I use Firefox now but every 10 minutes or so an Internet Explorer page will pop up randomly.

I have run DDS and the DDS.txt logfile reads as follows:

DDS (Ver_10-10-10.03) - NTFSx86
Run by Marcus at 22:25:17.62 on 13/10/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.877 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Marcus\AppData\Local\Temp\Jpb.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Spotify\spotify.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k wdisvc
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Marcus\Downloads\dds(5).scr
C:\Windows\system32\wbem\wmiprvse.exe

Hi marcus89

DSS log was not complete

please post both DDS.txt and attach.txt

Thanks peku006

Hmm, not sure what happened there.

Here is the full DDS.txt:


DDS (Ver_10-10-10.03) - NTFSx86
Run by Marcus at 16:20:30.97 on 17/10/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2047.1140 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Marcus\AppData\Local\Temp\Jpb.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ByteGems.com\I Hate This Key\IHateThisKey.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Marcus\Downloads\dds(5).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar BHO: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.0.0.136\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: PlayBox Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b315} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON Stylus DX4400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticae.exe /fu "c:\windows\temp\E_SC034.tmp" /EF "HKCU"
uRun: [Aim6]
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
uRun: [IHateThisKey] c:\program files\bytegems.com\i hate this key\IHateThisKey.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [AROReminder] c:\program files\advanced registry optimizer\ARO.exe -rem
uRun: [ManyCam] "c:\program files\manycam 2.4\ManyCam.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [CCUTRAYICON] FactoryMode
mRun: [GSISETUP] E:\setup.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RegKillElbyCheck] "c:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill
mRun: [RegKillTray] "c:\program files\elaborate bytes\dvd region killer\RegKillTray.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [CleanUp] c:\progra~1\mcafee.com\shared\mcappins.exe /v=3 /cleanup
StartupFolder: c:\users\marcus\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Toolbar Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\marcus\appdata\roaming\mozilla\firefox\profiles\i5auhz8l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-31 207280]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-5-31 112592]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-27 6400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [2003-11-1 17920]
S3 DfuUsb;DfuUsb;c:\windows\system32\drivers\DFUUsb.sys [2001-11-27 10880]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-20 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MCLServiceATL;Intel(R) Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-12 167936]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-5-31 358600]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-5-31 1141200]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]

=============== Created Last 30 ================

2010-10-14 12:09:18 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 12:55:57 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 12:55:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 12:55:14 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 12:55:14 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 12:55:14 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 12:55:14 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 12:55:13 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 12:54:51 274432 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 12:54:46 1315840 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 12:54:45 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-13 12:54:40 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 12:54:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 12:54:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 12:54:33 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 12:54:29 866816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 12:54:26 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-04 22:54:44 -------- d-----w- c:\users\marcus\appdata\local\Graboid
2010-09-29 13:24:19 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-21 22:44:22 71112 ----a-r- c:\users\marcus\appdata\roaming\microsoft\installer\{1f2df2c6-08f7-40bd-8e85-d16cb436e7f0}\NewShortcut21_12ADA67C834449EA9E721E8D99846831.exe
2010-09-21 22:44:22 71112 ----a-r- c:\users\marcus\appdata\roaming\microsoft\installer\{1f2df2c6-08f7-40bd-8e85-d16cb436e7f0}\NewShortcut2_F36C30BD8F574C8CA7F3B8FA00C4B76C.exe
2010-09-21 22:44:22 71112 ----a-r- c:\users\marcus\appdata\roaming\microsoft\installer\{1f2df2c6-08f7-40bd-8e85-d16cb436e7f0}\NewShortcut11_0F3332D2CC044CF6A639F6A6EE233044.exe
2010-09-21 22:44:22 71112 ----a-r- c:\users\marcus\appdata\roaming\microsoft\installer\{1f2df2c6-08f7-40bd-8e85-d16cb436e7f0}\NewShortcut1_E8BCADE476CB48C1B937A2D941E1962F.exe

==================== Find3M ====================

2010-08-17 13:32:33 126464 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 16:21:29.72 ===============

