I get redirected any time I use a search engine

Status
Not open for further replies.
C

cavaliermarc

New member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:46:00 PM, on 3/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Micro Innovations\Wireless Keyboard\KbdAp32A.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Micro Innovations\Wireless Keyboard\KbdAp32A.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{188BA0EB-1DED-49FD-9A15-6C7E23508A09}: NameServer = 85.255.112.188,85.255.112.167
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.188,85.255.112.167
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.188,85.255.112.167
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 6210 bytes
 
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Pinned (sticky) to the top of this forum, and posted above are the directions, make sure you have read and followed them.

85.255.112.188 <<< here is a look at the Ukrainian criminals who are redirecting you.
http://whois.domaintools.com/85.255.112.188

We will start with MBAM and see how it goes.

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) Download Malwarebytes' Anti-Malware to your Desktop
http://www.malwarebytes.org/

http://www.besttechie.net/mbam/mbam-setup.exe <<< download

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
* Please post contents of that file & a new HJT log in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Tutorial if needed:
http://www.techsupportteam.org/forum/tutorials/2282-malwarebytes-anti-malware-mbam.html

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks
 
I downloaded the malware program and installed, but when I run it nothing happens. I also just noticed that I can not update my AVG free, could what ever is affecting my computer be stopping me from running these programs? And thank you for helping me.
 
First delete anything you how downloaded so far, since it is not installed, right click and choose delete.

Try renaming the .exe before you save it to the Desktop, like this.

1) http://www.besttechie.net/mbam/mbam-setup.exe <<< click the link

2) Choose "Save this file now"

3) Make sure "Save in" says Desktop

4) File name: Change that to mbam-setup.cavaliermarc.exe

5) Click save

6) Follow the instructions posted earlier.

Thanks
 
I did as you said, it goes through the installation, puts an icon on my desktop and shows up in add remove programs to uninstall. It just doesn't do any thing when i click to run it, I even opened task manager to see if it starts and then closes, but nothing happens.
 
OK, we will try another program first. You must understand, if you can not run the tools we need to use, I very likely not be able to help you. You should also realize reformat is also an option.
http://spyware-free.us/tutorials/reformat/
http://www.cyberwalker.net/faqs/how-tos/reinstall-faq.html
http://helpdesk.its.uiowa.edu/windows/instructions/reformat.htm


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from here:

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Thanks
 
ComboFix 09-03-15.01 - kc 2009-03-18 15:36:39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1358 [GMT -6:00]
Running from: c:\documents and settings\kc\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
* Created a new restore point
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\recycler\S-2-5-39-100027701-100010435-100027552-1774.com
c:\windows\system32\drivers\gaopdxapkibpnosdoymuvohomqptbqgxlhyirj.sys
c:\windows\system32\drivers\gaopdxqucvaieanlgcrvobuhrcfudtdhnbbwkt.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxdydehnkttltkdswqugylkxwhrjgyodyq.dll
D:\Autorun.inf
d:\recycler\S-2-5-39-100027701-100010435-100027552-1774.com
d:\recycler\S-9-2-37-100029590-100006660-100007661-1008.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 )))))))))))))))))))))))))))))))
.

