Other than having NTRDRisMissing problem which can be fix easily.

There's something messing up my notebook.


here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 17:39:00, on 2007-5-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
f:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
f:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
f:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Program Files\Rising\Rav\RavTask.exe
F:\Program Files\Rising\Rav\Ravmon.exe
F:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\conime.exe
F:\Program Files\Tencent\TTraveler.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.030\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - F:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DsHelper - {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} - f:\Program Files\Thunder Network\Thunder\Components\ResWorker\DSIeHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - F:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - f:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [RavTask] "f:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [DAEMON Tools-2052] "F:\Program Files\D-Tools\daemon.exe" -lang 2052
O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\Bha.dll.vbs
O4 - HKLM\..\RunOnce: [RavStub] "f:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgswitch] C:\WINDOWS\system32\bgswitch.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - F:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - F:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - f:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - f:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\Program Files\Tencent\QQ\QQIEHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O16 - DPF: {3DD98C55-74CC-4B7C-B5F1-45913F368388} - http://wellocx.cuic.org.cn/cuicdown/urn.dll
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2007/OL2006.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - f:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - f:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

Hello pepper1019 and welcome to the Forums :)

You're infected.

1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

k, here's my combo fix log

"Administrator" - 2007-05-15 17:46:11 Service Pack 2
ComboFix 07-05.13.V - Running from: "C:\Documents and Settings\Administrator\桌面\lichang\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\pmuninst.exe
C:\Program Files\cnnic


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-15 ))))))))))))))))))))))))))))))))))


2007-05-12 16:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-11 08:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-10 13:05 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Tencent
2007-04-28 00:39 <DIR> d-------- C:\Program Files\Update
2007-04-28 00:20 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-04-28 00:14 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-04-28 00:07 587 --a------ C:\WINDOWS\QQPet.dat
2007-04-20 06:09 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-15 09:42:52 8,441 ----a-w C:\WINDOWS\system32\cid_store.dat
2007-04-20 06:19:58 0 ----a-w C:\WINDOWS\system32\UTSCSI.EXE
2007-04-20 06:19:57 389,120 ----a-w C:\WINDOWS\udll3011.dll
2007-04-08 17:37:50 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\QQUpdate
2007-04-07 14:34:13 46,838 ----a-w C:\WINDOWS\system32\prfc0804.dat
2007-04-07 14:34:13 123,520 ----a-w C:\WINDOWS\system32\prfh0804.dat
2007-03-28 01:00:44 -------- d-----w C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-03-08 15:37:22 573,952 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:22 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:22 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:32 1,843,200 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-09 20:07:03 106,496 ------w C:\WINDOWS\system32\RavExt.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{01443AEC-0FD1-40fd-9C87-E93D1494C233}=F:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [2007-04-16 19:16]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3}=F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [2007-04-06 14:59]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-05-15 00:47]
{0D42E1BD-09DD-4873-A826-9C7E793EB7B6}=f:\Program Files\Thunder Network\Thunder\Components\ResWorker\DSIeHelper.dll [2007-04-12 14:05]
{53707962-6F74-2D53-2644-206D7942484F}=D:\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{54EBD53A-9BC1-480B-966A-843A333CA162}=F:\Program Files\Tencent\QQ\QQIEHelper.dll [2006-08-31 20:09]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 12:29]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"Mouse Suite 98 Daemon"="ICO.EXE"
"RavTask"="\"f:\\Program Files\\Rising\\Rav\\RavTask.exe\" -system"
"DAEMON Tools-2052"="\"F:\\Program Files\\D-Tools\\daemon.exe\" -lang 2052"
"MS32DLL"="C:\\WINDOWS\\Bha.dll.vbs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2005-12-15 08:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2005-12-15 08:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2005-12-15 08:00]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-06-13 15:52]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 15:24 C:\WINDOWS\system32\Ati2mdxx.exe])
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-30 21:00]
"Mouse Suite 98 Daemon"="ICO.EXE" [])
"RavTask"="f:\Program Files\Rising\Rav\RavTask.exe" [2004-01-08 20:10]
"DAEMON Tools-2052"="F:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05]
"MS32DLL"="C:\WINDOWS\Bha.dll.vbs" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-12-15 08:00]
"bgswitch"="C:\WINDOWS\system32\bgswitch.exe" [2004-02-22 16:01]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"bgswitch"="C:\\WINDOWS\\system32\\bgswitch.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"RavStub"="\"f:\\Program Files\\Rising\\Rav\\ravstub.exe\" /RUNONCE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="ctfmon.exe"
"bgswitch"="C:\\WINDOWS\\system32\\bgswitch.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{32CD708B-60A7-4C00-9377-D73EAA495F0F}"="C:\WINDOWS\system32\RavExt.dll" [2007-02-10 04:07]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="f:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 22:13]


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter HTTPFilter\0\0
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
DcomLaunch DcomLaunch\0TermService\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
Usnsvc usnsvc\0\0
WudfServiceGroup WUDFSvc\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J]
Shell\AutoRun\command J:\idstick.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0622e5f4-a1a8-11db-9cbb-000423828caf}]
Shell\Auto\command sxs.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{233a1bb0-b465-11db-8efd-000423828caf}]
Shell\Auto\command RavMonE.exe e
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RavMonE.exe e

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{26844b00-b694-11db-8f00-000423828caf}]
Shell\AutoRun\command H:\
Shell\explore\Command WScript.exe .\autorun.vbs
Shell\open\Command WScript.exe .\autorun.vbs

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{665a91bd-df5f-11db-9cdc-000423828caf}]
Shell\AutoRun\command J:\idstick.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{665a91be-df5f-11db-9cdc-000423828caf}]
Shell\Auto\command AdobeR.exe e
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b7ade92-a2af-11db-9cbd-000423828caf}]
Shell\Auto\command I:\infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b7ade93-a2af-11db-9cbd-000423828caf}]
Shell\Auto\command J:\infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8b7ade94-a2af-11db-9cbd-000423828caf}]
Shell\Auto\command K:\infrom.exe
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97ec0bb1-9ebd-11db-9cb4-000423828caf}]
Shell\AutoRun\command C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe Bha.dll.vbs

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2879f42-bd4d-11db-8f0f-000423828caf}]
Shell\AutoRun\command H:\
Shell\explore\Command WScript.exe .\autorun.vbs
Shell\open\Command WScript.exe .\autorun.vbs

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-15 17:49:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-15 17:49:25
C:\ComboFix-quarantined-files.txt ... 2007-05-15 17:49

Hi :)

One or more of the identified infections is a backdoor trojan :sick:

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)

I can help you in the cleaning if you don't want to reformat but there is a possibility that we can't get you 100% clean.

Please let us know what you have decided to do in your next post:bigthumb:

i guess i have the notebook clean up first then.

i'll see what i can do, if things doesn't goes well, i mean mentally i'll prolly clean it up with reformat, but i think i stay with the cleaning up ideas first...

thanks alot for the info :)

Ok I'll be happy to help you. Let's begin the cleaning :)

Please download and run Flash_Disinfector by sUBs (http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe)

Restart the computer and post a fresh HijackThis log :bigthumb:

This topic has been moved to archives to prevent others with similar issues posting to it.

If you need the thread re-opened, please send me a private message (pm) and provide a link.

Applies only to the original poster, anyone else with similar problems please start your own topic.