amateur

Hi,

Thanks for the logs.

Please disable Spywareguard and Winpatrol so that they will not interfere with the fixes:

Disable SpywareGuard:
Right click the running icon of Spywareguard in the tray in the lower right corner.It will open the program. Go to Menu>file>exit. Confirm that the program is closed.

Disable WinPatrol - Right Click the 'Scotty Dog' icon in the system tray - Click Options - At the bottom of the options page, Uncheck Automatically Run WinPatrol When Computer Starts -Click the X in the upper right corner to end program. - Right Click the 'Scotty Dog' icon in the system tray again. - Click Exit Program

=========================

Scan with HijackThis and put a checkmark against the following entries:

O21 - SSODL: Xmlrtf - {7C47492A-31ED-4C14-9730-88E13C51C878} - C:\WINDOWS\system32\ipwow.dll
O22 - SharedTaskScheduler: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - (no file)

Close all other browsers and windows and click on "fix checked".

==============================

• Open notepad (Start>All programs>accessories>notepad )
• Copy the entire contents of the Quote Box below to Notepad.
• Name the file as CFScript.txt
• Change the Save as Type to All Files
• and Save it on the desktop

(It must be notepad, not wordpad, or it won't work):

Save this as CFScript.txt



Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK on the message box. A browser will open. Simply follow the instructions to copy/paste/send the requested file.

==============================

Restart the computer.

==============================

Go to Start>Control Panel>Add/Remove Programs and remove if Kaspersky online scanner is present prior to downloading the most up-to-date one.

Now run this online scan using Internet Explorer:
Kaspersky Online Scanner from http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make sure that the following are selected:
• Scan using the following Anti-Virus database:
• Standard
• Scan Options:
• Scan Archives
• Scan Mail Bases
• Click OK
• Now under select a target to scan:
• Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button:
• Save the file to your desktop in txt format.

Copy and paste that information from Kapersky in your next post.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans for no conflicts and to speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Or use Firefox with IE-Tab plugin

===============================

Please post back the Combofix.txt, Kaspersky report and a fresh HijackThis log as well as feed back on how the computer is running now.

__________________
My services are free. However, you can donate to TSF to help keep it running and prospering.
ASAP