fanno

Have read and followed first steps...no luck..Have scanned my system with Ad-ware but no help...Norton keeps picking up "viruses" and deleting them..something seems to be really wrong with my system.. Need help removing malicious spyware...&^%$ Amenea ..my hijack this file is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 8:23:37 PM, on 23/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Norton AntiVirus\NAVW32.EXE
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Programs\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mywinnipeg.com/
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Tango] F:\Release\..\Setup.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlom.dll,startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

tetonbob

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

---------------------------------------------------------------------------------------------

Please do this:

1. Download ComboScan to your Desktop. Note: You must be logged onto an account with administrator privileges.
2. Close all applications and windows.
3. Double-click on comboscan.exe to run it, and follow the prompts.
4. When the scan is complete, a text file will open - ComboScan.txt
5. Copy and paste the contents of ComboScan.txt here.
6. A folder, C:\ComboScan will also open. In it will be another text file, Supplementary.txt
7. Please Attach Supplementary.txt to your post.

If the folder does not open, please navigate to it.
To attach a file to a new post, simply

1. Click the[Manage Attachments] button under Additional Options>Attach Files on the post composition page, and
2. copy and paste the following into the "Upload File from your Computer" box:
   

   C:\ComboScan\Supplementary.txt

3. Click Upload.

---------------------------------------------------------------------------------------------

__________________

** PC Safety and Security--What Do I Need? **

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

fanno

Teton Bob, Thanks for your help!! The info you requested is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 10:18:02 AM, on 03/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Documents and Settings\Steph\Local Settings\Temporary Internet Files\Content.IE5\2PT2ZYXW\comboscan[1].exe
E:\Programs\Steph.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mywinnipeg.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2182DC93-897E-4C36-AFB9-DE1ADBD385D4} - C:\WINDOWS\system32\mllmm.dll
O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\mljghec.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\dtsdkfxf.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Tango] F:\Release\..\Setup.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlom.dll,startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: mljghec - C:\WINDOWS\SYSTEM32\mljghec.dll
O20 - Winlogon Notify: mllmm - C:\WINDOWS\system32\mllmm.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSSQLServerADHelper - Unknown owner - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - "C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3S ADM8511 (ADMtek ADM8511/AN986 USB To Fast Ethernet Converter) - C:\WINDOWS\system32\drivers\ADM8511.SYS
1R AFS2K - C:\WINDOWS\system32\drivers\AFS2K.SYS
3R ALABULKO (OLYMPUS USB Media Adapter device driver) - C:\WINDOWS\system32\drivers\ALABLK2O.SYS
1R AmdK7 (AMD K7 Processor Driver) - C:\WINDOWS\system32\drivers\amdk7.sys
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\CCDECODE.sys
1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
3S ENETHUSB (Speedstream Ethernet USB Adapter) - C:\WINDOWS\system32\drivers\enethusb.sys
3R EraserUtilRebootDrv - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
3R HPZid412 (IEEE-1284.4 Driver HPZid412) - C:\WINDOWS\system32\drivers\hpzid412.sys
3R HPZipr12 (Print Class Driver for IEEE-1284.4 HPZipr12) - C:\WINDOWS\system32\drivers\HPZipr12.sys
3R HPZius12 (USB to IEEE-1284.4 Translation Driver HPZius12) - C:\WINDOWS\system32\drivers\HPZius12.sys
3S L2XPSR - F:\Release\L2XPSR.SYS (not found)
3R LVUSBSta (Logitech USB Monitor Filter) - C:\WINDOWS\system32\drivers\LVUSBSta.sys
2R MASPINT - C:\WINDOWS\system32\drivers\MASPINT.SYS
3R MODEMCSA (Unimodem Streaming Filter Device) - C:\WINDOWS\system32\drivers\MODEMCSA.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\MSTEE.sys
3R Mtlmnt5 - C:\WINDOWS\system32\drivers\mtlmnt5.sys
3S Mtlstrm - C:\WINDOWS\system32\drivers\mtlstrm.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\NABTSFEC.sys
3R NAVENG - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070227.035\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070227.035\NAVEX15.SYS
2R Nbf (NetBEUI Protocol) - C:\WINDOWS\system32\drivers\NBF.SYS
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\NdisIP.sys
3S NtMtlFax - C:\WINDOWS\system32\drivers\ntmtlfax.sys
3R nv - C:\WINDOWS\system32\drivers\nv4_mini.sys
3R nvax (Service for NVIDIA(R) nForce(TM) Audio Enumerator) - C:\WINDOWS\system32\drivers\nvax.sys
3R NVENET (NVIDIA nForce MCP Networking Controller Driver) - C:\WINDOWS\system32\drivers\NVENET.sys
3R nvnforce (Service for NVIDIA(R) nForce(TM) Audio) - C:\WINDOWS\system32\drivers\nvapu.sys
3R PhilCam8116_XP (Logitech QuickCam Pro 3000(PID_08B1)) - C:\WINDOWS\system32\drivers\CamDrL20.sys
3R SAVRT - C:\Program Files\Norton AntiVirus\savrt.sys
1R SAVRTPEL - C:\Program Files\Norton AntiVirus\Savrtpel.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\SLIP.sys
3R Slntamr (SmartLink AMR_PCI Driver) - C:\WINDOWS\system32\drivers\slntamr.sys
3S SlNtHal - C:\WINDOWS\system32\drivers\slnthal.sys
3R SlWdmSup - C:\WINDOWS\system32\drivers\slwdmsup.sys
1R SPBBCDrv - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\StreamIP.sys
3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - C:\WINDOWS\system32\drivers\SYMEVENT.SYS
3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
3R SYMIDSCO - C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20070222.002\SymIDSCo.sys
2R symlcbrd - C:\WINDOWS\system32\drivers\symlcbrd.sys
3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3R usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys
3R usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Microsoft USB Open Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbohci.sys
3R usbprint (Microsoft USB PRINTER Class) - C:\WINDOWS\system32\drivers\usbprint.sys
3R usbscan (USB Scanner Driver) - C:\WINDOWS\system32\drivers\usbscan.sys
3R USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3S usbvideo (USB Video Device (WDM)) - C:\WINDOWS\system32\drivers\usbvideo.sys
3S V90drv - C:\WINDOWS\system32\drivers\v90drv.sys
4S WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\WSTCODEC.SYS


