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Program Files\VVSN\URL2 (Adware.WhenU) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\HP_Owner\Local Settings\Temp\TDSS6bf3.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1184993395.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1185048657.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1185206559.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1185223343.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1185241841.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1185399928.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1185426751.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1185723951.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1186768111.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1187659084.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1188678814.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1189729597.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1190862601.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1191729391.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1193332121.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1194987890.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1196740502.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1199730375.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1202187586.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1204482847.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1205864239.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1208402346.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1210353729.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1212436305.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1215273810.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1217300433.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1218306053.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1219938068.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1222282807.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1224267785.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1226642864.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1227767493.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1229060932.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1230267080.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1232946843.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1240201362.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1246971787.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1251334694.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1252165073.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1252853416.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\SpamBlockerUtility_1254280043.log (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\030104_emte10_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\030104_emte11_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\030104_emte12_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\030104_emte13_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\030104_emte14_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\030104_emte19_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\030104_emte20_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\030104_emte21_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\030104_emte9_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\030203lib_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102angel_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102bigluf_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102birthday_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102cheers_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102flo_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102good_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102jump_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102king_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102lough_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102luf_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102smiled_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102smile_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102sor_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102thanx_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\033102uhu_1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\040103ahh_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\040103wow_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\040104_emi2_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\042102_1134_112_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\050103big_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\050103gig_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\050103hm_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\050103norm_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\060104_ema15_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\060104_ema16_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\060104_ema17_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\060104_ema18_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\060104_ema19_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\060104_ema20_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\060104_ema21_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\060104_ema24_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\060104_ema25_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\060104_ema26_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\060104_ema30_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\060104_ema33_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\060104_ema34_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\062802hippi_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\062802jumpie_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\080402argh_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\080402oops_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\080402ouch_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\082502no_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\082502yes_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_boring1_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_confused_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_crying_ugly_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_fantastic_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_feel_better_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_gimme_break_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_heehee_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_hlopaet_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_ign_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_lol_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_no_comment_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_peace_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_smashing_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\110103_talk2thehand_prv.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\blocked.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\blocked2.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\block_sm.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\block_sm2.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\block_smli.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\block_smli2.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\btn_add-but.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\btn_back-but.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\btn_left_cut_enabled_1.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\btn_left_enabled_1.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\btn_left_pressed_1.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\btn_middle_enabled_1.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\btn_middle_pressed_1.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\btn_right_cut_enabled_1.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\btn_right_enabled_1.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\btn_right_pressed_1.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\business_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\buttondir.txt (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\components.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\css2_main.css (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\css2_pagingmodule.css (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\css2_topbuttons.css (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\css_cattree.css (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\css_flashpreview.css (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\delete.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\edit_clear_sound.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\edit_fs.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\edit_select.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-511724-549108.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-511724-9595.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-bcards.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-ecards.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-emoticons.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-estationery.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-funny.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-help.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-images.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-info.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-more.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-my.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-new.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-new2.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-options.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-people.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-photo.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-SpamBlocked.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-tell.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-temp.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-text.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def-email-voice.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-def.cdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-premium-email-premium.mnu (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-t7-bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\email-temp-bg.res (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\estatationery.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\flashpatch.js (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\flashpreview.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\fs3.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\hotbar_promo.htm (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\icon_checked_1.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\icon_close_1.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\icon_close_pressed_1.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\icon_edit_preview.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\icon_edit_send.gif (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Owner\Application Data\SpamBlockerUtility\v3.0\HostOI\static\1\icon_flash_preview.gif (Adware.Hotbar) -> QuarantinDo you have a HJT log and the Security Check log?Sorry I completely spaced it .

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:02:30 PM, on 6/3/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\HP_Owner.RACER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\HP_Owner.RACER\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Common Files\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\HP_Owner.RACER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - Global Startup: WinCinema Manager.lnk = C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra BUTTON: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 10098 BYTES



Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 9.0
Norton Personal Firewall
Online Armor 4.0
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 20
Adobe Flash Player 10.0.45.2
Adobe Reader 6.0.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Tall Emu Online Armor OAcat.exe
````````````````````````````````
DNS Vulnerability Check:
REQUEST Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````
Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

==============================

Open HijackThis and select Open the Misc Tools section. Select open process manager. select
C:\WINDOWS\ALCXMNTR.EXE
and click on kill process. Exit HJT.
----------------------------------------------

Click Start, Search, select All Files and Folders. Copy and paste
Code: [Select]C:\WINDOWS\ALCXMNTR.EXE and click search. Delete this file.

=================================

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==================================

The Security Check shows that you are running more than one Firewall which is a no-no. Windows Firewall Enabled
Norton Personal Firewall Online Armor 4.0 . Two of them should be disabled and removed. The Windows Firewall is not very good because it only protects against incoming traffic and not against out-going traffic which can be most harmful. Windows Firewall can't be uninstall. It's intergrated with XP. It can only be disabled.

==============================

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

=================================

Download ComboFix by sUBs from one of the below links.

Important! You MUST save ComboFix to your desktop

link # 1
Link # 2

Temporarily disable your Anti-virus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on ComboFix.exe & follow the prompts.

Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your Anti-virus and Antispyware protection when ComboFix is complete.

ComboFix 10-06-05.01 - HP_Owner 06/05/2010 23:58:45.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.172 [GMT -7:00]
Running from: c:\documents and settings\HP_Owner.RACER\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Application Data\alot
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\alot\bin\alot.dll
c:\program files\Mozilla Firefox\plugins\NPMorpBr.dll
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\Fonts\acrsec.fon
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\pthreadVC.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-03 22:29 . 2010-06-03 22:29--------d-----w-c:\documents and settings\HP_Owner.RACER\Application Data\Malwarebytes
2010-06-03 22:29 . 2010-06-03 22:29--------d-----w-c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-03 10:42 . 2010-06-03 10:42--------d-----w-c:\documents and settings\HP_Owner.RACER\Application Data\SUPERAntiSpyware.com
2010-06-03 10:42 . 2010-06-03 10:42--------d-----w-c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-02 19:56 . 2010-06-02 19:56--------d-----w-c:\documents and settings\HP_Owner.RACER\Application Data\AVG9
2010-06-01 03:44 . 2010-06-01 03:49--------d-----w-c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-31 10:37 . 2010-05-31 11:27--------d-----w-c:\documents and settings\All Users\Application Data\OnlineArmor
2010-05-31 10:37 . 2010-05-31 10:37--------d-----w-c:\documents and settings\HP_Owner.RACER\Application Data\OnlineArmor
2010-05-31 05:56 . 2010-05-31 05:56--------d-----w-c:\documents and settings\All Users\Application Data\avg9
2010-05-30 06:25 . 2010-05-30 06:25--------d-----w-c:\documents and settings\All Users\Application Data\Qwest
2010-05-27 05:12 . 2010-05-27 05:12--------d-----w-c:\documents and settings\HP_Owner.RACER\Application Data\Intuit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 06:27 . 2005-06-17 13:26--------d-----w-c:\program files\Common Files\Adobe
2010-06-06 06:11 . 2007-05-08 05:27--------d--h--r-c:\documents and settings\All Users\Application Data\yahoo!
2010-06-06 06:11 . 2005-08-15 05:00--------d-----w-c:\program files\Yahoo!
2010-06-06 06:11 . 2010-01-15 01:41--------d-----w-c:\documents and settings\HP_Owner.RACER\Application Data\Yahoo!
2010-06-04 08:52 . 2008-12-09 06:03--------d-----w-c:\program files\Google
2010-06-04 07:11 . 2010-06-04 07:11--------d-----w-c:\program files\EA Games
2010-06-04 07:11 . 2004-12-02 05:41--------d--h--w-c:\program files\InstallShield Installation Information
2010-06-03 23:58 . 2010-06-03 23:58--------d-----w-c:\program files\Trend Micro
2010-06-03 23:53 . 2004-12-02 05:15--------d-----w-c:\program files\Java
2010-06-03 23:43 . 2004-12-02 05:15--------d-----w-c:\program files\Common Files\Java
2010-06-03 23:41 . 2010-06-03 23:42411368----a-w-c:\windows\system32\deployJava1.dll
2010-06-03 22:29 . 2010-06-03 22:29--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2010-06-03 10:42 . 2010-06-03 10:42--------d-----w-c:\program files\SUPERAntiSpyware
2010-06-03 10:31 . 2010-06-03 10:31--------d-----w-c:\program files\CCleaner
2010-06-02 00:36 . 2010-01-15 00:43--------d-----w-c:\documents and settings\HP_Owner.RACER\Application Data\Apple Computer
2010-06-01 21:10 . 2010-05-31 06:00242896----a-w-c:\windows\system32\drivers\avgtdix.sys
2010-06-01 21:10 . 2010-05-31 06:0029584----a-w-c:\windows\system32\drivers\avgmfx86.sys
2010-06-01 05:08 . 2009-06-08 18:15--------d-----w-c:\program files\Bonjour
2010-06-01 03:49 . 2004-12-02 05:46--------d-----w-c:\program files\iTunes
2010-06-01 03:12 . 2006-11-01 02:47--------d-----w-c:\program files\Napster
2010-06-01 02:37 . 2010-05-31 23:54--------d-----w-c:\program files\RadarSync
2010-06-01 02:36 . 2010-01-15 02:20--------d-----w-c:\program files\Shockwave.com
2010-06-01 02:28 . 2010-01-17 03:31--------d-----w-c:\program files\WildTangent
2010-05-31 23:56 . 2010-01-17 22:5842472----a-w-c:\documents and settings\HP_Owner.RACER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-31 23:17 . 2010-05-31 23:17--------d-----w-c:\program files\iXi Tools
2010-05-31 21:45 . 2010-05-31 21:45--------d-----w-c:\program files\sisagp
2010-05-31 20:46 . 2004-12-02 05:54--------d-----w-c:\program files\PC-Doctor for Windows
2010-05-31 20:26 . 2004-12-02 06:07--------d-----w-c:\program files\Common Files\Symantec Shared
2010-05-31 19:58 . 2004-12-02 06:07--------d-----w-c:\program files\Symantec
2010-05-31 19:58 . 2004-12-02 06:07--------d-----w-c:\documents and settings\All Users\Application Data\Symantec
2010-05-31 19:51 . 2004-12-02 05:41--------d-----w-c:\program files\IntelliMover Data Transfer Demo
2010-05-31 19:49 . 2004-12-02 05:55--------d-----w-c:\program files\Easy Internet signup
2010-05-31 11:07 . 2004-12-02 06:08--------d-----w-c:\program files\Norton AntiVirus
2010-05-31 10:35 . 2010-05-31 10:35--------d-----w-c:\program files\Tall Emu
2010-05-31 08:52 . 2004-12-02 05:46--------d-----w-c:\program files\QuickTime
2010-05-31 08:46 . 2006-11-06 20:04--------d-----w-c:\program files\Apple Software Update
2010-05-31 06:00 . 2010-05-31 06:0012464----a-w-c:\windows\system32\avgrsstx.dll
2010-05-31 06:00 . 2010-05-31 06:0052872----a-w-c:\windows\system32\drivers\avgrkx86.sys
2010-05-31 06:00 . 2010-05-31 06:0025096----a-w-c:\windows\system32\drivers\AVGIDSxx.sys
2010-05-31 06:00 . 2010-05-31 06:00216200----a-w-c:\windows\system32\drivers\avgldx86.sys
2010-05-31 05:57 . 2010-05-31 05:57--------d-----w-c:\program files\AVG
2010-05-31 05:13 . 2010-05-31 01:55--------d-----w-c:\program files\Belkin
2010-05-30 06:23 . 2010-05-30 06:23--------d-----w-c:\program files\Xenocode
2010-05-29 05:17 . 2006-11-25 02:46--------d-----w-c:\program files\GameFiesta
2010-05-28 01:33 . 2010-05-28 01:33--------d-----w-c:\program files\Common Files\AnswerWorks 5.0
2010-05-28 01:32 . 2005-06-15 16:50--------d-----w-c:\program files\Quicken
2010-05-27 05:11 . 2010-01-15 00:43--------d-----w-c:\documents and settings\HP_Owner.RACER\Application Data\Symantec
2010-04-29 22:39 . 2010-06-03 22:2938224----a-w-c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-06-03 22:2920952----a-w-c:\windows\system32\drivers\mbam.sys
2010-04-20 11:13 . 2010-05-31 10:3524440----a-w-c:\windows\system32\drivers\OAmon.sys
2010-04-20 11:13 . 2010-05-31 10:3529560----a-w-c:\windows\system32\drivers\OAnet.sys
2010-04-20 11:13 . 2010-05-31 10:35228216----a-w-c:\windows\system32\drivers\OADriver.sys
2010-04-12 09:40 . 2004-12-02 05:1819200----a-w-c:\windows\system32\drivers\srvkp.sys
2010-04-12 09:40 . 2004-12-02 05:181571001----a-w-c:\windows\system32\sisgl.dll
2010-04-12 09:22 . 2004-12-02 05:183468288----a-w-c:\windows\system32\sisgrv.dll
2010-04-12 09:17 . 2004-12-02 05:18324608----a-w-c:\windows\system32\drivers\sisgrp.sys
2010-04-12 09:08 . 2010-04-12 09:089728----a-w-c:\windows\system32\SiSPIns2.dll
2010-04-12 09:07 . 2005-06-18 03:1412288----a-w-c:\windows\InstFunc.dll
2010-04-12 09:07 . 2004-12-02 05:18172032----a-w-c:\windows\system32\SiSInst.dll
2010-04-12 09:07 . 2004-12-02 05:18258048----a-w-c:\windows\system32\SiSParse.dll
2010-04-12 09:06 . 2004-12-02 05:1849152----a-w-c:\windows\system32\SiSBase.dll
2010-04-08 20:20 . 2010-04-08 20:2091424----a-w-c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20107808----a-w-c:\windows\system32\dns-sd.exe
2010-03-10 06:15 . 2004-08-04 11:00420352----a-w-c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\HP_Owner.RACER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-31 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-18 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"NapsterShell"="c:\program files\Napster\napster.exe" [2009-10-06 323280]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-04-20 6678008]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-12-02 180269]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinCinema Manager.lnk - c:\program files\Sandisk\Common\Bin\WinCinemaMgr.exe [2010-1-29 303104]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
SpySubtract.lnk - c:\program files\interMute\SpySubtract\SpySub.exe [2006-5-4 1187840]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-12-1 45056]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-04-20 925688]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-31 06:0012464----a-w-c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1308:UDP"= 1308:UDP:Windows Media Format SDK (napster.exe)
"1309:UDP"= 1309:UDP:Windows Media Format SDK (napster.exe)

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [5/30/2010 11:00 PM 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [5/30/2010 11:00 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/30/2010 11:00 PM 216200]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/30/2010 11:00 PM 242896]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [5/31/2010 3:35 AM 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [5/31/2010 3:35 AM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [5/31/2010 3:35 AM 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/30/2010 10:58 PM 308064]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [5/30/2010 10:58 PM 5888008]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [5/30/2010 10:58 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [5/30/2010 10:58 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [5/30/2010 10:58 PM 26120]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [5/30/2010 10:08 PM 594048]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 12:32128512----a-w-c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2010-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-09 18:30]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-04 08:43]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-04 08:43]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1750873676-2119400782-1055263353-1009Core.job
