Explore topic-wise InterviewSolutions in .

1. Right-click the My Computer icon on the Desktop and click Properties.
2. Click the Performance tab.
3. Click the File System button.
4. Click the Troubleshooting tab.
5. Remove the check mark next to Disable System Restore.
6. Click OK.
7. Click Yes when prompted to restart.


Then, please try the process above again.Sorry, but I don't see a Performance tab.. I see General, Computer Name, Hardware, Advanced, Automatic Updates, Remote? I'm right clicking My Computer, than properties than I'm missing something? 1. Right-click the My Computer icon on the Desktop and click Properties.
2. On the System Restore tab, uncheck Disable System Restore.

See if that helps
There isn't a system restore tab, I'm logged in as an Administrator. I don't know why its not there?Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Windows Registry Editor Version 5.00

[HKLM\Software\Policies\Microso­ft\Windows NT\SystemRestore]
"DisableSR"=-

• Please download MGADiag and save it to your desktop.
  
• Double click the icon on your desktop.
  
• Push
  
• Push
  
• Go to Start -> Run and type in "Notepad"
• Go to Edit -> Paste in notepad.
• x out all of the numbers and letters in the line beginning with "Windows Product Key:"
• Copy and paste that log here.

I've been working on a neighbors system for a few days trying to remove this pswgeneric8.QQ anyone have any experience with this one? I'll be running Hihack this this tomorrow night. Looks well written and have been OUTWITTED at most turns.

R.Hello, and welcome to COMPUTER Hope.

Please note the following information about the malware forum:

• Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall PROGRAMS, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not attach logs or post them in Quote/Code boxes unless requested.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already ASKED for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

• Save the file to your Desktop.
• Double-click on mss.exe
• Allow it to run, and follow the prompts.
• Once done, it will launch a log.
• Post it in your next reply.

I'll look you up the NEXT time I'm in HAWAII

Quote

OK - how do I MARK this ONE [solved] ?

That's good. I would say your computer is as clean as our scans can make it. Let's do some clean-up.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* SET a new, clean Restore Point.

=============================

Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

===========================

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should RESTART your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

===============================

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing CONNECTIONS. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

=================================

Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, VIRUSES and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to PREVENT spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Thank you Dave for all your time and work. My computer is running a lot better. I really appreciate this!

Alright, here is the OTM log first, scanning with ESET now. That file looked suspicious to me also when I looked at the GSI report, 58FE1887.exe. Hey man, I really appreciate the time and effort you guys spend on these forums.

All processes killed
========== FILES ==========
C:\WINDOWS\system32\58FE1887.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 74045948 bytes
->Flash cache emptied: 3408 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 802950 bytes
->Flash cache emptied: 1693 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 493 bytes
->Flash cache emptied: 4297 bytes

User: Zickes
->Temp folder emptied: 2397433 bytes
->Temporary Internet Files folder emptied: 7186538 bytes
->Java cache emptied: 68365446 bytes
->FireFox cache emptied: 62844203 bytes
->Flash cache emptied: 499146 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3353102 bytes
%systemroot%\System32 .tmp files removed: 1847313 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 278528 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 211.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 06292010_205014

Files moved on Reboot...

Registry entries deleted on Reboot...
Hello, I have just finish the ESET scan, and here is the log.

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3650 (20081128)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=abd6c213bafb4a44b0582f84f841acd5
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-11-29 07:15:28
# local_time=2008-11-29 11:15:28 (-0800, Pacific Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=692417
# found=0
# scan_time=5536

I don't know how that log will help you but here is the log of the infected files found by ESET if it helps.

C:\Qoobox\Quarantine\C\Documents and Settings\Zickes\Local Settings\Application Data\mgeohxxdo\joxqswktssd.exe.vira variant of Win32/Kryptik.FFD trojancleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\afd.sys.virWin32/Olmarik.ZC trojancleaned - quarantined
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
• Click CREATE

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are DONE
  

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will DELETE itself once it finishes.

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

• Save it to your Desktop.
• Double click SecurityCheck.exe and FOLLOW the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

• Microsoft Security Essentials: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  
• Avira Free: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software.

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

i'm running Windows XP home service pack 1.

upon startup i get 4 Trojans(according to Avira). i also get a Zone Alarm alert.
They are:

Avira:
TR/Spy.62464.55 Trojan
TR/Gendal.304896 Trojan
TR/Gendal.304896 Trojan
TR/Spy.zbo.YW.15358

Zone Alarm:
Windows Explorer is trying to act as a server

Of course i denied and closed all the alerts. i've also included my Hijackthis log. hopefully someone can help.

i also just noticed the recycle bin on my desktop is not showing the icon.