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3S Adobe LM Service - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
3S AdobeVersionCue - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
3S ccPwdSvc (Symantec Password Validation) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
2R ccPxySvc (Symantec Proxy Service) - C:\Program Files\Norton Internet Security\ccPxySvc.exe
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
2R Diskeeper - C:\Program Files\Executive Software\Diskeeper\DkService.exe
2S Fax - C:\WINDOWS\system32\fxssvc.exe
3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
3S MSSQLServerADHelper - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
2R navapsvc (Norton AntiVirus Auto-Protect Service) - "C:\Program Files\Norton AntiVirus\navapsvc.exe"
2R NISUM (Norton Internet Security Accounts Manager) - C:\Program Files\Norton Internet Security\NISUM.EXE
2S NPFMntor (Norton AntiVirus Firewall Monitor Service) - "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"
3R NSCService (Norton Protection Center Service) - "C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE"
2R NVSvc (NVIDIA Display Driver Service) - C:\WINDOWS\System32\nvsvc32.exe
3R Pml Driver HPZ12 - C:\WINDOWS\System32\HPZipm12.exe
3S SAVScan (Symantec AVScan) - "C:\Program Files\Norton AntiVirus\SAVScan.exe"
2R SLService (SmartLinkService) - slserv.exe
3S SNDSrvc (Symantec Network Drivers Service) - "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
2R SPBBCSvc - "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"
2R Symantec Core LC - "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
2R SymWSC (SymWMI Service) - "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe"