And here is the Attach.exe:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 09/08/2007 09:11:15
System Uptime: 17/10/2010 16:12:43 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | Berkeley
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | CPU 1 | 2331/333mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 290 GiB total, 81.905 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 1.037 GiB free.
E: is CDROM (CDFS)
G: is CDROM ()
I: is Removable
J: is Removable
K: is Removable
L: is Removable

==== Disabled Device Manager Items =============

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Compact Flash
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
Manufacturer: Generic-
Name: Compact Flash
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#1&19F7E59C&0&_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20021111153705700&0#
Service: WUDFRd

==== System Restore Points ===================


==== Installed Programs ======================

1888 Number to Word Converter 1.0
Acoustica MP3 Audio Mixer
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop 7.0
Adobe Photoshop CS2
Adobe Reader 9
Adobe Stock Photos 1.0
Advanced Registry Optimizer
AGEIA PhysX v7.09.13
AIM 6
Audacity 1.2.6
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.4
Browser Defender 2.0.6.15
BT Broadband Talk Softphone 2.0
BTTotalBroadband220V
CD - DVD Publishing Service
Celemony Melodyne Plugin VST RTAS v1.0
Collab
coverXP (remove only)
Deadhunt Demo
Desktop Activity Recorder 2.6
Diablo II
DVD Region Killer
EA.com Matchup
EA.com Update
Emagic Logic Audio Platinum 5.5
Enhanced Multimedia Keyboard Solution
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
FL Studio 7
Free NaturalReader
GearDrvs
Google Earth
Graboid Video 1.73
GTAIII
Hardware Diagnostic Tools
Highlight Viewer (Windows Live Toolbar)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.0
HP Photosmart Essential2.5
HP Picasso Media Center Add-In
HP Update
HP USB Disk Storage Format Tool
I Hate This Key Deluxe Edition 5.1
IL Download Manager
ImgBurn
Intel(R) PRO Network Connections Drivers
Intel® Viiv™ Software
Java(TM) 6 Update 16
Junk Mail filter update
K-Lite Codec Pack 3.5.7 Basic
Kaspersky Online Scanner
Lexicon Lambda ASIO(remove only)
Licensing Service Install
LightScribe 1.4.142.1
Live 7.0.3
LiveUpdate 3.2 (Symantec Corporation)
MAGIX Media Manager 2004 silver
MAGIX music maker 2005 deLuxe
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
Mbrola Tools 3.5
McAfee Virtual Technician
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires II
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft XML Parser
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (3.0.19)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
muvee autoProducer 6.0
NCH Tone Generator
Neuratron PhotoScore Lite
NSIS Example2
NVIDIA Drivers
OLYMPUS Master 2
Perfect Uninstaller v6.3.2.2
Platypus 1.13
Print Screen Deluxe
Project64 1.6
PSSWCORE
Python 2.4.3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Reason 3.0
Registry Mechanic 8.0
Rhythm Rascal
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
SearchInOneStep 1.0 build 172
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sibelius 5
Smart Menus (Windows Live Toolbar)
SmartUndelete
Spelling Dictionaries Support For Adobe Reader 8
Spotify
Spyware Doctor 7.0
Steinberg Cubase LE
Text-To-Speech-Runtime
The Sims 2
UltraISO Premium V9.32
Unreal Tournament 2003
Unreal Tournament 3 Demo
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
USARadioNow Toolbar
Viral Outbreak v1.00 VSTi Demo
VLC media player 1.0.1
WavePad Sound Editor
Winamp
Winamp Toolbar
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Favorites for Windows Live Toolbar
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Xiah
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Toolbar
YouTube FLV to AVI converter Pro 2.1.2