thanks




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:11 PM, on 7/5/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot MODE: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Program Files\Trend Micro\HijackThis2.0.2\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services BUTTON - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {BD31D51D-B8AD-4E64-B8CE-91AAF4DB1E54} - C:\WINDOWS\System32\byvsq.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [dmfcvtdn] C:\Documents and Settings\Big Dog\Local Settings\Application Data\iwbbwjnrm\jqrvjudtssd.exe
O4 - HKLM\..\Run: [Evuco] rundll32.exe "C:\WINDOWS\amuhegucob.dll",Startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [dmfcvtdn] C:\Documents and Settings\Big Dog\Local Settings\Application Data\iwbbwjnrm\jqrvjudtssd.exe
O4 - HKCU\..\Run: [{029289AA-FCD3-A95A-5DCF-8D3D723B1BBA}] "C:\Documents and Settings\Big Dog\Application Data\Ryxun\kulei.exe"
O4 - HKCU\..\Run: [Acarucu] rundll32.exe "C:\WINDOWS\moncodi.dll",Startup
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7932 bytes



Please VISIT this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.hi.
thanks for the redirect and the reply. here is my combofix log:



ComboFix 10-07-06.02 - Big Dog 07/07/2010 0:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.511.311 [GMT -4:00]
Running from: c:\documents and settings\Big Dog\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Big Dog\Application Data\Ryxun
c:\documents and settings\Big Dog\Application Data\Ryxun\kulei.exe
c:\documents and settings\Big Dog\Local Settings\Application Data\{F8CA3691-B7C2-467B-A3A6-DB64088DB614}
c:\documents and settings\Big Dog\Local Settings\Application Data\{F8CA3691-B7C2-467B-A3A6-DB64088DB614}\chrome.manifest
c:\documents and settings\Big Dog\Local Settings\Application Data\{F8CA3691-B7C2-467B-A3A6-DB64088DB614}\chrome\content\_cfg.js
c:\documents and settings\Big Dog\Local Settings\Application Data\{F8CA3691-B7C2-467B-A3A6-DB64088DB614}\chrome\content\overlay.xul
c:\documents and settings\Big Dog\Local Settings\Application Data\{F8CA3691-B7C2-467B-A3A6-DB64088DB614}\install.rdf
c:\documents and settings\Big Dog\Local Settings\Application Data\iwbbwjnrm\jqrvjudtssd.exe
c:\windows\amuhegucob.dll
c:\windows\moncodi.dll

.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-07-06 00:10 . 2010-07-06 00:10--------d-----w-c:\program files\Trend Micro
2010-06-22 08:45 . 2010-06-22 08:4552224----a-w-c:\documents and settings\Big Dog\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 04:27 . 2010-06-06 17:440----a-w-c:\windows\Jcepabowinewuno.bin
2010-07-07 03:53 . 2010-06-06 17:43120----a-w-c:\windows\Mxupofulo.dat
2010-07-06 00:19 . 2007-08-17 09:23--------d-----w-c:\documents and settings\Big Dog\Application Data\Apnyyh
2010-06-22 08:45 . 2009-09-14 01:13117760----a-w-c:\documents and settings\Big Dog\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-15 04:13 . 2006-04-23 04:1628242846----a-w-c:\windows\Internet Logs\tvDebug.zip
.

------- Sigcheck -------



[-] 2003-05-30 13:00 . 7BA80564F369A96AF84E3AA27E75E90B . 1634304 . . [5.3.0000001.902 built by: DIRECTX] . . c:\windows\system32\d3d9.dll

c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\xmlprov.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 4670968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-13 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-13 618496]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 755480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-10-23 98304]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-24 219136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-11-10 507965]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21548352----a-w-c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=APTRRNTm.dll
"wave"=APTRRNTm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Big Dog^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Big Dog\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-05-04 11:1688267----a-r-c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2001-09-03 03:2428672----a-w-c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2004-01-21 01:10335872----a-w-c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
2008-10-21 01:30590848----a-w-c:\progra~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2004-03-01 17:05200766----a-w-c:\program files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2004-01-16 16:16229376----a-w-c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-11-15 20:181670144----a-w-c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2004-10-23 20:3398304----a-w-c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-11-09 19:0749263----a-w-c:\program files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2006-05-14 14:42180269----a-w-c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 05:01110592----a-w-c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"

R0 avgntmgr;avgntmgr;c:\windows\system32\drivers\avgntmgr.sys [12/20/2009 9:56 AM 22360]
R1 avgntdd;avgntdd;c:\windows\system32\drivers\avgntdd.sys [12/20/2009 9:56 AM 45416]
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [12/30/2005 7:12 AM 3072]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/20/2009 9:56 AM 108289]
R3 WBSD;Winbond Secure Digital Storage (SD/MMC) Device Driver;c:\windows\system32\drivers\wbsd.sys [10/23/2004 4:20 PM 27008]
S2 mrtRate;mrtRate;

• This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.
• This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.
• No matter what is in the log, please post all the information/contents of the log.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.

• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
• Click CREATE

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

ESET Scan result:
------------------------

C:\Documents and Settings\HelpAssistant\Local Settings\Temp\jar_cache57910.tmpa variant of Java/TrojanDownloader.Agent.NAN trojandeleted - quarantined
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\jar_cache7136.tmpa variant of Java/TrojanDownloader.Agent.NAN trojandeleted - quarantined


Log file content:
--------------------
[emailprotected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17023 (vista_gdr.100222-0012)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=30832513b651c148a9e0d6094cf3eca9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-06-04 10:29:58
# local_time=2010-06-04 03:29:58 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=239584
# found=2
# cleaned=2
# scan_time=24685
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\jar_cache57910.tmpa variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined)00000000000000000000000000000000C
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\jar_cache7136.tmpa variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined)00000000000000000000000000000000C
That looks good. If there are no other issues, it's time for some clean-up

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

==============================

Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

===============================

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

============================

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com OPTIONS if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software SOLUTION. Remember to use only one firewall at the same time.

===============================

Use the Secunia Software Inspector to check for out of DATE software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of TRUST. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. GUIDE: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!
Thanks. I have not had any more issues recently. I will perform those steps and revert.SuperDev:

I installed Comodo Plus firewall and since then I did not encounter any issues. However, Firewall keeps popping up for any action that is being performed against important files.

I think firewall does learn on its own and will be fine later.

Thanks so much for your help.

Any other advice for me?

Thanks!I had that same problem when I install Comodo but now I hardly notice it. One thing I do when I'm installing a new program is to disable it and enable my Windows Firewall because Comodo can make a simple install into a 1/2 hr. ordeal.

Re-running ComboFix to remove infections:

• Close any open browsers.
• Close/disable all anti virus and anti MALWARE PROGRAMS so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

• SAVE this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please POST the contents of the log in your next reply.

Thank you very much for your assistance in CLEANING my COMPUTER. It WORKS great! Thanks again!You're WELCOME.

I have been attacked by multiple viruses. My AV, Bit Defender has blocked them but has not gotten rid of them, after waiting 4 days for their help I DECIDED to follow the steps here to remove them. I used SuperAV and found four infections, and removed them, but today the viruses came back. So I ran antiMalware and found 5( some of which MIGHT have be in quarantine. I next did a hijack log but I got a message saying "denied write access to Host file" hijack gave me instructions on how to resolve this but that didn't work. I suspect these viruses are still there. I could not cut and paste the hijack log but I did take a pic of it. I would appreciate any help .

Thank yourename hjt to snipper.exe and run

are you on win 7Yes I am on Windows7
I tried changing it to snipper exe but my pc couldn't read the exe file. It was originally downloaded as a msi file.I did rename it to snipper .msi and installed it and got the same message. I did a screen capture of the message, I also did a screen capture of the hijack results. It would not create a log file.

Thankssome additional information. When I ran the hijack the FIRST time it gave me instruction on how to by PASS the problem with the host file. It said to edit it myself but I was unable to do that too. I am now getting a message saying C/user/mark/appData/local/afoheyev.dll "specified module could not be found"
I get this message whenever I boot up. Thought this might help.win7 , right click and run as adminwin7 right, but I need a little more clarification on "right click and run as administrator".Right click what? When I install something? And if I do run as administrator what do I do next? do you mean to install something or run a virus scan? I am not that familiar with your directions.

Thankssorry , the hjt icon on the screen , right click it and click run as adim , its the only way it starts for me on win7 , worth a try If I do a right click on it I don't get any option to run as administrator. Are you TALKING about the installed program or the install file. I tried both and neither would allow me to run as administrator.

Thankssorry i dont know what else to tell , you will have to wait for a malware expert to get something else , harry

I ran superantispyware this morning and rebooted per your instructions. Once I did that, I could not open any progeam, I get the error message about .exe file being infected. So I ran rkill again since that is what enabled me to do ANYTHING yesterday.

This is the rkill log:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Lisa on 08/17/2010 at 10:36:51.


Processes terminated by Rkill or while it was running:


C:\Users\Lisa\AppData\Local\tconxtygj\yqidoqdshdw.exe
C:\Users\Lisa\Desktop\rkill.scr


Rkill completed on 08/17/2010 at 10:36:57.

Then I was able to run Super anti spyware and get the log below:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/17/2010 at 09:48 AM

Application Version : 4.41.1000

Core Rules Database Version : 5347
Trace Rules Database Version: 3159

Scan type : Complete Scan
Total Scan Time : 01:27:59

Memory items scanned : 649
Memory threats detected : 0
Registry items scanned : 16216
Registry threats detected : 0
File items scanned : 48107
File threats detected : 24

Adware.Tracking Cookie
.hitbox.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.ehg-verizon.hitbox.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.ehg-verizon.hitbox.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.ehg-verizon.hitbox.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.hitbox.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.atdmt.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.revsci.net [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.revsci.net [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.revsci.net [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.doubleclick.net [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.statcounter.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.revsci.net [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.revsci.net [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.kontera.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.kontera.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.kontera.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.kontera.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
.collective-media.net [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\wo7p8zwu.default\cookies.sqlite ]


Ran Security Check, log follows:

Results of screen317's Security Check version 0.99.5
Windows Vista (UAC is enabled)
Out of date service pack!![/b]
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 15
Java(TM) 6 Update 2
Java(TM) 6 Update 4
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.2.54
Adobe Reader 8.1.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.6) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Verizon Online Backup & Sharing Filesystem Watcher DigiData.FilesystemWatcher.Service.Watc her.exe
Verizon Online Backup & Sharing Scheduler OnlineBackup.SchedulerService.exe
Verizon Online Backup & Sharing Auto Update OnlineBackup.UpdateSystemTray.exe
Verizon Online Backup & Sharing vewatch.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````


Ran Hijack this, log follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:54:21 AM, on 8/17/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\vsnp2uvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\Internet Content Filter\mfp.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
C:\Program Files (x86)\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (filesize 75128 bytes, MD5 5CF6190CD875DA6B35256FEE573E7908)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (filesize 278192 bytes, MD5 389947CAD1A9C504DF6285AA1E7BE6F1)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (filesize 349576 bytes, MD5 C0E4908B752509D795E79496530BFD69)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (filesize 814648 bytes, MD5 42CB4EE0B0FC259C8AD20B460FA7D72A)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (filesize 41760 bytes, MD5 1E57B1A44C7DFFA1C38534279C14B3CE)
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (filesize 349576 bytes, MD5 C0E4908B752509D795E79496530BFD69)
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_framework.dll (filesize 177504 bytes, MD5 7D5759CDDC966369EF460B552DB465BD)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (filesize 349576 bytes, MD5 C0E4908B752509D795E79496530BFD69)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (filesize 278192 bytes, MD5 389947CAD1A9C504DF6285AA1E7BE6F1)
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" (filesize 468264 bytes, MD5 F08A76C5E56BDB6F98F41BD22A4692E1)
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0" (filesize 218408 bytes, MD5 D2A93F854393C7D3BA09893F1EA264CD)
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" (filesize 40048 bytes, MD5 66D4456C920E21BD2188F8CC33680DF5)
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exeC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exeC:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exec:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (filesize 236016 bytes, MD5 B1FB1C4396A9D0FB074D8E90369F5129)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min (filesize 209153 bytes, MD5 29680A793F690EEF4AAA68479D2A6DF8)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (filesize 149280 bytes, MD5 90E0F7FDCAC66FB50C1CE1A1C7396642)
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin (filesize 611712 bytes, MD5 E43A851F7B12DE589424D6C656155CFC)
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" (filesize 38768 bytes, MD5 81A990CA9644D2CCB9D903183D9A0F58)
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" (filesize 640376 bytes, MD5 A1ED44DABCD252B95CD09487B65F734C)
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXEC:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (filesize 417792 bytes, MD5 55D7A219AD8D0DB8980528944152A6FD)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" (filesize 141608 bytes, MD5 8DC7685764B22DB97891012026FA7ED1)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" (filesize 935288 bytes, MD5 3103FE27C967675B019E880AA6DA3D6D)
O4 - HKLM\..\Run: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM (filesize 206120 bytes, MD5 0153701206D2CF9A43F88B40AF1FBC22)
O4 - HKLM\..\Run: [Online Backup Auto Update] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe" (filesize 233472 bytes, MD5 D5420C4E17E34BE1A30858D697B38492)
O4 - HKLM\..\Run: [Vault Explorer Cache Watcher] "C:\Program Files (x86)\Verizon\Online Backup & Sharing\vewatch.exe" (filesize 28672 bytes, MD5 870DFA3469F6C9A0C6EE0C13D062B692)
O4 - HKLM\..\Run: [ICF] "C:\Program Files (x86)\Internet Content Filter\mfp.exe" -noact (filesize 1275408 bytes, MD5 91443B66F7492A4F66D456522120A132)
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files (x86)\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN (filesize 4269296 bytes, MD5 BC5F401099CEA5F55879E0F24E5584B4)
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (filesize 1555968 bytes, MD5 5213EB5405A886A9B4FED6724C392C07)
O4 - HKCU\..\Run: [lightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (filesize 455968 bytes, MD5 3C62EAE05B76BA809FA1DE327922E846)
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeC:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (filesize 39408 bytes, MD5 5D61BE7DB55B026A5D61A3EED09D0EAD)
O4 - HKCU\..\Run: [rjyqbvyn] C:\Users\Lisa\AppData\Local\tconxtygj\yqidoqdshdw.exeC:\Users\Lisa\AppData\Local\tconxtygj\yqidoqdshdw.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files (x86)\HP\Smart Web Printing\hpswp_extensions.dll (filesize 152928 bytes, MD5 A1230D9DFAEF1219CDA8E4FA122F106A)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (filesize 39464 bytes, MD5 AEF204E782BFA2C8448CB43A58960744)
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\icf.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\icf.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\icf.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\icf.dll
O10 - Unknown file in Winsock LSP: c:\windows\syswow64\icf.dll
O13 - Gopher Prefix:
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/62.12/uploader2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (filesize 1959208 bytes, MD5 1E79B48BC50B99FDC0066860BCEFBC23)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeC:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exeC:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Filesystem Watcher (FilesystemWatcher) - DigiData Corp. - C:\Program Files (x86)\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exeC:\Program Files (x86)\Verizon\Online Backup & Sharing\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exeC:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Family Protection Update Service (fpUpdateSvc) - McAfee, Inc. - C:\Program Files (x86)\Internet Content Filter\UpdateService.exeC:\Program Files (x86)\Internet Content Filter\UpdateService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exec:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeC:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeC:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exeC:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exeC:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Online Backup Scheduler (OnlineBackupSchedulerService) - Unknown owner - C:\Program Files (x86)\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exeC:\Program Files (x86)\Verizon\Online Backup & Sharing\Scheduler\OnlineBackup.SchedulerService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exeC:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exeC:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exeC:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exeC:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exeC:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exeC:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exeC:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exeC:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files (x86)\Verizon\VSP\ServicepointService.exeC:\Program Files (x86)\Verizon\VSP\ServicepointService.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (verizondm) (sprtsvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exeC:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
O23 - Service: SupportSoft Repair Service (verizondm) (tgsrvc_verizondm) - SupportSoft, Inc. - C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exeC:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 22393 bytes