2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-18 15:11 . 2009-03-18 15:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-18 15:11 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-18 15:11 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-17 17:44 . 2009-03-17 17:44 <DIR> d-------- c:\program files\ERUNT
2009-03-17 16:51 . 2009-03-17 17:02 <DIR> d-------- c:\documents and settings\kc\Application Data\W Photo Studio
2009-03-17 16:50 . 2009-03-17 16:50 <DIR> d-------- c:\program files\Walgreens
2009-03-17 16:50 . 2009-03-17 16:50 <DIR> d-------- c:\program files\Common Files\HP
2009-03-17 16:50 . 2009-03-17 16:50 <DIR> d-------- c:\documents and settings\kc\Application Data\Walgreens
2009-03-17 16:50 . 2009-03-17 16:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\Walgreens
2009-03-17 11:24 . 2009-03-17 11:24 <DIR> d-------- c:\program files\Safari
2009-03-16 21:43 . 2009-03-16 21:43 29 --a------ c:\windows\DEBUGSM.INI
2009-03-16 21:38 . 2009-03-16 21:40 <DIR> d-------- c:\program files\EPSON
2009-03-16 21:38 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-03-16 21:38 . 1999-06-15 11:31 96,768 --a------ c:\windows\SlantAdj.dll
2009-03-16 21:38 . 1999-12-07 02:03 73,216 --a------ c:\windows\ADE.DLL
2009-03-16 21:38 . 1999-04-27 00:17 3,136 --a------ c:\windows\Ade001.bin
2009-03-16 21:38 . 2001-03-18 15:16 1,571 --a------ c:\windows\Faxcpp1.ini
2009-03-16 21:38 . 2001-03-18 15:16 422 --a------ c:\windows\Faxcpp.ini
2009-03-16 21:38 . 1999-08-09 23:50 72 --a------ c:\windows\system32\epDPE.ini
2009-03-16 21:36 . 2009-03-16 21:41 219 --a------ c:\windows\EPSON 1250 Installer.ini
2009-03-15 17:54 . 2009-03-15 17:54 <DIR> d-------- c:\documents and settings\Games\Application Data\Sunbelt
2009-03-13 23:44 . 2009-03-13 23:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sunbelt
2009-03-13 23:19 . 2009-03-13 23:19 <DIR> d-------- c:\program files\Trend Micro
2009-03-11 14:37 . 2009-01-18 15:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-11 12:28 . 2009-03-11 12:28 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-11 12:28 . 2009-01-18 15:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-11 12:27 . 2009-03-11 12:27 <DIR> d-------- c:\program files\Lavasoft
2009-03-11 12:27 . 2009-03-11 12:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-11 12:14 . 2009-03-17 14:26 36 -r-h----- c:\windows\sued.dat
2009-03-10 20:10 . 2009-03-10 20:10 <DIR> d-------- c:\documents and settings\kc\Application Data\HDRsoft
2009-03-10 19:27 . 2009-03-16 22:28 6,656 --a------ C:\palm.grf
2009-03-10 19:26 . 2009-03-10 19:26 <DIR> d-------- c:\program files\PhotomatixPro3
2009-03-10 16:58 . 2009-03-11 17:22 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-09 16:17 . 2009-03-09 16:17 <DIR> d-------- c:\documents and settings\Games\Application Data\MySpace
2009-03-09 14:29 . 2009-03-09 14:29 667,914 --a------ c:\windows\unins000.exe
2009-03-09 14:29 . 2009-03-09 14:29 883 --a------ c:\windows\unins000.dat
2009-03-09 13:58 . 2009-03-09 13:58 <DIR> d-------- c:\documents and settings\kc\Application Data\MySpace
2009-03-08 19:19 . 2009-03-08 19:20 <DIR> d-------- c:\program files\Any Video Converter
2009-03-08 19:19 . 2009-03-09 11:04 <DIR> d-------- c:\documents and settings\kc\Application Data\Any Video Converter
2009-03-08 19:01 . 2009-03-08 19:01 <DIR> d-------- c:\documents and settings\kc\Application Data\dvdcss
2009-03-08 19:00 . 2007-09-17 03:34 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2009-03-08 19:00 . 2007-09-17 03:34 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-03-08 18:38 . 2009-03-08 18:38 <DIR> d-------- c:\program files\Red Kawa
2009-03-08 18:38 . 2009-03-08 18:38 <DIR> d-------- c:\program files\AviSynth 2.5
2009-03-07 23:33 . 2009-03-07 23:33 <DIR> d-------- c:\program files\Illustrate
2009-03-07 23:33 . 2009-03-07 23:33 167,936 --a------ c:\windows\system32\SpoonUninstall.exe
2009-03-07 23:33 . 2009-03-07 23:32 27,958 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.bmp
2009-03-07 23:33 . 2009-03-07 23:33 17,871 --a------ c:\windows\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2009-03-07 19:19 . 2009-03-07 19:19 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-07 19:19 . 2009-03-07 19:19 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-07 19:18 . 2009-03-10 19:46 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-07 19:18 . 2009-03-07 19:18 <DIR> d-------- c:\program files\AVG
2009-03-07 19:18 . 2009-03-07 19:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-07 19:18 . 2009-03-07 19:18 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-03 13:47 . 2009-03-11 16:34 <DIR> d-------- c:\program files\Incomplete
2009-03-02 09:42 . 2009-03-02 09:42 <DIR> d-------- c:\windows\.jagex_cache_32
2009-03-02 09:42 . 2009-03-02 09:44 34 --a------ c:\documents and settings\kc\jagex_runescape_preferences.dat
2009-02-27 12:42 . 2009-02-27 12:42 <DIR> d-------- c:\documents and settings\Games\Application Data\HotSync
2009-02-26 11:42 . 2009-02-26 11:42 <DIR> d-------- c:\program files\Microsoft Silverlight
2009-02-25 13:06 . 2009-02-25 13:06 <DIR> d-------- c:\windows\system32\IOSUBSYS
2009-02-25 11:58 . 2009-02-25 11:58 <DIR> d-------- c:\program files\Common Files\Crystal Decisions
2009-02-25 11:57 . 2009-02-25 11:57 <DIR> d-------- c:\program files\Common Files\Nova Development
2009-02-25 11:56 . 2009-02-25 11:56 <DIR> d-------- c:\program files\Ideasoft
2009-02-25 11:35 . 2009-02-25 11:35 <DIR> d-------- c:\documents and settings\kc\Application Data\Canon
2009-02-25 11:32 . 2009-02-25 11:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\CanonIJPLM
2009-02-25 11:20 . 2009-02-25 11:20 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2009-02-25 11:20 . 2009-02-25 11:20 <DIR> d--h----- c:\program files\CanonBJ