- c:\documents and settings\HP_Owner.RACER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-31 06:39]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1750873676-2119400782-1055263353-1009UA.job
- c:\documents and settings\HP_Owner.RACER\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-31 06:39]

2010-06-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-04 01:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Owner.RACER\Application Data\Mozilla\Firefox\Profiles\5uge2q0r.default\
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: c:\documents and settings\HP_Owner.RACER\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMySrch.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npWTHost.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-IS CfgWiz - c:\program files\Common Files\Symantec Shared\cfgwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 00:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(472)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2748)
c:\windows\system32\WININET.dll
c:\docume~1\HP_OWN~1.RAC\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Tall Emu\Online Armor\OAcat.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\AGRSMMSG.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlbtcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-06-06 00:32:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-06 07:31

Pre-Run: 103,217,016,832 bytes free
Post-Run: 103,561,994,240 bytes free

- - End Of File - - 36B2B1C882C60CCE211754A93108191D
I'd like us to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

Could you please delete ComboFix from your desktop. It's supposed to work with Vista. Let's try downloading it again.

• Download combofix from here, use the top links - combofix.exe
  
• Double click on ComboFix.exe.
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

• Allow ComboFix to download the Recovery Console.
• Accept the End-User License Agreement.
• The Recovery Console will be installed.
• You will this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may CAUSE it to stall.
  

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

Which antivirus is best for WIndows 7?
I am using KAspersky Internet SEcurity for the protection of my computer. Which according to you is best for Win 7 and why?This question is asked over and over again. Please do a search of this BOARD and you'll see LOTS of similar threads.

Personally, I am a huge fan of Kaspersky.anti-virus programs are unneeded! Whenever you have a problem, it can always be fixed by checking your power supply and connections! And checking for zebra droppings inside the system You're too busy to spend a lot of time worrying about protecting your PC. With Microsoft Security Essentials, you get high-quality protection against viruses and spyware, including Trojans, worms and other malicious software. And best of all, there are no costs or annoying subscriptions to keep track of.

It's very easy to install Security Essentials using it is even easier than one might expect. Updates and upgrades are automatic, so there's no need to worry about having the latest protection. It's easy to tell if you're protected – when the Security Essentials icon is green, your status is good. It's as simple as that.

When you're busy using your PC, you don't want to be bothered by NEEDLESS alerts. Security Essentials runs quietly in the BACKGROUND, only alerting you if there's something you need to do. And it doesn't USE a lot of system resources, so it won't get in the way of your work or fun.

Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.

Microsoft Security Essentials is a free download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It’s easy to tell if your PC is secure — when you’re green, you’re good. It’s that simple.

Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want—without interruptions or long computer wait times.
Get it here.

i tried and got the same error...i tried to update then delete and got the same message to please wait while it deletes all Mcafee......I am gonna leave my system on THRU out the nite to see what happens with the message, maybe it needs some time to delete all programs.
Now am having new problems occur while turning my system on it takes a long them to boot up (5 or more minutes), it FREEZES after the window logo shows up. And while surfing my connection seems to have a sudder to it? any suggestions?Hello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. If you want to help, please go here. Superdave.You could try this.

StartupLite

Download StartupLite by MalwareBytes to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
===========================

Quote

my connection seems to have a sudder to it?

Does anyone have the paid version of MalwareBytes and if so, how is the updating? The reason I ask is apparently I've been spoiled with the virus programs, etc. automatically updating. I had been using the free version of SuperAntiSpyware and got tired of having to update it manually. I checked the settings, etc. and saw that with the paid version it would update at startup and every 8 hours. It had such good reviews so I trusted it and made the mistake of purchasing it. But, AFTER I had purchased it, I found out that if you're not online when it tries to update, you're out of LUCK. If you get an update, you have to do it manually. I had assumed it would try again if I wasn't online when it tried but I was wrong. How does the purchased version of MalwareBytes update work? Do I have to be online at the right time with it or if I'm not, will it try again later? I was no better off with the paid version of SuperAntiSpyware and I don't want to make that mistake again. THANKS for your time.I don't understand. When you do go online SAS will ALWAYS notify there is an update if there is one more current than what you are running. All you have to do is click on update. Why PURCHASE another product?Quote from: Allan on June 07, 2010, 09:35:21 AM

I don't understand. When you do go online SAS will always notify there is an update if there is one more current than what you are running. All you have to do is click on update. Why purchase another product?

I've never had a problem with SAS notifying me of updates.

If you go to their websites you will see there is more functionality in the paid versions, not just the automatic updates. My OS is scheduled for automatic updates but if my computer is not on at that time, I will get a message that there are updates waiting the next time I turn on my computer. The way around this it to leave your computer on 24/7 which is a bad practice, green planet wise.

Hi... I posted this in the hardware section and was told to poast here instead:

okay, let me start by saying that my computer expertise is EXTREMELY limited, (we're talking turn on turn off). A few weeks ago I tried to trun on my desktop and when I logged on it would start to do so and then log me back off. I had someone look at it and we were able to get it logged on. Now whenever I click on a link that opens a new window the computer freezes up. The only thing I can do is open the task manager and end task. The I start over. The same thing happens when I enter anything into the address bar. I dont have money to have someone look at it and charge me an ARM and a leg but I need this fixed. Any advice would be incredibly helpful.

I have a HP Pavillion a1102n. Any other INFO you need you will have to walk me along to find it, cause as I said, I am NOT a compter person.

Thank you

KariHello, your comment has been removed. Please do not post malware advice, or post here in the malware forum, unless you need help. If you want to help, please go here. Superdave.Hello and welcome to Computer HOPE Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this ISSUE on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose. Please let me know how you manage with this?Hi, sorry but I cannot get onto my computer at all now. I just say your post and have not been able to do anything. When I turn the power on the computer starts to boot up and then the screen goes blank and the monitor says "monitor going to sleep" and it starts over. It just continues to cycle through and never actually starts. I borrowed a friends laptop but i have tons of things that I need on my compter. Help please!

KariQuote

Hi, sorry but I cannot get onto my computer at all now. I just say your post and have not been able to do anything. When I turn the power on the computer starts to boot up and then the screen goes blank and the monitor says "monitor going to sleep" and it starts over. It just continues to cycle through and never actually starts. I borrowed a friends laptop but i have tons of things that I need on my compter. Help please!
Kari

Quote from: tgp1994 on June 10, 2010, 09:45:17 AM

Well, ya, of course I ran them Some of the installers I tried just popped up a meaningless error message, while others ran, taking about 90%+ of the CPU, but still ended up doing nothing.

I was mainly looking for a trojan that would download other viruses

THIS IS THE OTL.TXT



OTL logfile created on: 6/2/2010 10:02:13 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = E:\COMBOFIX
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.94 Gb Total Space | 239.18 Gb Free Space | 83.65% Space Free | PARTITION Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 0.61 Gb Free Space | 32.51% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer NAME: BERNABES-PC
Current User Name: Bernabe's
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - E:\COMBOFIX\OTL.exe (OldTimer Tools)
PRC - C:\Users\Bernabe's\AppData\Roaming\GameRanger\GameRanger\Data\GameRanger.exe (GameRanger Technologies)
PRC - C:\Users\Bernabe's\AppData\Local\Temp\cem6l.exe ()
PRC - C:\Users\Bernabe's\AppData\Local\Temp\Xcl.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
PRC - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\ltmoh\ltmoh.exe (LSI Corp.)


========== Modules (SafeList) ==========

MOD - E:\COMBOFIX\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (Thpsrv) -- C:\Windows\SysNative\ThpSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (RSELSVC) -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe (TOSHIBA Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\rswin_3697.dll ()
SRV - (fsssvc) -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (cfWiMAXService) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe (TOSHIBA CORPORATION)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ConfigFree Gadget Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe (TOSHIBA CORPORATION)
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 20:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ConfigFree Service) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (rtl8192se) -- C:\Windows\SysNative\drivers\rtl8192se.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (BHDrvx64) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\BHDrvx64.sys (Symantec Corporation)
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\symtdi.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1008000.029\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (risdpcie) -- C:\Windows\SysNative\drivers\risdpe64.sys (REDC)
DRV:64bit: - (PMCF) -- C:\Windows\SysNative\drivers\PMCF.sys ()
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (Thpevm) -- C:\Windows\SysNative\drivers\Thpevm.sys (TOSHIBA Corporation)
DRV:64bit: - (Thpdrv) -- C:\Windows\SysNative\drivers\thpdrv.sys (TOSHIBA Corporation)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100116.002\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