OK, now I am very proud of myself - haha
Quote

OK, now I am very proud of myself - haha

I have 64 bit, Vista.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
    

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

Viewpoint is not in the list of currently installed programs (fromthe control panel).

Is there some way it can be hidden?

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
• Click CREATE

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

• Please double-click TFC.exe to run it. (Note: If you are RUNNING on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

• Cleaned System Restore
  
• Ran OTC
  
• Ran TFC
  
• Ran Security Check

Hi guys, I'm new here and not fantastic with computers. I've recently been having some issues, some lame spyware DEAL that I got fixed and now this "File cannot be executed" issue. I don't know where to start and could really use some help. Anything would be APPRECIATED! Thanks. Sorry for the delay, we are busy here on the boards. If you are still having issues, please do the following:


Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click REMOVE Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically SAVED by MBAM and can be viewed by clicking the LOGS tab in MBAM.
• Copy and paste the entire report in your next reply.

Hi there,
THANK you for your great web site! I'v been following your instructions for virus and spyware removal and am not sure what to do next. My computer boots incredibly slowly, it sounds like it's always "running" something, and the fan seems to be working too much. I was able to do all the steps. However, I had to un-install my Ad-Aware program before downloading the HJT program. Please let me know what to do next. Here are the logs:

-SuperAntispyware log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/06/2010 at 03:31 PM

Application Version : 4.41.1000

Core Rules Database Version : 5328
Trace Rules Database Version: 3140

Scan type : Complete Scan
Total Scan Time : 01:45:50

Memory items scanned : 479
Memory threats detected : 0
Registry items scanned : 6029
Registry threats detected : 0
File items scanned : 128631
File threats detected : 34

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[emailprotected][3].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
enhance.com [ C:\Documents and Settings\Gradon\Application Data\Macromedia\Flash Player\#SharedObjects\M63NSDH4 ]
memecounter.com [ C:\Documents and Settings\Gradon\Application Data\Macromedia\Flash Player\#SharedObjects\M63NSDH4 ]
C:\Documents and Settings\Gradon\Cookies\[emailprotected][1].txt
interclick.com [ C:\Documents and Settings\Katie\Application Data\Macromedia\Flash Player\#SharedObjects\BJ2KZ8CP ]
C:\Documents and Settings\Katie\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][1].txt
C:\Documents and Settings\Katie\Cookies\[emailprotected][2].txt
.sonyonlineentertainment.112.2o7.net [ C:\Documents and Settings\Owner\Application Data\Sony Online Entertainment\Installed Games\Free Realms\mozilla\cookies.txt ]
C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt
C:\Documents and Settings\Owner\Cookies\[emailprotected][3].txt

Application.PowerReg Scheduler
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\8B0A1FC\BACKUP\POWERREG SCHEDULER V3.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE
C:\WINDOWS\Prefetch\POWERREG SCHEDULER V3.EXE-1DAD6551.pf


-Malwarebyet log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4401

Windows 5.1.2600 Service PACK 2
Internet Explorer 6.0.2900.2180

08/06/2010 4:21:05 PM
mbam-log-2010-08-06 (16-21-05).txt

Scan type: Quick scan
Objects scanned: 166824
Time elapsed: 13 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-HijackThis log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:48:09 AM, on 08/07/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\Program Files\Common Files\New BOUNDARY\PrismXL\PRISMXL.SYS
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\PROGRA~1\Crawler\Smileys\CSMILE~1.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\Sniper.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80114
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80114
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ALOT Toolbar BHO - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINDOWS\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NVCPLDAEMON] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [CTZDetec.exe] "C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
O4 - HKCU\..\Run: [SoftAuto.exe] "C:\Program Files\Creative\Software Update 3\SoftAuto.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6.3; .NET CLR 1.1.4322; [xSP_2:73a5c0c6bd31649acf2e6abe8b913f7e_212]; 988700803)" -"http://www.americangirl.com/fun/travel/bz/index.php?section=game"
O4 - Startup: Epson all-in-one Registration.lnk = E:\Titles\Ereg\EPSONREG.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: inetcntrl0013.dll
O10 - Unknown file in Winsock LSP: inetcntrl0013.dll
O10 - Unknown file in Winsock LSP: inetcntrl0013.dll
O10 - Unknown file in Winsock LSP: inetcntrl0013.dll
O10 - Unknown file in Winsock LSP: inetcntrl0013.dll
O10 - Unknown file in Winsock LSP: inetcntrl0013.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1257353991492
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SMSv3_0_2hs - Alexandria Software Consulting - C:\Program Files\Rosetta Stone\SMS v3.0.2hs\Service\JavaSrvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 12780 bytes