-- Scheduled Tasks --------------------------------------------------------------

2007-04-20 20:25:56 530 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Steph.job<NORTON~1.JOB>
2007-03-03 10:15:00 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job<SYMANT~1.JOB>
2004-06-27 20:03:34 342 --a------ C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1080439735.job<FRUTAS~1.JOB>


-- Files created between 2007-02-03 and 2007-03-03 ------------------------------

2007-04-20 20:11:55 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-03-03 09:57:38 48660 --a------ C:\WINDOWS\system32\dtsdkfxf.dll
2007-03-03 09:50:25 748865 ---hs---- C:\WINDOWS\system32\mmllm.bak2<MMLLM~2.BAK>
2007-02-27 22:50:56 751606 ---hs---- C:\WINDOWS\system32\mmllm.ini2<MMLLM~1.INI>
2007-02-27 08:51:29 730932 ---hs---- C:\WINDOWS\system32\mmllm.bak1<MMLLM~1.BAK>
2007-02-27 08:50:35 281652 ---hs---- C:\WINDOWS\system32\mllmm.dll
2007-02-26 22:19:40 733261 ---hs---- C:\WINDOWS\system32\ghkmp.ini2<GHKMP~1.INI>
2007-02-26 22:13:37 730984 ---hs---- C:\WINDOWS\system32\ghkmp.bak1<GHKMP~1.BAK>
2007-02-24 23:58:06 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-02-24 22:45:02 0 d-------- C:\Program Files\Common Files\PC Tools<PCTOOL~1>
2007-02-24 22:44:35 626688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-02-24 22:17:33 0 d-------- C:\Program Files\Common Files\scosoft.com
2007-02-24 22:17:32 0 d-------- C:\Program Files\Scorpio Software<SCORPI~1>
2007-02-24 21:29:10 756514 ---hs---- C:\WINDOWS\system32\ijkmp.ini2<IJKMP~1.INI>
2007-02-20 23:08:33 738710 ---hs---- C:\WINDOWS\system32\ijkmp.bak2<IJKMP~2.BAK>
2007-02-17 21:45:46 739112 ---hs---- C:\WINDOWS\system32\ijkmp.bak1<IJKMP~1.BAK>
2007-02-17 21:39:06 26637 ---hs---- C:\WINDOWS\system32\mljghec.dll


-- Find3M Report ----------------------------------------------------------------

2007-04-20 20:22:23 0 d-------- C:\Documents and Settings\Steph\Application Data\Symantec
2007-03-03 09:47:43 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-20 23:08:07 0 d-------- C:\Program Files\Norton AntiVirus<NORTON~1>
2007-02-17 21:32:41 0 d-------- C:\Program Files\Symantec
2007-02-17 21:32:39 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-01-29 02:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-12 23:19:27 0 d---s---- C:\Documents and Settings\Steph\Application Data\Microsoft<MICROS~1>
2007-01-12 10:51:53 0 d-------- C:\Documents and Settings\Steph\Application Data\AdobeUM
2007-01-05 14:35:45 0 d-------- C:\Documents and Settings\Steph\Application Data\Ahead
2006-12-19 15:52:18 134656 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 12:16:47 333824 --a------ C:\WINDOWS\system32\wiaservc.dll
2006-12-07 17:02:24 2174976 --a------ C:\WINDOWS\system32\wmvcore.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Tango"="F:\\Release\\..\\Setup.exe"
"SunServer"="C:\\Program Files\\Sunbelt Software\\CounterSpy\\Consumer\\sunserver.exe"
"CTDrive"="rundll32.exe C:\\WINDOWS\\system32\\drvlom.dll,startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{58FF7395-B48F-41CB-A20C-2FFA2A049EB2}"=""
"{076394AD-7FDD-44EF-A075-32C68DBAB99B}"=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=dword:00000001