FF - HKLM\software\mozilla\Firefox\Extensions\\[emailprotected]: C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/01/05 00:08:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/01/05 00:08:21 | 000,000,000 | ---D | M]

[2010/01/04 23:56:42 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files (x86)\ToggleEN\tbTog1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files (x86)\ToggleEN\tbTog1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (LSI Corp.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe File not found
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [Camtasia Recorder] C:\Program Files (x86)\TechSmith\Camtasia Studio 6\CamRecorder.exe (TechSmith Corporation)
O4 - HKCU..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Users\Bernabe's\AppData\Local\Temp\cem6l.exe ()
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Bernabe's\AppData\Local\Temp\Xcl.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MyTOSHIBA] C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe (TOSHIBA)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Bernabe's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameRanger.lnk = C:\Users\Bernabe's\AppData\Roaming\GameRanger\GameRanger\Data\GameRanger.exe (GameRanger Technologies)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM WINLOGON: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ecdc12ef-ed14-11de-9fab-90e6ba02d3e3}\Shell - "" = AutoRun
O33 - MountPoints2\{ecdc12ef-ed14-11de-9fab-90e6ba02d3e3}\Shell\AutoRun\command - "" = E:\start.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/02 09:53:22 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\49253DE2FC994BE399A4DAB01A8E6088.TMP
[2010/06/01 22:23:03 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\Desktop\PRIVATE FILE
[2010/06/01 21:29:47 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Roaming\Malwarebytes
[2010/06/01 21:29:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2010/06/01 21:29:34 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2010/06/01 21:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/06/01 21:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/01 21:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/06/01 20:06:09 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/01 20:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/01 20:06:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SASCORE
[2010/05/31 20:22:40 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/05/31 20:06:51 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Local\ElevatedDiagnostics
[2010/05/31 13:22:06 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Local\nltnjatoq
[2010/05/31 13:21:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/05/29 16:49:18 | 000,000,000 | ---D | C] -- C:\OtsLabs
[2010/05/29 13:32:53 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Roaming\WinRAR
[2010/05/29 13:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/05/29 00:39:19 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\Tracing
[2010/05/29 00:38:32 | 000,061,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fssfltr.sys
[2010/05/29 00:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/05/29 00:38:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/05/24 23:19:15 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\Documents\Camtasia Studio
[2010/05/24 23:19:09 | 000,107,864 | ---- | C] (TechSmith Corporation) -- C:\windows\SysWow64\tsccvid.dll
[2010/05/24 23:19:07 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\QuickTime
[2010/05/24 23:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TechSmith Shared
[2010/05/24 23:18:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2010/05/24 20:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMedix Gamebox
[2010/05/24 20:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameBox
[2010/05/24 18:02:11 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Roaming\Apple Computer
[2010/05/24 18:02:11 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Local\Apple Computer
[2010/05/24 18:02:00 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\GEARAspi64.dll
[2010/05/24 18:02:00 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysWow64\GEARAspi.dll
[2010/05/24 18:02:00 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2010/05/24 18:02:00 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2010/05/24 18:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/24 18:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/05/24 18:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/24 18:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/05/24 18:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/05/24 18:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/05/24 18:00:43 | 000,000,000 | ---D | C] -- C:\Users\Bernabe's\AppData\Local\Apple
[2010/05/24 18:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/05/24 18:00:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/24 18:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/24 18:00:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/05/24 18:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/05/24 18:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010/05/23 22:19:41 | 000,000,000 | ---D | C] -- C:\Fraps
[2010/05/22 18:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Redbana
[2010/05/22 18:41:19 | 1418,355,454 | ---- | C] (Macrovision Corporation) -- C:\Users\Bernabe's\Desktop\Setup_America.exe
[2010/05/18 10:26:13 | 002,942,976 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Bernabe's\Desktop\SUPERAntiSpyware.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Bernabe's\*.tmp files -> C:\Users\Bernabe's\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/02 10:03:38 | 002,097,152 | -HS- | M] () -- C:\Users\Bernabe's\ntuser.dat
[2010/06/02 09:54:39 | 000,015,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/02 09:54:39 | 000,015,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/02 09:54:31 | 000,000,104 | ---- | M] () -- C:\Users\Bernabe's\Desktop\Control Panel - Shortcut.lnk
[2010/06/02 09:47:42 | 000,000,302 | -H-- | M] () -- C:\windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/06/02 09:47:38 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/02 09:47:15 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/06/02 09:47:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/06/02 09:47:09 | 3192,262,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/02 09:46:26 | 001,665,669 | -H-- | M] () -- C:\Users\Bernabe's\AppData\Local\IconCache.db
[2010/06/02 00:15:38 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2010/06/02 00:15:38 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2010/06/02 00:15:38 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2010/06/01 23:36:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/01 22:42:57 | 000,001,454 | ---- | M] () -- C:\Users\Bernabe's\Desktop\Internet Explorer.lnk
[2010/06/01 21:29:38 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/01 21:24:31 | 000,002,104 | ---- | M] () -- C:\Users\Bernabe's\Desktop\HijackThis.lnk
[2010/06/01 20:06:06 | 000,001,385 | ---- | M] () -- C:\Users\Bernabe's\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/31 18:55:41 | 000,003,224 | ---- | M] () -- C:\bootsqm.dat
[2010/05/31 14:49:04 | 000,000,355 | ---- | M] () -- C:\Users\Bernabe's\Desktop\Computer - Shortcut.lnk
[2010/05/31 12:41:30 | 000,001,786 | ---- | M] () -- C:\Users\Bernabe's\Desktop\Audition.lnk
[2010/05/30 13:58:23 | 000,041,530 | ---- | M] () -- C:\Users\Bernabe's\Desktop\BASTA.wlmp
[2010/05/30 03:33:28 | 000,003,584 | ---- | M] () -- C:\Users\Bernabe's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/29 20:29:00 | 000,000,506 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Bernabe's.job
[2010/05/29 00:54:52 | 000,001,304 | ---- | M] () -- C:\Users\Bernabe's\Desktop\Windows Live Movie Maker.lnk
[2010/05/24 23:35:44 | 000,002,581 | ---- | M] () -- C:\Users\Bernabe's\Desktop\Camtasia Recorder.lnk
[2010/05/24 23:18:57 | 000,002,575 | ---- | M] () -- C:\Users\Bernabe's\Desktop\Camtasia Studio.lnk
[2010/05/24 18:02:06 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/18 10:26:13 | 002,942,976 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Bernabe's\Desktop\SUPERAntiSpyware.exe
[2010/05/11 19:19:22 | 000,010,461 | ---- | M] () -- C:\Users\Bernabe's\Documents\THE BOOKFAIR AT SCOOL.docx
[2010/05/11 18:56:25 | 000,012,070 | ---- | M] () -- C:\Users\Bernabe's\Documents\Rules In School.docx
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Bernabe's\*.tmp files -> C:\Users\Bernabe's\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/02 09:54:31 | 000,000,104 | ---- | C] () -- C:\Users\Bernabe's\Desktop\Control Panel - Shortcut.lnk
[2010/06/01 22:42:57 | 000,001,454 | ---- | C] () -- C:\Users\Bernabe's\Desktop\Internet Explorer.lnk
[2010/06/01 21:29:38 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/01 21:22:21 | 000,002,104 | ---- | C] () -- C:\Users\Bernabe's\Desktop\HijackThis.lnk
[2010/06/01 20:06:06 | 000,001,385 | ---- | C] () -- C:\Users\Bernabe's\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/05/31 18:55:41 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2010/05/31 14:49:04 | 000,000,355 | ---- | C] () -- C:\Users\Bernabe's\Desktop\Computer - Shortcut.lnk
[2010/05/31 13:21:00 | 000,000,302 | -H-- | C] () -- C:\windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/30 03:41:54 | 000,041,530 | ---- | C] () -- C:\Users\Bernabe's\Desktop\BASTA.wlmp
[2010/05/29 00:54:52 | 000,001,304 | ---- | C] () -- C:\Users\Bernabe's\Desktop\Windows Live Movie Maker.lnk
[2010/05/24 23:35:44 | 000,002,581 | ---- | C] () -- C:\Users\Bernabe's\Desktop\Camtasia Recorder.lnk
[2010/05/24 23:31:40 | 000,003,584 | ---- | C] () -- C:\Users\Bernabe's\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 23:18:57 | 000,002,575 | ---- | C] () -- C:\Users\Bernabe's\Desktop\Camtasia Studio.lnk
[2010/05/24 18:02:06 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/22 18:44:10 | 000,001,786 | ---- | C] () -- C:\Users\Bernabe's\Desktop\Audition.lnk
[2010/05/11 19:19:22 | 000,010,461 | ---- | C] () -- C:\Users\Bernabe's\Documents\THE BOOKFAIR AT SCOOL.docx
[2010/05/11 00:38:45 | 000,012,070 | ---- | C] () -- C:\Users\Bernabe's\Documents\Rules In School.docx
[2010/02/22 22:59:08 | 000,000,621 | ---- | C] () -- C:\windows\SysWow64\Franklin Access Manager.ini
[2009/12/19 18:15:19 | 000,000,013 | RHS- | C] () -- C:\windows\SysWow64\drivers\fbd.sys
[2009/09/24 09:16:35 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009/12/20 21:02:04 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\DragonicaSCB
[2010/01/30 16:13:27 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\GameRanger
[2010/04/12 20:35:14 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\TOSHIBA
[2009/12/20 00:03:31 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\Ulead Systems
[2009/12/19 18:14:59 | 000,000,000 | ---D | M] -- C:\Users\Bernabe's\AppData\Roaming\WinBatch
[2010/06/02 09:39:43 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/06/02 09:47:42 | 000,000,302 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

========== Purity Check ==========


< End of report >
THIS IS THE EXTRAS



OTL Extras logfile created on: 6/2/2010 10:02:13 AM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = E:\COMBOFIX
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 69.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.94 Gb Total Space | 239.18 Gb Free Space | 83.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.87 Gb Total Space | 0.61 Gb Free Space | 32.51% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BERNABES-PC
Current User Name: Bernabe's