Sorry for the delay. We are busy here on the boards. If you are still having issues, please do the following, if possible:

Please download MySystem-Search from here: Download mirror

• Save the file to your Desktop.
• Double-click on mss.exe
• Allow it to run, and follow the prompts.
• Once done, it will launch a log.
• Post it in your next reply.

almost every application i have except firefox (WOW) that i try to open, i GET a windows security alert saying "Application cannot be executed. The file "winamp.exe" is infected" and wats weird is my IE wont let me go to any sites but 5 mins later itll show up with a popup from www.*adult URL* or sum other retarded site. please helpSorry for the delay. We are busy here on the boards. If you are still having issues, please do the following, if possible:

Please download MySystem-Search from here: Download mirror

• Save the file to your Desktop.
• Double-click on mss.exe
• Allow it to run, and follow the prompts.
• Once done, it will launch a log.
• Post it in your NEXT reply.

Thanks in advance for the information and HELP. I'm hoping to avoid a reformat. Here is what I experience:

Symptoms:
--when I run a web search with Google or Bing, the first page of results that I get have generic names related to whatever I run a search on but the actual URL that each of them links to the following (I ran a search on Chicago) (further below are copies of all the shortcuts).
--The SECOND page of the results SEEM to be alright however all of the “advertising” seem to be corrupted regardless of what page it shows up on
--If I keep trying to work with search and try to figure out what is going on I get some error messages
--When these errors show up, I loose connectivity between Outlook and the server and between all browsers and the internet (even though my wireless connection remains strong)
--Also, I can’t launch programs, open taskmanager (even from Cntrl Alt Del – I can click on the option but no response) or shutdown the COMPUTER. I have to do a “Hard Shutdown” with the power button

Copies of Shortcuts from first page of results from Google Search (similar regardless of what I search on)
http://bitstub.com/public/go.php?to=874623
http://bitstub.com/public/go.php?to=874624
http://bitstub.com/public/go.php?to=874626
http://109.235.49.54:81/a/click.php?s=eAEFwUdyo0BcMFwwwL_4js0MIMBbW1sEgQhcIojMhVwiXCchcnz9ds-_JMB-v6plGX5_fm74N1ww4BsC-A0x_Fwn_R6q4d_8N9f6xZmh3rdMUHCMHSXEehNxPQUsyjK2Q73SrYO3MnTY_WiFw-Yjqp1h53y8ASjeaLUGIyyHGT6v-xBEDxBN2s5yEgUoWWK4Tyk1TtYeXFw9XCL3jc_HHJsvSzYFZTXieyW9PU16NUtI8L10Kj1P3QOlrjJVcVhNdvDgOXpPVq9H124JyyTKSu6RjQRQpN6nfiBGMORSM8qFxpXJA7Ps-NCyN1nQO_4msPZAwG2WEkjjyUSrbz-RtoWa6sTfwk9Io1GL-jOGaTYCrcVVczLhLLtwJHqiLjmdOspgRdFelxeBTjuIPZD5kZC6bVMUDxcIQrR9XFxLWfFH8Ww72ncPfSyTOhvorknuziHEg7b7SVOsyLRi7miRcw5YhLgIGTrFoobxiYrdZJ-iBiSPXCfWPqU2ugWbtFCb2xt2EBvvljJX77zVXR9ZO4dW_nGlZ0pPczCIHzMPk8NTHwnmqjAZQl2nhi77jDc5LKQ6uhBdHZBdKREX0Q8U3aQKbgm6INaE-3eIYUGYlauptLYOzwWe5MWXtLOr121bhmbCdEwgLaM0c3riRP1V19L-bO2FP0oYFL3yDBtrRm1So3EvDoiHhsMlOHYEkKux83gcDyrBWA21I8lLfcVMxDCN6FClYBJcXMwcWaqHY_WxhNN-gYbASUt6dGMeEvHmDW0rptQSV6aSZRGTTcix719__gPvRvBcJw,,&aff=625&as=1
http://bitstub.com/public/go.php?to=874628
http://bitstub.com/public/go.php?to=874629
http://bitstub.com/public/go.php?to=874630
http://bitstub.com/public/go.php?to=874632
http://109.235.49.54:81/a/click.php?s=eAENysttwzAMXDDQXTKAwz8pF0VnkSgSKdqDgWZ_1Kd3eX9cJ5Gej9f7fZ3Pp8WBNg6TAxmf-fudP8f1ur7yc-1YWb5ojZI1dkOLhsLiKJ8BvjYP6umCBdoGggNFVblcMHPHLt2CsZ1sRjKzSUJ1ZRk4t3LLvaw45iAy15nCOYYSqjUJjTYE0ekEKVYNMyRVbNOmUW3OvqBxXCf6RAMLd8Z7Wda6eXz8A3wSP4A,&aff=625&as=1
http://109.235.49.54:81/a/click.php?s=eAENzltqAzEMQNG9ZAEzeth6TCldiy3JJKQfA83-qf8Pl_t3EfXr8fx87us8xQ4UP6QdyHjG7yvex_28f-IbLdIQ2uTKlcNk9WSjlDAsbsBBfVS1RQRq6NA7OrGSMa0QLojtkyboiAwbZICtJZALVrqa41K1wiUk6dLnYM7Rw7eSkkoUVrAxXFzZbU3s1lAFaGr6mEa6RtkOUETfo1N1P8k0rtb08fUPEns-1Q,,&aff=625&as=1
http://bitstub.com/public/go.php?to=874635