2009-02-25 11:20 . 2007-10-21 23:00 223,744 --a------ c:\windows\system32\CNMLM97.DLL
2009-02-25 11:19 . 2009-02-25 11:32 <DIR> d-------- c:\program files\Canon
2009-02-24 13:34 . 2007-12-04 18:10 16,640 -ra------ c:\windows\system32\drivers\PalmUSBD.sys
2009-02-24 13:33 . 2009-02-24 13:33 <DIR> d-------- c:\documents and settings\kc\Application Data\Arcsoft
2009-02-24 13:32 . 2009-02-24 13:32 <DIR> d-------- c:\documents and settings\kc\Application Data\HotSync
2009-02-24 13:32 . 2009-02-24 13:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\HotSync
2009-02-24 13:31 . 2009-02-24 13:33 <DIR> d-------- c:\program files\Palm
2009-02-20 11:12 . 2009-02-20 11:12 <DIR> d-------- c:\documents and settings\Games\Application Data\ATI
2009-02-20 11:12 . 2009-03-13 23:33 <DIR> d-------- c:\documents and settings\Games
2009-02-20 01:03 . 2009-02-20 01:04 <DIR> d-------- c:\program files\Vertus Play With Pictures
2009-02-20 00:29 . 2009-02-20 00:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-02-19 14:23 . 2009-02-28 03:08 23 --a------ c:\windows\BlendSettings.ini
2009-02-19 14:09 . 2009-02-19 14:09 <DIR> d-------- c:\program files\Bethesda Softworks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-18 03:38 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-03-18 03:38 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-03-17 21:33 --------- d-----w c:\program files\Common Files\Adobe
2009-03-17 03:40 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-14 06:05 --------- d-----w c:\program files\PeerGuardian2
2009-03-14 06:05 --------- d-----w c:\program files\LimeWire
2009-03-11 22:21 --------- d-----w c:\documents and settings\kc\Application Data\LimeWire
2009-03-09 19:58 --------- d-----w c:\program files\MySpace
2009-03-09 16:05 --------- d-----w c:\documents and settings\kc\Application Data\OpenOffice.org2
2009-03-09 01:00 --------- d-----w c:\documents and settings\kc\Application Data\GetRightToGo
2009-03-05 03:27 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2009-02-25 19:06 --------- d-----w c:\program files\Google
2009-02-22 07:18 --------- d-----w c:\documents and settings\kc\Application Data\.purple
2009-02-20 06:25 --------- d-----w c:\program files\ATI Technologies
2009-02-06 06:54 --------- d-----w c:\documents and settings\kc\Application Data\Apple Computer
2009-01-30 19:00 57,344 ----a-w c:\windows\system32\ASTSRV.EXE
2009-01-25 00:12 --------- d-----w c:\program files\QuickTime
2009-01-25 00:12 --------- d-----w c:\program files\iTunes
2009-01-25 00:12 --------- d-----w c:\program files\iPod
2009-01-25 00:12 --------- d-----w c:\program files\Common Files\Apple
2009-01-25 00:12 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-14 05:46 11,591,680 ----a-w c:\windows\system32\atioglxx.dll
2009-01-14 04:53 286,720 ----a-w c:\windows\system32\atiok3x2.dll
2009-01-14 04:49 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-01-14 04:47 323,584 ----a-w c:\windows\system32\ati2dvag.dll
2009-01-14 04:36 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-01-14 04:36 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-01-14 04:36 151,552 ----a-w c:\windows\system32\Oemdspif.dll
2009-01-14 04:35 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-01-14 04:35 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-01-14 04:34 598,016 ----a-w c:\windows\system32\ati2evxx.exe
2009-01-14 04:32 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-01-14 04:22 4,009,152 ----a-w c:\windows\system32\ati3duag.dll
2009-01-14 04:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2009-01-14 04:05 2,500,224 ----a-w c:\windows\system32\ativvaxx.dll
2009-01-14 03:50 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2009-01-14 03:45 401,408 ----a-w c:\windows\system32\atikvmag.dll
2009-01-14 03:44 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-01-14 03:44 110,592 ----a-w c:\windows\system32\atiadlxx.dll
2009-01-14 03:37 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2009-01-14 03:37 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalrt.dll
2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalcl.dll
2009-01-14 02:34 3,227,648 ----a-w c:\windows\system32\Amdcaldd.dll
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-09-06 14:21 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090620080907\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FLMK08KB"="c:\program files\Micro Innovations\Wireless Keyboard\KbdAp32A.exe" [2008-03-05 384512]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-07 1932568]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-01-03 1392640]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-03-20 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-07 19:19 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^kc^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\kc\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 18:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-29 18:11 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-14 04:36 77824 c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8wd"=2 (0x2)
"avg8emc"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"astcc"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-11 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-07 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-07 107912]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-07 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-07 298264]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [2007-09-06 5504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{446dd4c3-9df1-11dc-9d85-806d6172696f}]
\Shell\AutoRun\command - D:\ASUSACPI.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53095980-478f-11dd-9c2f-0015f2457aca}]
\Shell\AutoRun\command - G:\podcastready.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:34]