==== End Of File ===========================

thanks

Hi marcus89

Malwarebytes' Anti-Malware


Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please reply with

Malwarebytes' Anti-Malware Log

Thanks peku006

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4862

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

17/10/2010 22:53:52
mbam-log-2010-10-17 (22-53-52).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|I:\|J:\|K:\|L:\|)
Objects scanned: 397397
Time elapsed: 2 hour(s), 12 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
C:\Users\Marcus\AppData\Local\Temp\Jpb.exe (Trojan.Downloader) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Marcus\AppData\Local\Temp\Jpb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Marcus\AppData\Local\1646560136.dll (Trojan.FakeRean) -> Quarantined and deleted successfully.
C:\Users\Marcus\AppData\Local\Temp\Q7w3uO (Spyware.Zbot.SI) -> Quarantined and deleted successfully.
C:\Users\Marcus\AppData\Local\Temp\K7931c (Spyware.Zbot.SI) -> Quarantined and deleted successfully.
C:\Users\Marcus\Documents\Downloads\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR\Celemony.Melodyne.Plugin.VST.RTAS.v1.0.Incl.Keygen-AiR\Keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Marcus\Documents\Downloads\Leafdrums\Keygen-LeafDrums.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\flash_player.45199.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Marcus\Downloads\McAfee Anti-Virus 2010 setup + Keygen\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\TEMP\317uOC7s.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\TEMP\OCE317.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\spool\prtprocs\w32x86\9w1uO3o79.dll (Spyware.Zbot.SI) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Hi marcus89


Download CKScanner by askey127 from here (http://downloads.malwareremoval.com/CKScanner.exe) and save it to your Desktop.
Right click CKScanner.exe and select "Run as Administrator", then click on Search For Files.
When the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