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}" = Dolby Control Center
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{5AC309D7-93D6-418F-8DCA-DD710724A5B4}" = Windows Live Family Safety
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"LTMOH" = LSI V92 MOH Application
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}" = MyToshiba
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.06.03.02
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3D281B1C-BF39-4893-B32A-EAB3B84BDE34}" = Audition
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}" = NetZero Launcher
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9FE10246-A876-4979-B345-CADE6863BD8E}" = TOSHIBA Supervisor Password
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C12A198C-E751-4729-839A-8FA07CF941C1}_is1" = Dragonica
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D5D8637D-FA1C-4CAD-91FC-4ADB1C284A21}" = TOSHIBA Hardware Setup
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = SKYPE Launcher
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = Toshiba Quality Application
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice GUARD
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = DVD MovieFactory for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"ToggleEN Toolbar" = ToggleEN Toolbar
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/30/2010 9:40:39 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 5/30/2010 9:40:39 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 5/30/2010 9:43:27 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 5/30/2010 9:43:27 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 5/30/2010 10:27:46 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 5/30/2010 10:27:46 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 5/30/2010 10:28:56 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 5/30/2010 10:28:56 PM | Computer Name = Bernabes-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 5/31/2010 2:59:50 AM | Computer Name = Bernabes-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.107:49152 4 Bernabes-PC.local.
Addr 192.168.0.107

Error - 5/31/2010 2:59:50 AM | Computer Name = Bernabes-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 4 Bernabes-PC.local.
Addr 192.168.0.101

[ System Events ]
Error - 5/31/2010 10:26:44 PM | Computer Name = Bernabes-PC | Source = DCOM | ID = 10005
Description =

Error - 5/31/2010 11:08:03 PM | Computer Name = Bernabes-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/31/2010 11:08:09 PM | Computer Name = Bernabes-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/31/2010 11:08:15 PM | Computer Name = Bernabes-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/31/2010 11:08:21 PM | Computer Name = Bernabes-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/31/2010 11:08:29 PM | Computer Name = Bernabes-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/31/2010 11:08:35 PM | Computer Name = Bernabes-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/31/2010 11:08:41 PM | Computer Name = Bernabes-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/31/2010 11:08:47 PM | Computer Name = Bernabes-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 5/31/2010 11:10:50 PM | Computer Name = Bernabes-PC | Source = NetBT | ID = 4321
Description = The name "BERNABES-PC :0" could not be registered on the interface
with IP address 192.168.0.101. The computer with the IP address 192.168.0.107 did
not allow the name to be claimed by this computer.


< End of report >Please read here for more information about WildTangent. Your choice if you want to remove it or not.

If you choose to follow my advice, please follow these instructions.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

•WildTangent Web Driver, WildTangent Games or anything else related to WildTangent.

==================================

Add or Remove Programs

1. Click on the Windows Start button and click on the Control Panel
2. In the Control Panel window, double-click Programs and Features icon.
3. When the Programs and Features window has fully populated, check for GameBox and uninstall it. It is a malicious program.

=======================================

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O4 - HKCU..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Users\Bernabe's\AppData\Local\Temp\cem6l.exe ()
  O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Bernabe's\AppData\Local\Temp\Xcl.exe ()
  
  :files
  C:\Users\Bernabe's\AppData\Local\Temp\cem6l.exe ()
  C:\Users\Bernabe's\AppData\Local\Temp\Xcl.exe ()
  C:\Users\Bernabe's\49253DE2FC994BE399A4DAB01A8E6088.TMP
  
  :commands
  [resethosts]
  [purity]
  [clearrestorepoints]
  [emptytemp]
  [start explorer]
  
  
  
• Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

And for the files that you made me download pls tell me what to do with them?

Can i just delete them manually cause i cant find OTC.exe and for the control panel I cant find "System Maintenance".

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the CONTENT of the following codebox into the main textfield:
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the RESULTS of the scan. Please POST this log in your next reply.

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

About a week and a half ago, I was downloading a toolbar and some malware[at least I'm farily certain it's a malware.] infected my desktop; which now cannot connect to the INTERNET. I'm writing this on my laptop.
Back to when the malware infected- I ran Malware-Bytes Anti Malware, then I ran Spybot S&D after to make sure. Even after running them my computer was still funky, and so I did a system restore. Right after that, my computer stopped being able to connect to the internet and the taskbar is that gray taskbar old computers used to have, and I cannot CHANGE it.

Just today I was trying to scan something with my scanner, I told my printer to scan from my computer, and it gave me a weird message saying "The specified type cannot be found in the image FILE." I'm not sure if that is related at all, but thought it might be. Oh, and my computer also won't hibernate. I'll click on the hibernate option, and it'll go to the bluish screen that says "Preparing to hibernate", but then it'll go back to the desktop like normal and won't hibernate. Please go to this link and follow the directions and post the required logs. Hello, your comment has been removed. Please do not post malware ADVICE, or post here in the malware forum, unless you NEED help. If you want to help, please go here. Superdave.

I'd like some RECOMMENDATIONS for the BEST internet security software, either free or not. My NORTON subscription is about to run out and I've had trouble renewing it. At this point, I'm ready to TRY a new supplier.

ThanksClose this post, PLEASE. I found the information I needed. Thanks

Here is the RootRepeal Log.

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:2010/06/08 20:16
Program Version:Version 1.3.5.0
Windows Version:Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF75A8000Size: 187776File Visible: -Signed: Yes
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000Size: 2260992File Visible: -Signed: Yes
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB6A40000Size: 138496File Visible: -Signed: Yes
Status: -

Name: ASACPI.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ASACPI.sys
Address: 0xF79C5000Size: 5152File Visible: -Signed: Yes
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF749A000Size: 96512File Visible: -Signed: Yes
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF065000Size: 626688File Visible: -Signed: Yes
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000Size: 339968File Visible: -Signed: Yes
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB8F4B000Size: 3891200File Visible: -Signed: Yes
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF1CD000Size: 3821568File Visible: -Signed: Yes
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF0FE000Size: 540672File Visible: -Signed: Yes
Status: -

Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBF182000Size: 307200File Visible: -Signed: Yes
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF572000Size: 2670592File Visible: -Signed: Yes
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000Size: 286720File Visible: -Signed: Yes
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xF7A68000Size: 3072File Visible: -Signed: Yes
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79D7000Size: 4224File Visible: -Signed: Yes
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000Size: 12288File Visible: -Signed: Yes
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF7517000Size: 63744File Visible: -Signed: Yes
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xF76A7000Size: 62976File Visible: -Signed: Yes
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF7637000Size: 53248File Visible: -Signed: Yes
Status: -

Name: cmdguard.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
Address: 0xB6B64000Size: 222208File Visible: -Signed: Yes
Status: -

Name: cmdhlp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
Address: 0xF777F000Size: 18304File Visible: -Signed: Yes
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7627000Size: 36352File Visible: -Signed: Yes
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF74B2000Size: 153344File Visible: -Signed: Yes
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF798D000Size: 5888File Visible: -Signed: Yes
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7507000Size: 61440File Visible: -Signed: Yes
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB6BAF000Size: 12288File Visible: -Signed: Yes
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000Size: 73728File Visible: -Signed: Yes
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xB651D000Size: 4096File Visible: -Signed: Yes
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xF77F7000Size: 27392File Visible: -Signed: Yes
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA750000Size: 44544File Visible: -Signed: Yes
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xF7757000Size: 20480File Visible: -Signed: Yes
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF747A000Size: 129792File Visible: -Signed: Yes
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79D5000Size: 7936File Visible: -Signed: Yes
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74D8000Size: 125056File Visible: -Signed: Yes
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806FF000Size: 134400File Visible: -Signed: Yes
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB8F0F000Size: 163840File Visible: -Signed: Yes
Status: -

Name: HdAudio.sys
Image Path: C:\WINDOWS\system32\drivers\HdAudio.sys
Address: 0xB6CE2000Size: 131072File Visible: -Signed: Yes
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA710000Size: 36864File Visible: -Signed: Yes
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xB9341000Size: 28672File Visible: -Signed: Yes
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB8E0D000Size: 10368File Visible: -Signed: Yes
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB2D37000Size: 265728File Visible: -Signed: Yes
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xB9D73000Size: 52480File Visible: -Signed: Yes
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xF7697000Size: 42112File Visible: -Signed: Yes
Status: -

Name: inspect.sys
Image Path: inspect.sys
Address: 0xF743D000Size: 80512File Visible: -Signed: Yes
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF798B000Size: 5504File Visible: -Signed: Yes
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xB9D83000Size: 36352File Visible: -Signed: Yes