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljghec
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllmm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of ComboScan: finished at 2007-03-03 at 10:19:25 -------------------------
ComboScan v20070226.18 run by Steph on 2007-03-03 at 10:17:07
Supplementary logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information -----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 2600+
Percentage of Memory in Use: 86%
Physical Memory (total/avail): 247.48 MiB / 32.38 MiB
Pagefile Memory (total/avail): 701.52 MiB / 142.07 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1991.23 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.53 GiB total, 8.83 GiB free.
D: is Fixed (NTFS) - 24.42 GiB total, 16.03 GiB free.
E: is Fixed (NTFS) - 30.57 GiB total, 30.21 GiB free.
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (FAT)
I: is Removable (No Media)


-- Security Center --------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton Internet Security v2003 (Symantec Corporation)
AV: Norton AntiVirus 2006 v2005 (Symantec Corporation)


-- Environment Variables --------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Steph\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=GLOBAL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Steph
LOGONSERVER=\\GLOBAL
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\Program Files\eDrawings2003\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Executive Software\Diskeeper\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Steph\LOCALS~1\Temp
TMP=C:\DOCUME~1\Steph\LOCALS~1\Temp
USERDOMAIN=GLOBAL
USERNAME=Steph
USERPROFILE=C:\Documents and Settings\Steph
windir=C:\WINDOWS


-- User Profiles ----------------------------------------------------------------

Steph (admin)
Judy (admin)


-- Add/Remove Programs ----------------------------------------------------------