[/list]
Thanks peku006

CKScanner - Additional Security Risks - These are not necessarily bad
c:\magix\mm2005_deluxe\my audio video\keygen.mmm
c:\magix\mm2005_deluxe\my audio video\keygen_bak0.mm_
c:\n360_backup\drive_c\users\marcus\documents\downloads\celemony.melodyne.plugin.vst.rtas.v1.0.incl.keygen-air\celemony.melodyne.plugin.vst.rtas.v1.0.incl.keygen-air\install both dx o rtas!.txt
c:\n360_backup\drive_c\users\marcus\documents\downloads\cover xp pro 1.65 + keygen doesn't work - complete scam\coverxp\password here!.url
c:\n360_backup\drive_c\users\marcus\documents\downloads\fruity loops studio 7 full + crack\readme.txt
c:\n360_backup\drive_c\users\marcus\documents\downloads\the sims2 exe crack\readme.txt
c:\n360_backup\drive_c\users\marcus\music\loops & midi\keygen.mid
c:\users\marcus\desktop\programs\links 2\7 fighters who lied their way to legendary cracked.com.url
c:\users\marcus\desktop\programs\programs\getting high then\crack.h0
c:\users\marcus\desktop\programs\programs\getting high then\crack.hdp
c:\users\marcus\desktop\programs\programs\getting high then\smoke crack.h0
c:\users\marcus\desktop\programs\programs\getting high then\smoke crack.hdp
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen track.rns
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\drums final change.h0
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\drums final change.hdp
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\drums final.h0
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\drums final.hdp
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\drums loud perfect.h0
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\drums loud perfect.hdp
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\drums louder.h0
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\drums louder.hdp
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\drums perfect.h0
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\drums perfect.hdp
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\drums.h0
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\drums.hdp
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\fade out 1.h0
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\fade out 1.hdp
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\keygen bass.h0
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\keygen bass.hdp
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\keygen choir.h0
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\keygen choir.hdp
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\keygen keys fade in.h0
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\keygen keys fade in.hdp
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\keygen track.h0
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\keygen track.hdp
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\keygen with drums.h0
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\keygen with drums.hdp
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\start synth.h0
c:\users\marcus\desktop\programs\programs\templates\reason track\keygen\start synth.hdp
c:\users\marcus\desktop\programs\programs\torrents\no_cd_fixed_exe_crack_-_the_sims2_-_les_sims_2_-_los_sims_2_-_die_sims2_by_deviance_zip_[www.fulldls.com].torrent
c:\users\marcus\desktop\programs\programs\torrents\propellerhead_reason_4_tested-100__working_crack.4820126.tpb.torrent
c:\users\marcus\desktop\programs\programs\torrents\the.sims2.exe.crack_[mybittorrent.com].torrent
c:\users\marcus\documents\ableton\library\presets\audio effects\vinyl distortion\crack.adv
c:\users\marcus\documents\downloads\magic iso maker 5.4+_keygen.exe
c:\users\marcus\documents\downloads\celemony.melodyne.plugin.vst.rtas.v1.0.incl.keygen-air\air.nfo
c:\users\marcus\documents\downloads\celemony.melodyne.plugin.vst.rtas.v1.0.incl.keygen-air\celemony.melodyne.plugin.vst.rtas.v1.0.incl.keygen-air.rar
c:\users\marcus\documents\downloads\celemony.melodyne.plugin.vst.rtas.v1.0.incl.keygen-air\celemony.melodyne.plugin.vst.rtas.v1.0.incl.keygen-air\file_id.diz
c:\users\marcus\documents\downloads\celemony.melodyne.plugin.vst.rtas.v1.0.incl.keygen-air\celemony.melodyne.plugin.vst.rtas.v1.0.incl.keygen-air\install both dx o rtas!.txt
c:\users\marcus\documents\downloads\celemony.melodyne.plugin.vst.rtas.v1.0.incl.keygen-air\celemony.melodyne.plugin.vst.rtas.v1.0.incl.keygen-air\setup.exe
c:\users\marcus\documents\downloads\cover xp pro 1.65 + keygen doesn't work - complete scam\coverxp pro.nfo
c:\users\marcus\documents\downloads\cover xp pro 1.65 + keygen doesn't work - complete scam\coverxp.rar
c:\users\marcus\documents\downloads\cover xp pro 1.65 + keygen doesn't work - complete scam\coverxp\cover xp pro 1.65 + keygen.rar
c:\users\marcus\documents\downloads\cover xp pro 1.65 + keygen doesn't work - complete scam\coverxp\password here!.url
c:\users\marcus\documents\downloads\fruity loops studio 7 full + crack\fruity loops studio 7 full.uif
c:\users\marcus\documents\downloads\fruity loops studio 7 full + crack\hitman505.nfo
c:\users\marcus\documents\downloads\fruity loops studio 7 full + crack\readme.txt
c:\users\marcus\documents\downloads\the sims2 exe crack\readme.txt
c:\users\marcus\documents\downloads\the sims2 exe crack\the sims2 exe crack.rar
c:\users\marcus\documents\downloads\the sims2 exe crack\the sims2 exe crack\mo-s2dvd.nfo
c:\users\marcus\documents\downloads\the sims2 exe crack\the sims2 exe crack\sims2.exe
c:\users\marcus\documents\downloads\youtube flv to avi converter pro 2.1.2\youtube flv to avi converter pro 2.1.2\crack by mr.0iz0 snd\crack.exe
c:\users\marcus\downloads\mcafee anti-virus 2010 setup + keygen.zip
c:\users\marcus\downloads\mcafee anti-virus 2010 setup + keygen\doesn't work.txt
c:\users\marcus\downloads\mcafee anti-virus 2010 setup + keygen\mcafee anti-virus 2010 setup.exe
c:\users\marcus\downloads\sibelius 5.1 [h33t][poolpro]\keygen\beat.nfo
c:\users\marcus\downloads\sibelius 5.1 [h33t][poolpro]\keygen\blessing.exe
c:\users\marcus\downloads\sibelius 5.1 [h33t][poolpro]\keygen\sharego.nfo
c:\users\marcus\music\loops & midi\keygen.mid
c:\users\marcus\music\sound samples\21914__halleck__neck_crack.h0
c:\users\marcus\music\sound samples\21914__halleck__neck_crack.hdp
c:\users\marcus\music\sound samples\7720__dalomargrimm__bone_cracking_2.h0
c:\users\marcus\music\sound samples\7720__dalomargrimm__bone_cracking_2.hdp
c:\users\marcus\music\sound samples\mailmancrack.wav.asd
c:\users\marcus\music\sound samples\soundsnap\beeps\fl_studio_7_crack_fruity_loops_7_crack.torrent
scanner sequence 3.ZZ.11
----- EOF -----

Hi marcus89

why you have a lot of "keygens and cracks" ,do you use "pirated software"

Not anymore, those are mostly old duds I just haven't gotten round to deleting yet.
Also alot of the files listed are data files for audio sequencing programs.