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xB6AB2000Size: 152832File Visible: -Signed: Yes
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB6B31000Size: 75264File Visible: -Signed: Yes
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000Size: 37248File Visible: -Signed: Yes
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xF77FF000Size: 24576File Visible: -Signed: Yes
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000Size: 8192File Visible: -Signed: Yes
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xB280B000Size: 172416File Visible: -Signed: Yes
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB8E7D000Size: 143360File Visible: -Signed: Yes
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF7451000Size: 92928File Visible: -Signed: Yes
Status: -

Name: lknuhst.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lknuhst.sys
Address: 0xBA6F6000Size: 12032File Visible: -Signed: No
Status: -

Name: lknuhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lknuhub.sys
Address: 0xF7547000Size: 39424File Visible: -Signed: No
Status: -

Name: mfehidk.sys
Image Path: C:\WINDOWS\system32\drivers\mfehidk.sys
Address: 0xB2EF1000Size: 164672File Visible: -Signed: Yes
Status: -

Name: mferkdk.sys
Image Path: C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys
Address: 0xF7787000Size: 25088File Visible: -Signed: Yes
Status: -

Name: mfetdik.sys
Image Path: C:\WINDOWS\system32\drivers\mfetdik.sys
Address: 0xBA780000Size: 45376File Visible: -Signed: Yes
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79D9000Size: 4224File Visible: -Signed: Yes
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xF7817000Size: 23040File Visible: -Signed: Yes
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xB8E09000Size: 12160File Visible: -Signed: Yes
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7607000Size: 42368File Visible: -Signed: Yes
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB69A5000Size: 455680File Visible: -Signed: Yes
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF776F000Size: 19072File Visible: -Signed: Yes
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xF76F7000Size: 35072File Visible: -Signed: Yes
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA6FA000Size: 15488File Visible: -Signed: Yes
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF787D000Size: 105344File Visible: -Signed: Yes
Status: -

Name: NDIS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\NDIS.SYS
Address: 0xF7410000Size: 182656File Visible: -Signed: Yes
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA7C0000Size: 10112File Visible: -Signed: Yes
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB40DC000Size: 14592File Visible: -Signed: Yes
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB8E66000Size: 91520File Visible: -Signed: Yes
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF7557000Size: 40576File Visible: -Signed: Yes
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBA760000Size: 34688File Visible: -Signed: Yes
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB6A62000Size: 162816File Visible: -Signed: Yes
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF7777000Size: 30848File Visible: -Signed: Yes
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000Size: 574976File Visible: -Signed: Yes
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000Size: 2260992File Visible: -Signed: Yes
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF7AAE000Size: 2944File Visible: -Signed: Yes
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB8EA0000Size: 80128File Visible: -Signed: Yes
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000Size: 19712File Visible: -Signed: Yes
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF79B9000Size: 6784File Visible: -Signed: Yes
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7597000Size: 68224File Visible: -Signed: Yes
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF7A4F000Size: 3328File Visible: -Signed: Yes
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000Size: 28672File Visible: -Signed: Yes
Status: -

Name: pnarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\pnarp.sys
Address: 0xB66E3000Size: 18560File Visible: -Signed: Yes
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000Size: 2260992File Visible: -Signed: Yes
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB6CBE000Size: 147456File Visible: -Signed: Yes
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB8E55000Size: 69120File Visible: -Signed: Yes
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xF7807000Size: 17792File Visible: -Signed: Yes
Status: -

Name: purendis.sys
Image Path: C:\WINDOWS\system32\DRIVERS\purendis.sys
Address: 0xB66DB000Size: 19840File Visible: -Signed: Yes
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xBA7E4000Size: 8832File Visible: -Signed: Yes
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xF76C7000Size: 51328File Visible: -Signed: Yes
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xF76D7000Size: 41472File Visible: -Signed: Yes
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xF76E7000Size: 48384File Visible: -Signed: Yes
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xF780F000Size: 16512File Visible: -Signed: Yes
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000Size: 2260992File Visible: -Signed: Yes
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB6A15000Size: 175744File Visible: -Signed: Yes
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79DB000Size: 4224File Visible: -Signed: Yes
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB8E25000Size: 196224File Visible: -Signed: Yes
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xF76B7000Size: 57600File Visible: -Signed: Yes
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB3622000Size: 49152File Visible: NoSigned: No
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBA7C8000Size: 15744File Visible: -Signed: Yes
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xB9D63000Size: 64512File Visible: -Signed: Yes
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF7468000Size: 73472File Visible: -Signed: Yes
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB369A000Size: 353792File Visible: -Signed: Yes
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xBA740000Size: 53248File Visible: -Signed: Yes
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xF79C7000Size: 4352File Visible: -Signed: Yes
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB3FD8000Size: 60800File Visible: -Signed: Yes
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB6AD8000Size: 361600File Visible: -Signed: Yes
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF7717000Size: 20480File Visible: -Signed: Yes
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xF7587000Size: 40704File Visible: -Signed: Yes
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB8D9F000Size: 384768File Visible: -Signed: Yes
Status: -

Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xBA730000Size: 60032File Visible: -Signed: Yes
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xF778F000Size: 32128File Visible: -Signed: Yes
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xF79D1000Size: 8192File Visible: -Signed: Yes
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xF77EF000Size: 30208File Visible: -Signed: Yes
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA7A0000Size: 59520File Visible: -Signed: Yes
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB8EB4000Size: 147456File Visible: -Signed: Yes
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xF77E7000Size: 20608File Visible: -Signed: Yes
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF7767000Size: 20992File Visible: -Signed: Yes
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8F37000Size: 81920File Visible: -Signed: Yes
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7617000Size: 52352File Visible: -Signed: Yes
Status: -

Name: VX6000Xp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
Address: 0xB6798000Size: 2068480File Visible: -Signed: Yes
Status: -

Name: VX6KCamd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\VX6KCamd.sys
Address: 0xB9349000Size: 28672File Visible: -Signed: Yes
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBA770000Size: 34560File Visible: -Signed: Yes
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF7797000Size: 20480File Visible: -Signed: Yes
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB3E4B000Size: 83072File Visible: -Signed: Yes
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000Size: 1851392File Visible: -Signed: Yes
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000Size: 1851392File Visible: -Signed: Yes
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xF7989000Size: 8192File Visible: -Signed: Yes
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000Size: 2260992File Visible: -Signed: Yes
Status: -



[recovering disk space - old attachment deleted by admin]How is your computer running now? Any more redirects?No more redirects. Everything seems to be running fine. My gf said she had some pop ups yesterday. I wasn't home but it wasn't the fake security alerts. I have been able to update XP so overall I think I am in good shape.

I wonder about IO Bit Advanced System Care and if it really helps or not and about switching McAfee for one of the anti virus products recommended here.

I really appreciate your help and input, thanks.Well, that sound good. Let's run one more scan and if that comes up clean, we'll do some clean-up. I'll have some more suggestions about how to keep your computer safe in the clean-up speech.

I'd like us to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

what/s it mean when a "topic is locked" i asked aquestion about au.exe but got a reply that it/s been locked by "super dave " who/s super daveYou should post a question once only. Second or third threads ASKING the same question will get locked.
i did ask the question only once still has/nt been answered may-be no one knowsmaybe the topic was agains the forum RULES ? The post is clearly marked as double posted.i asked in spyware &VIRUS forum what is "au.exe" can/t see any probs with that questionYou should not post the same question more than once.o.k. i/m sorry it/ll never happen again i asked it months AGO & FORGOT, thought it might have got lost in the internet universeNo harm done. If you post a question that isn't answered after a period of time, you can always "bump" it. o.k. how do i bump my question about au.exe might get answer if i bump it!Just make a new reply with the word "bump" in the reply.

Please delete this one: ALCMTR.EXE C\WINDOWS It is spyware installed with Realtek AC97 Audio.OK..IHOPE I removed everything properly from HIJACK THIS step. Not all of them were on the scan all but I think I deleted all of he ones tht matches your list. Here is the new log, just in case:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:00 AM, on 6/3/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Protector Suite QL\menusw.exe
D:\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {E2739AFF-FA40-4527-9A19-DE81795C2C03} (MSN Money Ticker) - http://moneycentral.msn.com/cabs/ticker.cab
O20 - Winlogon NOTIFY: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 10024 bytes
Results from SecurityCheck

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
SonicStage Mastering Studio Audio Filter Custom Preset
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 11
Out of date Java installed!
Adobe Flash Player 10.0.12.36
Adobe Reader 7.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