2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Send Image to Phone - http://www.freeringers.net/ezimage.php
FF - ProfilePath - c:\documents and settings\kc\Application Data\Mozilla\Firefox\Profiles\648zimzo.default\
FF - prefs.js: browser.search.selectedEngine - MySpace.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&skin=http%3A%2F%2Fwww.daylightmap.com%2Ftheme%2Flive_planet_n.xml
FF - prefs.js: keyword.URL - hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&type=Web&orig=IMC-FF&qry=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\Palm\PACKAG~1\NPInstal.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 15:40:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-03-18 15:42:03
ComboFix-quarantined-files.txt 2009-03-18 21:41:08

Pre-Run: 23,803,240,448 bytes free
Post-Run: 26,186,280,960 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

298 --- E O F --- 2009-02-17 07:43:09



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:44:20 PM, on 3/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Micro Innovations\Wireless Keyboard\KbdAp32A.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5164 bytes
 
That should have given you some relief, we have more to do. Please see this:

LimeWire <<< all p2p programs must be uninstalled.
File Sharing, otherwise known as Peer To Peer. (P2P)
http://forums.spybot.info/showthread.php?t=282
If your helper detects the presence of such programs on your computer he/she will ask you to remove them. Help will be withdrawn should you not agree to their removal.
Click to expand...