Results of SuperSpyWare Scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/30/2010 at 06:24 PM

Application Version : 4.41.1000

Core Rules Database Version : 5291
Trace Rules Database Version: 3103

Scan type : Complete Scan
Total Scan TIME : 01:53:17

Memory items scanned : 610
Memory threats detected : 0
Registry items scanned : 7504
Registry threats detected : 0
File items scanned : 109328
File threats detected : 0

Results of Malware Scan:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4372

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/30/10 06:37:19 PM
mbam-log-2010-07-30 (18-37-19).txt

Scan type: Quick scan
Objects scanned: 145191
Time elapsed: 8 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\javaw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Results of Hijack This scan:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:57:58 PM, on 7/30/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IObit\Advanced Spyware Remover\ASRsrv.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\IObit\Advanced Spyware Remover\ASRtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\FriendlyHijackThis\Sniper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Advanced Spyware Remover] "C:\Program Files\IObit\Advanced Spyware Remover\ASRtray.exe" /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\pmpta.dll
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - https://amqp1.ansell.com/qp2.cab
O16 - DPF: {2202D225-22C1-4B8C-A4B8-6A7E7B7E1524} (ICWMInstallObj Class) - https://cpc.on.intercall.com/confmgr/installs/ICWMInstall.cab
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn-am1.infor.com/CACHE/webvpn/stc/1/binaries/stcweb.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://vpn-am1.infor.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1199978753218
O16 - DPF: {804F9BC5-0EAB-4150-8065-0DF485420670} (InstallShield Setup Player V11.5) - http://w2003e/deciweb/clientconfig/setup.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.infuzer.com/IDC/client/player/isetup.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC7D77DA-E1AC-4D40-930B-B87B2954E034} (QuickMksAxCtl Class) - https://10.130.129.1/LabManager/ControlPanel/Machines/MachineDetails/ActiveXControls/ViewerXVNC/vmware-mks.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = infor.com
O17 - HKLM\Software\..\Telephony: DomainName = infor.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = infor.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = infor.com,infor.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = infor.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = infor.com,infor.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = infor.com,infor.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASRservice - IObit - C:\Program Files\IObit\Advanced Spyware Remover\ASRsrv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Basics Service - Seagate Technology LLC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
O23 - Service: SSA License Server (Master:6005) (BCLMD_M) - SSA Global - C:\Program Files\Baan\shared\bin\BclmServer.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RDI Document Conversion Helper (RDIConverterPrintHelper) - Web Meeting - C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: VMware vCenter Converter Agent (vmware-converter-agent) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
O23 - Service: VMware vCenter Converter Server (vmware-converter-server) - VMware, Inc. - C:\Program Files\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 18424 bytes

Duplicate post. Locked

MBRCheck, version 1.1.1

(c) 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\E: --> \\.\PhysicalDrive0



Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Known-bad MBR code detected (Whistler / Black Internet)!





Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Options:

[1] Dump the MBR of a physical disk to file.

[2] Restore the MBR of a physical disk with a standard boot code.

[3] Exit.



Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): Available MBR codes:

[ 0] Default (Windows XP)

[ 1] Windows XP

[ 2] Windows Server 2003

[ 3] Windows Vista

[ 4] Windows 2008

[ 5] Windows 7

[-1] Cancel



Please select the MBR code to write to this drive:

Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Successfully wrote new MBR code!

Please reboot your computer to complete the fix.





Done! Press ENTER to exit...

Download Bootkit Remover to your Desktop.

• You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  
• After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  
• It will show a Black screen with some data on it.
• Right click on the screen and click Select All.
  
• Press CTRL C
• Open a Notepad and press CTRL V
• Post the output back here.

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
• Click CREATE

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
• Click OK
  
• The System will do some calculation and the display a dialogue box with TABS
  
• Select the More Options Tab.
  
• At the bottom will be a system restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done
  

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, MEANING it will be difficult to infect your computer in the future.
  