--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
--> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01958032-9877-4118-B87F-9EFA74B3F15F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3E4251D-8364-4698-B0E0-A7C799384403}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
56Kbps Internal Modem --> C:\WINDOWS\Modio\SLAMRNTV\slclean.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Acrobat 6.0.1 Professional --> MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Acrobat and Reader 6.0.3 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
Adobe Acrobat and Reader 6.0.4 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
Adobe Acrobat and Reader 6.0.5 Update --> MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000605}
Adobe Atmosphere Player for Acrobat and Adobe Reader --> C:\WINDOWS\atmoUn.exe
Adobe Creative Suite --> C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
All Purpose Mortgage Calculator --> C:\PROGRA~1\Baarns\AllMort\UNWISE.EXE C:\PROGRA~1\Baarns\AllMort\INSTALL.LOG
ArcSoft Camera Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD708DF0-9F04-4CB3-821A-85804A833B4D}\setup.exe" -l0x9 -uninst
Bi-Weekly Mortgage Calculator --> C:\PROGRA~1\Baarns\BiWeek\UNWISE.EXE C:\PROGRA~1\Baarns\BiWeek\INSTALL.LOG
BitTorrent 4.0.4 --> "C:\Program Files\BitTorrent\uninstall.exe"
Canon Camera Window for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{A29EA741-24F7-4C07-9B2C-06CB6491BE4A}
Canon PhotoRecord --> MsiExec.exe /X{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}
Canon PowerShot S45 WIA Driver --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{938DB54D-B302-4594-A782-32219F1734AB}
Canon RAW Image Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FAF0DAD8-1EA7-4FEF-80E5-8D8D6EBD5A23}
Canon RemoteCapture Task for ZoomBrowser EX --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F0FC315A-7D1D-444F-BB96-A59B28179626}
Canon Utilities PhotoStitch 3.1 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C05E2D43-A05F-4835-A15C-CD0AD1576506}
Canon Utilities ZoomBrowser EX --> MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
ccCommon --> MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CmdHere Powertoy For Windows XP --> MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Diskeeper Professional Edition --> MsiExec.exe /X{AA67205C-3E80-4062-9198-253A059DEE38}
eDrawings 2003 --> MsiExec.exe /I{1E66149C-A319-46B4-9F38-9D13554EE7D2}
Efficient Networks SpeedStream DSL --> C:\Program Files\Efficient Networks\SpeedStream DSL\setup.exe -uninstall
FinePixViewer Ver.4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
HijackThis 1.99.1 --> E:\Programs\HijackThis.exe /uninstall
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet --> C:\Program Files\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\enu\hposcr01.exe -forcereboot -datfile hposcr01.dat
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet --> MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2}
HP Photo and Imaging 1.0 - HP PSC - HP OfficeJet Drivers --> MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052}
hp psc 2200 series --> rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series
ImageMixer VCD2 for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe"
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
iPIX ActiveX Viewer --> C:\WINDOWS\ipUninst.exe C:\WINDOWS\Unwise.exe /a C:\WINDOWS\occache\IPIXActX.log, Uninstall iPIX ActiveX Viewer
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Kazaa Lite K++ v2.4.1 --> "C:\Program Files\Kazaa Lite K++\unins000.exe"
Kodak DIGITAL ROC Professional Plug-In 1.0 --> MsiExec.exe /I{5DF371FD-CE63-4FD0-A5F9-87E67FEF3BB1}
LiveReg (Symantec Corporation) --> C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam --> MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}
Logitech® Camera Driver --> "C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Dreamweaver MX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft XML Parser and SDK --> MsiExec.exe /I{2AEBE10C-D819-4EBF-BC60-03BF2327D340}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600777}
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\mtbs.exe c
NAVShortcut --> MsiExec.exe /I{F325CF11-27CE-4872-8022-6E9EB27DF24F}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus 2006 --> MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus 2006 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Internet Security --> MsiExec.exe /I{AFD2C5B5-BF78-47B6-9569-755448C0D0EE}
Norton Protection Center --> MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Norton WMI Update --> MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NVIDIA Audio Driver --> C:\WINDOWS\System32\nvuAudio.exe Uninstall C:\WINDOWS\System32\NvAudio.nvu,NVIDIA Audio Driver
NVIDIA Display Driver --> C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers --> C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
OLYMPUS USB Reader/Writer --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{9DFC9A77-86B4-4139-A4CF-A5E774422D28} /l1033
QuickBooks Pro Edition 2003 --> C:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
QuickTax 2003 Platinum --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28E24092-3BAE-4D38-A57B-F830862E3A31}\setup.exe" -l0x9 -uninst
QuickTax 2004 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53337CA9-E9A4-4C59-9D1C-D980EF9BF0C2}\isetup.ex_" -l0x9 -uninst
QuickTax 2005 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8D0BC3E-67DF-48A3-ACC9-EEAA8DBFBF29}\isetup.ex_" -l0x9 -uninst
QuickTax 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAFDA89B-1031-4BDB-8619-DE20CBDEDF32}\isetup.ex_" -l0x9 -uninst
QuickTax Tracker --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{DD23D588-92ED-4954-BDF3-12696F83C71E} anything
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Readiris 7.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x9
Remove Startup Programs Buddy 2.2 --> "C:\Program Files\Scorpio Software\Remove Startup Programs Buddy\unins000.exe"
Retirement Income Planner --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C90BAF4-B0BF-41B6-B482-B7E3FFCD72E0}\Setup.exe" -l0x9
SANYO Camera --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\TWAIN_32\SANYO\DeIsL1.isu
SolidWorks 2003 --> RunDll32 C:\PROGRA~1\SOLIDW~1\setup\i386\swuninst.dll,UninstInitViaRunDll32 /sw_dt:"SolidWorks" /sw_it:"Individual" /sw_ld:"C:\Program Files\SolidWorks" /sw_pg:"{606D713B-B60C-11D6-A47A-00B0D03E4223}"
SolidWorks 2003 Toolbox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{606D713D-B60C-11D6-A47A-00B0D03E4223}\setup.exe" -uninst
SPBBC --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Sunbelt CounterSpy --> MsiExec.exe /I{0AD5AD99-6172-4385-8765-385FBE3A1013}
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec WinFax PRO 10.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Symantec\WinFax\WFXUNIST.ISU" -c"C:\Program Files\Symantec\WinFax\UNINSTUB.DLL"
T4 Internet - T4 par Internet 5.0 --> "C:\Program Files\T4_Internet _T4_ par_Internet_5.0\UninstallerData\Uninstall T4 Internet - T4 par Internet 5.0.exe"
TOD --> "C:\Program Files\TOD 012006\UninstallerData\Uninstall TOD 012006.exe"
TOD 072006 --> C:\Program Files\TOD 072006\_uninst\uninstaller.exe
Top 100 Legal Forms --> C:\WINDOWS\uninst.exe -f"c:\program files\globalstar\t100bus\DeIsL1.isu" -c"c:\program files\globalstar\t100bus\_ISREG32.DLL"
Tweak UI --> "C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
Ultralingua 4.4 --> "C:\Program Files\Ultralingua\Ultralingua 4\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordWeb --> C:\Program Files\WordWeb\uninst.exe
xp-AntiSpy (remove only) --> "C:\Program Files\xp-AntiSpy\uninstall.exe"