Hi marcus89

TFC (Temp File Cleaner)


Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click Yes to reboot.


NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

Thanks peku006

Hi, TFC was run successfully but I can't get the Kaspersky scanner working. I've been given this error message 3 times in a row:

Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab.

Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: Trial license cannot be installed as an active license [0x8004025D]]

Hi marcus89

Ok....let´s try this.....

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.


Hold down Control then click on the following link to open a new window to ESET online scannner (http://www.eset.com/onlinescan/)
Then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox. Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Thanks peku006

Unfortunately whenever I press start I keep getting an error message that says:

can not get update. Is proxy configured?

Hi marcus89

PANDA ONLINE SCAN

Please go Here (http://www.pandasoftware.com/products/activescan.htm) to run Panda's ActiveScan Once you are on the Panda site, click the Scan your PC now button
A new window will open...click the Scan Now button
Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
When the scan has finished, click on Export To
Save the file as Activescan.txt to your Desktop
Close the Activescan window then go to your Desktop
Double-click on Activescan.txt and it will open in Notepad
In Notepad, click Edit > Select all, then Edit > Copy
Reply to this thread and click Ctrl+V to paste the log in your reply

Hi, sorry for the delay, it took a few hours for the scan to complete and the first time round my PC rebooted half way for some reason.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-10-20 19:34:00
PROTECTIONS: 1
MALWARE: 30
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton AntiVirus No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\marcus@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@tradedoubler[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@tribalfusion[2].txt
00147806 Cookie/7search TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@7search[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@com[2].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@xiti[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\marcus@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@serving-sys[3].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\marcus@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@bs.serving-sys[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@server.iad.liveperson[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@ads.pointroll[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@overture[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@realmedia[2].txt
00170557 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@terra.com[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@questionmarket[1].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\marcus@questionmarket[2].txt
00180246 Cookie/XXXCounter TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@xxxcounter[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@adultfriendfinder[1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@go[2].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@searchportal.information[2].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@target[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\marcus@atwola[1].txt
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@smartadserver[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\users\marcus\appdata\roaming\microsoft\windows\cookies\low\marcus@www6.addfreestats[1].txt
01104854 Adware/OneStep Adware No 0 Yes No c:\program files\searchin1step\searchin1.exe
01674996 Application/Psexec.A HackTools No 0 No No c:\users\marcus\desktop\programs\programs\combofix.exe[327882r2fwjfw\psexec.cfexe]
02347497 Trj/Downloader.MDW Virus/Trojan No 1 No No c:\users\marcus\downloads\norton_antivirus_2010_17.0.0.136_with_patch\nrt activation patch.rar[norton 2010 lifetime validation patch.exe]
02347497 Trj/Downloader.MDW Virus/Trojan No 1 No No c:\users\marcus\downloads\norton_antivirus_2010_17.0.0.136_with_patch.rar[nrt activation patch.rar][norton 2010 lifetime validation patch.exe]
03074964 Trj/CI.A Virus/Trojan No 0 No No c:\users\marcus\documents\downloads\celemony.melodyne.plugin.vst.rtas.v1.0.incl.keygen-air\celemony.melodyne.plugin.vst.rtas.v1.0.incl.keygen-air.rar[keygen.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\marcus\downloads\mcafee anti-virus 2010 setup + keygen\mcafee anti-virus 2010 setup.exe
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\marcus\downloads\mcafee anti-virus 2010 setup + keygen.zip[mcafee anti-virus 2010 setup.exe]
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\marcus\downloads\mcafee anti-virus 2010 setup + keygen.zip[keygen.exe]
06446440 Adware/OneStep Adware No 0 Yes No c:\program files\searchin1step\si1opt.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\magix\mm2005_deluxe\softupdate.exe
No c:\users\marcus\documents\downloads\perfect uninstaller™ v6.3.2.2\perfectuninstaller_setup.exe
No c:\users\marcus\documents\downloads\youtube flv to avi converter pro 2.1.2\youtube flv to avi converter pro 2.1.2\crack by mr.0iz0 snd\crack.exe
No c:\users\marcus\documents\downloads\youtube flv to avi converter pro 2.1.2.rar[youtube flv to avi converter pro 2.1.2\crack by mr.0iz0 snd\crack.exe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