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

I got the file you described on my desktop, but I don't know how to manually upload it?? All it opened was a page Getsysteminfo parser 2.96 and there is no place to upload anything? All it says is what's your problem, with a DROPDOWN menu. I'm also now getting tons of pop ups, even though my blocker is set at high, and every page or email, everything I go to has certain words underlined twice in green, and if I put my cursor on them, a gamevance ad pops up? What is that and how do I get rid of it?Seems LIKE adware.


Please download ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe and save it to your Desktop. Do NOT perform a scan yet

• Double-click on drweb-cureit.exe to start the program.
  An Express Scan of your PC notice will APPEAR.
  
• Under Start the Express Scan Now, Click OK to start the scan.
  This is a short scan that will scan the files currently running in memory.
  If something is found, click the Yes button when it asks you if you want to cure it.
  
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis
  
• Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  
• Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  
• When finished, a message will be displayed at the bottom advising if any viruses were found.
• Click Yes to all if it asks if you want to cure/move the file.
  
• When the scan has finished, look if you can see the icon next to the files found.

• Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit when you have finished.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  
• After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• Hidden Startup Objects
• SYSTEM Memory
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)[/color]

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be neutralized then choose the delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  Note: This tool will self uninstall when you close it so please save the log before closing it.

Sorry put this in the main forum so repeating it here in the hope that I might get some HELP.

This is our family laptop and the virus has completely stopped IE opening, can open firefox, and won't let me open any of my anti-virus stuff.

If I click yes on one of the notices I either get directed to site to BUY anti-virus software or I get a *censored* site front PAGE. As my children use this computer I really need to get this off asap. Please help me.

RebekahI responded to the thread in the main forum. I will LOCK this one.

I FOLLOWED a similar thread and ran RKILL, OTL and ComboFix (downloaded from another computer.) RKILL log provided below. I'll save the others until told to include them.
Please help...

(Machine not rebooted yet)

*****
RKILL
*****
This log file is located at C:\rkill.log.
Please POST this only if requested to by the person helping you.
Otherwise you can close this log when you WISH.
Ran as Judy on 07/31/2010 at 11:01:48.


Processes terminated by Rkill or while it was running:


C:\Users\Judy\AppData\Local\yjhwvghwy\fdnlxcftssd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe


Rkill completed on 07/31/2010 at 11:01:56.
Sorry -- did not yet RUN ComboFix. Only downloaded to thumb drive.
FIXED -- Thank you

I keep getting error messages that say that Windows Explorer is shutting down. This happens when I am moving or opening FILES and programs. Sometimes it seems to be random; other times a specific file or program will cause the error repeatedly. When I am on the internet, Internet Explorer will randomly shut down. Sometimes it restarts itself, other times it gives me a message telling me that it shut down to protect my computer. I can download, but am completely unable to install new programs--I get an error message telling me to clear my internet cache and download again (which I have already done--twice). I have Avira antivirus, and have run several scans, which came back clean. It hasn't been updated in about three weeks because the updates won't work. I have tried everything I can think of. System restore fails, even in safe mode. I could not find anything suspicious in add/remove programs and I have cleaned my hard drive using CCleaner. I am unable to follow the steps that are suggested because I can't install new programs. Just for information's sake, I am running Windows Vista, and this has been happening for about a day or two now. Any help you can provide would be greatly appreciated, as I really do not want to have to wipe my hard drive! Hi,

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to LET it run uninterrupted.
• Under the Custom Scan box paste this in

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, just let it cure whatever it finds...

• Start the scan again. This time, choose Complete Scan
  
• Click the green arrow button at the right, and the scan will start.
• After the scan finished, click Select all
  
• Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  
• When the scan has finished, in the menu, click File and choose Save report list
  
• Save the report to your Desktop. The report will be called DrWeb.csv
• Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
  

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

about the same i think but i'm thinking it might be the internet connectionAll looks GOOD on my end.

To remove all of the tools we used and the files and folders they CREATED do the following:
Double CLICK OTL.exe.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are PROMPTED to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

You're WELCOME.

How are things running now? So far, so good Ok. Let's do one more scan

Please run a FREE online scan with the ESET Online Scanner
Note: You will need to use INTERNET Explorer for this scan[/i]

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ACTIVEX control to install
• Click Start
  
• Make sure that the options Remove found threats and the option Scan UNWANTED applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may CLOSE the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

Hi,

Download MBRCheck to your desktop.

• Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  
• It will show a black screen with some data on it.
• A report called MBRcheckxxxx.txt will be on your desktop
  
• Open this report and post its content in your next reply.

• Run MBRCheck.exe
• Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  
• Please push the 'Y' key and then press Enter
• When program ask you Enter your choice: enter 2 and press the Enter key
  
• Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  
• Enter 0 and press the Enter key.
  
• The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
  
• When asked Do you want to fix the MBR code? type in YES and press enter
  
• Restart your PC.

• Disable your AntiVirus and AntiSpyware applications, usually VIA a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

• Click on Yes, to continue scanning for malware.
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.