``````````End of Log````````````
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to CLOSE ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To DISABLE the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

=============================

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

============================

After you do these, please download and run ComboFix.OK..updated my Java.

Where can I get CCleaner to run it?
Thanks again SuperDave!
Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes.[/I] Exit CCleaner after it has completed it's process.

OK...I've DONE it all!! Am I clean now? Can we declare victory?

SuperDave, you are my hero!!
I hope you wear a cape (I mean a girl REALLY likes a hero that wears a cape!)
Seriously..thank you so much.
Desperate Girl Yes, I would say that your computer is clean as all our scans can make it. I used to wear a cape but I discarded it when everyone was staring at me. Good luck.Deleted.Ignore the post from Kristain and just stay with SuperDave* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

=============================

Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

==============================

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

=============================

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Hi great CH members.

I am in need for your geneoristy. After a full scan of my pc, i found this virus W32.Silly FDC (Two of it). Norton states that its risk level is high and it can't be removed so it suggests a reveiw of the virus. That's all. Plz help me how to get rid of it without losing any of my files.

BTW, i ve Windows Vista which is protected by Norton and i run a regular update for the Windows and the Norton. I believed that this is all i need to do to protect my pc. I seem to be mistaken after all

I'd highly appreciate it. Thanks in advance Print these instructions out.

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner OPTIONS make sure the following are checked (leave all others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
o Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.Are procedures followed for desktop pc the same as for laptop? coz this problem is in my laptop!!Same thing.This's Superantispyware log.....