Please post the uninstall list I requested earlier in instuction #3.

Thanks
 
I thought I had removed Limewire, I appreciate your help so I will never install it again. I lost my XP disk along with a lot of other stuff when i moved, so you are saving my life.

Ad-Aware
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Color Common Settings
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
AI - Series
Any Video Converter 2.7.1
Apple Mobile Device Support
Apple Software Update
Aspell English Dictionary-0.50-2
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG 8.5
AviSynth 2.5
Azureus Vuze
Bejeweled 2 Deluxe 1.0
Bejeweled Deluxe 1.862
Belarc Advisor 7.2
Bonjour
Canon i350
Canon iP2600 series
Canon iP2600 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Command & Conquer The First Decade
Copy Utility
dBpowerAMP Music Converter
Diablo II
DivX 4.12 Codec
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy Image Relay v1.1
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
ERUNT 1.1j
GNU Aspell 0.50-3
GTK+ Runtime 2.12.8 rev a (remove only)
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Insaniquarium Deluxe 1.0
Insaniquarium Deluxe 1.0
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.7)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MySpaceIM
Nero 7 Demo
Nero Suite
Nikon Message Center
NVIDIA Drivers
Oblivion
OpenOffice.org 2.4
Palm Desktop by ACCESS
Photomatix Pro version 3.1.3
Picasa 3
PictureProject
PictureProject In Touch Downloader 1.0
Pidgin
PIXMA Extended Survey Program
QuickTime
Realtek AC'97 Audio
Safari
ScanToWeb
Scrapbooks Plus Workshop
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
TBS WMP Plug-in
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Vertus Play With Pictures 1.0.1
Videora iPod Converter 4.06
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
W Photo Studio
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Wireless Keyboard
Xvid 1.1.3 final uninstall
Zuma Deluxe 1.0
 
Ad-Aware
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Color Common Settings
Adobe Color Common Settings
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
AI - Series
Any Video Converter 2.7.1
Apple Mobile Device Support
Apple Software Update
Aspell English Dictionary-0.50-2
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG 8.5
AviSynth 2.5
Azureus Vuze
Bejeweled 2 Deluxe 1.0
Bejeweled Deluxe 1.862
Belarc Advisor 7.2
Bonjour
Canon i350
Canon iP2600 series
Canon iP2600 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Command & Conquer The First Decade
Copy Utility
dBpowerAMP Music Converter
Diablo II
DivX 4.12 Codec
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy Image Relay v1.1
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
ERUNT 1.1j
GNU Aspell 0.50-3
GTK+ Runtime 2.12.8 rev a (remove only)
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Insaniquarium Deluxe 1.0
Insaniquarium Deluxe 1.0
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Mozilla Firefox (3.0.7)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MySpaceIM
Nero 7 Demo
Nero Suite
Nikon Message Center
NVIDIA Drivers
Oblivion
OpenOffice.org 2.4
Palm Desktop by ACCESS
Photomatix Pro version 3.1.3
Picasa 3
PictureProject
PictureProject In Touch Downloader 1.0
Pidgin
PIXMA Extended Survey Program
QuickTime
Realtek AC'97 Audio
Safari
ScanToWeb
Scrapbooks Plus Workshop
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
TBS WMP Plug-in
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Vertus Play With Pictures 1.0.1
Videora iPod Converter 4.06
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
W Photo Studio
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Wireless Keyboard
Xvid 1.1.3 final uninstall
Zuma Deluxe 1.0
 
This can be done as time permits, but it is important, and may be why you are infected.
Uninstall list: I look for malware and security issues and will not know all of your programs, but you should.
Hackers are using out of date programs to infect folks more and more,
Here is a small free tool that lets you know when something needs an update if you are interested:
http://secunia.com/vulnerability_scanning/personal/ While PSI runs in the System Tray for realtime notifications, I personally prefer to turn it off in MSConfig and run it from All Programs when I want to do a check.

Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe recommends all users of Adobe Flash Player 10.0.12.36 and earlier versions upgrade to the newest version 10.0.22.87
http://www.adobe.com/support/security/bulletins/apsb09-01.html

Adobe Reader 8.1.2 <<< out of date and unsafe, see this:
http://news.cnet.com/8301-1009_3-10081618-83.html?tag=nl.e433
http://www.filehippo.com/download_adobe_reader/
(if you want a smaller program, look at this one)
Foxit Reader 2.3 for Windows (make sure to uncheck any toolbars)
http://www.foxitsoftware.com/pdf/rd_intro.php

Azureus Vuze <<< p2p, uninstall

J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
all out of date and unsafe, see this:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
Be aware of this information so you can opt out of anything you do not want.
Microsoft Does MSN Toolbar Distribution Deal With Java:
http://searchengineland.com/microsoft-does-msn-toolbar-distribution-deal-with-java-15413.php

Malwarebytes' Anti-Malware <<< MBAM is installed, I believe you can run it now.

Spybot S&D is not installed, I suggest you wait until all is running right, then add that tool to your security tools:
http://www.safer-networking.org/en/
http://www.safer-networking.org/en/news/2008-07-08.html
http://www.safer-networking.org/en/faq/index.html
http://www.safer-networking.org/en/tutorial/index.html


Let's see if we can run MBAM now:

1) Disable Adwatch until you are finished.
Right click on the Ad-Watch icon in the system tray.
At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both of those boxes.

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

*Cleaning Prefetch may result in a few slow starts until the folder is repopulated:
http://www.windowsnetworking.com/articles_tutorials/Gaining-Speed-Empty-Prefetch-XP.html

3) Please return to the MBAM instructions and follow them now.

Post the log from MBAM and a new HJT log. Tell me how the computer is running now.

Thanks
 
I will remove all the programs you mentioned, do I need to do that now or can I do it after you are done helping me?

Malwarebytes' Anti-Malware 1.34
Database version: 1866
Windows 5.1.2600 Service Pack 3

3/18/2009 5:42:58 PM
mbam-log-2009-03-18 (17-42-58).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 119327
Time elapsed: 1 hour(s), 12 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.188,85.255.112.167 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{188ba0eb-1ded-49fd-9a15-6c7e23508a09}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.188,85.255.112.167 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:40 PM, on 3/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Micro Innovations\Wireless Keyboard\KbdAp32A.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Micro Innovations\Wireless Keyboard\KbdAp32A.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 5518 bytes
 
Tell me how the computer is running now.
Click to expand...

Some good AVG information for you:
FAQ: http://www.avg.com/faq
AVG Free Forum: http://freeforum.avg.com/
http://russelltexas.com/tutorials/avg8install.htm


Remove combofix from the computer like this:

Click START then RUN
Now type or copy Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

CF_Cleanup.png


Clean the System Restore files like this:

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

(you may make this scan optional if you wish)
Update MBAM and scan to be sure we missed none of the junk, there is no need to post a clean scan result.
(MBAM is yours to keep if you wish, update it and run it once a month or so)

Update AVG8 and scan the system, to be sure it is running right and scanning clean.

If all is well at this point, let me know and I will close the topic.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

http://users.telenet.be/bluepatchy/miekiemoes/Links.html
http://www.microsoft.com/windows/ie/community/columns/protection.mspx
Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/protect/computer/advanced/browsing.mspx
 
Status
Not open for further replies.
Back
Top