Hi marcus89

Security Check
Please download Security Check (http://screen317.spywareinfoforum.org/SecurityCheck.exe) ... by screen317. Save it to your desktop.
Alternate download site: Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
Double click the SecurityCheck.exe icon to begin.
Press the Space Bar when you see the "press any key to continue..." message.
A Notepad results file will open automatically called checkup.txt
Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
Please copy/paste the entire contents of the checkup.txt file into your next reply.

How's the computer running now? Any problems?

Thanks peku006

The pop ups appear to have stopped now, things are running pretty smoothely thanks.

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!! (http://support.microsoft.com/kb/935791)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee Virtual Technician
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 16
Out of date Java installed!
Adobe Flash Player 10.0.12.36
Adobe Reader 9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Hi marcus89

we're almost at the finish :2thumb:

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 21.
Download the latest version of Java Runtime Environment (JRE) 6 Here (http://java.sun.com/javase/downloads/index.jsp)
Scroll down to where it says "JDK 6 Update 22 (JDK or JRE)"
Click the orange Download JRE button to the right
Select the Windows platform from the dropdown menu
Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
Click on the link to download Windows Offline Installation & save the file to your desktop
Close any programs you may have running - especially your web browser
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions
Reboot your computer once all Java components are removed
Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button
Next, click on the Delete Files button
There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
Trace and Log Files Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version: Adobe Reader 9.3
You can download it from http://www.adobe.com/products/acrobat/readstep2.html (http://www.adobe.com/products/acrobat/readstep2.html)
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed Uncheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Adobe 9 is a large program and if you prefer a smaller program you can get Foxit 3 instead from Foxit Software (http://mirrors.foxitsoftware.com/pub/foxit/reader/desktop/win/3.x/3.1/enu/FoxitReader31_enu_Setup.exe)
Note: Do not install anything dealing with AskBar... presented as an installation option.

New versions of Java and Acrobat reader have been installed and my computer appears to be running fine.

:thanks: for your help.

Hi marcus89

Your log now appears to be clean. Congratulations! :yahoo:

To remove all of the tools we used and the files and folders they created do the following:

Delete CKScanner and SecurityCheck from your desktop.

Download OTC (http://oldtimer.geekstogo.com/OTC.exe) by Old Timer and save it to your Desktop.

Double-click OTC.exe
Click the CleanUp! button
Select Yes when the Begin cleanup Process? Prompt appears
If you are prompted to Reboot during the cleanup, select Yes
The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

This is a good time to clear your existing system restore points and establish a new clean restore point:

Turn off System Restore-Vista

Click the Vista/Start icon.
Right Click >> Computer
Click Properties.
Click the System Protection tab.
Uncheck All drives
Click Turn Off System Restore at the prompt then click Apply.
Restart your computer.

Turn ON System Restore-Vista

Click the Vista/Start icon
Right Click >> Computer
Click Properties.
Click the System Protection tab.
Checkmark All drives that were selected previously then click Apply.

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com

Here are some things that I think are worth having a look at if you don't already know a bout them:.

Spybot Search and Destroy
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)

SpyWare Blaster
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)

WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)

FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)

MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)

Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy safe surfing! :bigthumb:

peku006

Hi, just posting to let you know I read through your last post carefully and have no further questions at this point.

Thanks again.

As this issue appears to be resolved, this topic is now closed

We are pleased to have been some help in getting you clean.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)