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/19/2008 at 11:58 AM

Application Version : 4.15.1000

Core Rules Database Version : 3485
Trace Rules Database Version: 1476

Scan type : Complete Scan
Total Scan Time : 00:44:07

Memory items scanned : 221
Memory threats detected : 0
Registry items scanned : 7064
Registry threats detected : 0
File items scanned : 87478
File threats detected : 18

Adware.Tracking Cookie
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][2].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected][1].txt
C:\Users\MoOnYzoOmy\AppData\Roaming\Microsoft\Windows\Cookies\Low\[emailprotected]lfusion[2].txt
.doubleclick.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
rotator.adjuggler.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
rotator.adjuggler.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.statcounter.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.statcounter.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.statcounter.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.tribalfusion.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
www7.addfreestats.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.toplist.cz [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.adbrite.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.adbrite.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
*Blocked Russian URL* [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.advertising.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.advertising.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.advertising.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.advertising.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.advertising.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.fastclick.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.2o7.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.eb.adbureau.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.ads.pointroll.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.atdmt.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.pro-market.net [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.webstats4u.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
eas.apm.emediate.eu [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.track.webgains.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.apmebf.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.mediafire.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.mediafire.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.mediafire.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
linkto.mediafire.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
linkto.mediafire.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
linkto.mediafire.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.clickaider.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.smileycentral.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.smileycentral.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.maxserving.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.ads.bridgetrack.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.mywebsearch.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.mywebsearch.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.mywebsearch.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.mywebsearch.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.mywebsearch.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
.mywebsearch.com [ C:\Users\MoOnYzoOmy\AppData\Roaming\Mozilla\Firefox\Profiles\e3cagx8g.default\cookies.txt ]
Hi there,

While performing full scan by Malwarebytes' Anti-Malware, my computer has encountered an unexpected shutdown. After recovering from the shutdown, windows asked for checking solution online but I didn't coz i wanna ask you first if it's ok and what the problem is.

BTW while scanning, the internet was connected. Should I disconnect before scanning or what?

What shall I do now?

My Regards, Similar thing happened on ONE of my client's infected computer.
Try running scan one more time.
If it doesn't WORK, try Safe Mode.
If that doesn't work, post HJT log from Normal Mode.It works on the safe mode,

Here's the log...

Malwarebytes' Anti-Malware 1.17
Database version: 869

11:18:33 20/06/08 a.m
mbam-log-6-20-2008 (11-18-33).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 127199
Time elapsed: 18 minute(s), 18 second(s)

Memory PROCESSES Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Here's HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:53 a.m, on 20/06/08
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [HWSetup] \HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: إرسال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: إر&سال إلى OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?EN (file missing)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11512 bytes
Now what?

I've noticed that empty shortcuts are everywhere. Also i've found many created system files, files with dat and ini extensions which weren't there before. Quote

I've noticed that empty shortcuts are everywhere. Also i've found many created system files, files with dat and ini extensions which weren't there before.

Quote

I've noticed that empty shortcuts are everywhere. Also i've found many created system files, files with dat and ini extensions which weren't there before.

You'll have to elaborate little bit more on the above.

have to upload ONE more updateResults of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG Free 9.0
ESET Online Scanner v3
Sunbelt Kerio Personal Firewall
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HDCleaner
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6 Update 1
Adobe Flash Player 10.0.45.2
Adobe READER 9.3
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Sunbelt Software Personal Firewall 4 kpf4ss.exe
Sunbelt Software Personal Firewall 4 kpf4gui.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
That looks good. If there are no other issues, it's time for some clean-up.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type commy /uninstall in the runbox
* Make sure there's a space between commy and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

==============================

Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

============================

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run UNINTERRUPTED until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

============================

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will KEEP you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. GUIDE: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Hi all, I really want to uninstall AVG 8.0.437 (FREE edition), but it wouldn't: everytime I lunch the program's uninstaller (or using the Windows Add/Remove PROGRAMS) it always tells me Uninstall failed, 1 error occured, and that is...
Local machine: installation failed
Installation:
Error: Action failed for file avgemc.exe: creating backup....
Error 0x80070002 %DESTINATION% = "C:\Program Files\AVG\AVG8\avgemc.exe.install_backup_1", %SOURCE% = "C:\Program Files\AVG\AVG8\avgemc.exe"
Please TELL me what to do! I use Windows XP Home Edition SP2, and I don't wanna start hating AVG: it's great, but let me have the choice. Thanks.Try Revo Uninstallerthanks Allan, that was fast! Revo lunches the program's built-in uninstaller then removes the UNNECESSARY values, so TECHNICALLY the problem is the same. Sorry, no use for Revo here.
http://forums.avg.com/us-en/avg-free-forum?sec=thread&act=show&id=89479

http://forums.avg.com/us-en/avg-free-forum?sec=thread&act=show&id=8043

Oh thanks again, Allan, it's http://forums.avg.com/ww-en/avg-free-forum?sec=thread&act=show&id=44013#post_44013
and now I can tell the truth: I'll never install it again!I'm not an advocate of free anti virus software, but if that's what you are going to use I'd suggest either Avast or Avira.

Hi everyone, i really need your help, how can i get rid of this kind of virus: MP3, VIDEOS, MUSIC.
it just appear suddenly on my desktop. and every time i open a folder their will always, MP3, VIDEOS, MUSIC that will be created.

I have an Anvira Antivir Personal (Free) antivirus. When i RUN through using my antivirus, the virus is still there. Can I have another way on deleting this kind of virus?

Furthermore, I would like also to ask if this virus will also infect windows vista, and windows 7 platforms.

By the way, my OS is windows XP.

I would really appreciate your help! Thanks! Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the APPLICATION.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is COMPLETED, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  
• Copy and paste the entire report in your next reply.

Quote

and can't WAIT to make it my default browser again, but do you think it is unsafe? I

Also, just out of curiosity, what browser do you use?

I would appreciate having an alternative (other than firefox and internet EXPLORER).

hello
is VIRUS over VMWare image can infect my PC ?
if you have exposed writable network shares a Trojan could spread through this. how can i clean virus/trojan from VMWare image? QUOTE from: k_mohsen on July 06, 2010, 01:29:16 PM

how can i clean virus/trojan from VMWare image?

if i install antivirus on VMWare Image, I have to update it.

what about sharing Drive,which OS installed, and scan it on my PC? from My Network Place?

A REINSTALL is the only true way to ever know everything is gone. With the changing results on each scan I would advise to go forward with it. Chalk it up to a learning experience. Nothing is truly free, a high percentage of cracks and such install EXTRA baggage unknowingly to users. Identity theft is not uncommon but they will steal anything they can INCLUDING all of your software keys.First of all I would like to thank you for all you help ! The replies were fast, accurate and easy to understand That's support.

But I have to add, that I didn't use that crack on this installed system, but on my old Windows Vista system. I'm actually proud to say I haven't used a single crack while USING this system.

Well then I'm off to make an nLite CD. Don't wanna go through all the crap of reinstalling all the software again.

Thanx again and cya next time No problem, Sorry we couldn't nail it down but I do think in this CASE a reinstall is the best advice we can give.

I booted up and logged on to the web, then I started getting Trojan warnings from my McAffee. I got off the web and my desk top picture went away to a default?( blue) with something wanting me to download some anti spyware stuff.
I immediately shut down, and restarted in safe mode. I ran:
AVG Antispyware
MalwareBytes anti malware.
I ran them several times in quick scan and got all kinds of stuff. (I think some of it was being reloaded after each scan)
I then ran them in full scans and went to bed. In the morning the MalwareBytes was still scanning!.
I have since ran both several more times and more stuff was found like:
Trojan FakeAlert
Trojan.Agent
Adware.Generic
Vundo
The last few scans came up clean. I ran Ccleaners Regestry tool and it found quite a few problems and it says they are fixed now. More McAffee virus scans, all good. I did a HJT scan for you to check:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:49 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [StxTrayMenu] "F:\ceedo\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Hydraquip.com
O17 - HKLM\Software\..\Telephony: DomainName = Hydraquip.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Hydraquip.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Hydraquip.com
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Seagate Sync Service - Unknown owner - F:\ceedo\Program Files\Seagate\Sync\SeaSyncServices.exe (file missing)

--
End of file - 5644 bytes

Any advise would be appreciated. I think I picked the bug up on a torrent site. Why would people act like they are sharing things, just to load this junk?
oops- I just read the underground page.
JimQuote from: jimpl on June 18, 2008, 11:40:26 AM

I think I picked the bug up on a torrent site. Why would people act like they are sharing things, just to load this junk?
Jim