-- End of ComboScan: finished at 2007-03-03 at 10:19:25 -------------------------

I hope you can help...my system has become very slow and I keep getting these annoying pop ups despite my pop up blocker.... adware doesn't help, counter spy doesn't help...You are my last hope before I wipe the hard drive clean and start over!

tetonbob

I can help, but I thought I had lost you, as it's been near a week. The longer this system remains infected and connected to the internet, the harder it will become to clean.

That said, we should be able to get you running well again.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please download VundoFix.exe to your desktop

• Double-click VundoFix.exe to run it.
• Click the Scan for Vundo button.
• Once it's done scanning, click the Remove Vundo button.
• You will receive a prompt asking if you want to remove the files, click YES
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will reboot your computer, click OK.
• Please post the contents of C:\vundofix.txt at the end of this fix

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

---------------------------------------------------------------------------------------------


Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

O2 - BHO: (no name) - {2182DC93-897E-4C36-AFB9-DE1ADBD385D4} - C:\WINDOWS\system32\mllmm.dll
O2 - BHO: (no name) - {58FF7395-B48F-41CB-A20C-2FFA2A049EB2} - C:\WINDOWS\system32\mljghec.dll
O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\dtsdkfxf.dll
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlom.dll,startup
O20 - Winlogon Notify: mljghec - C:\WINDOWS\SYSTEM32\mljghec.dll
O20 - Winlogon Notify: mllmm - C:\WINDOWS\system32\mllmm.dll


Close HijackThis now.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

---------------------------------------------------------------------------------------------


Delete the following if they exist (many may not):

C:\WINDOWS\system32\drvlom.dll
C:\WINDOWS\system32\dtsdkfxf.dll
C:\WINDOWS\system32\ghkmp.bak1
C:\WINDOWS\system32\ghkmp.ini2
C:\WINDOWS\system32\ijkmp.bak1
C:\WINDOWS\system32\ijkmp.bak2
C:\WINDOWS\system32\ijkmp.ini2
C:\WINDOWS\system32\mljghec.dll
C:\WINDOWS\system32\mllmm.dll
C:\WINDOWS\system32\mmllm.bak1
C:\WINDOWS\system32\mmllm.bak2
C:\WINDOWS\system32\mmllm.ini2

---------------------------------------------------------------------------------------------

You should be clear enough of popups to perform these next steps.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Check the box that says: "Accept License Agreement".
• The page will refresh.
• Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6-windowsi586-p.exe to install the newest version.

• After the install is complete, go back into the Control Panel and double-click the Java Icon.
• Under Temporary Internet Files, click the Delete Files button.
• There are three options in the window to clear the cache - Leave ALL 3 Checked
  • Downloaded Applets
  • Downloaded Applications
  • Other Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------


Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

• Install AVG Anti Spyware
• Double-click the icon on Desktop to launch AVG
• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

---------------------------------------------------------------------------------------------

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

• We'll use this later.
  
  ---------------------------------------------------------------------------------------------
  
  Copy and paste the following into Notepad (don't forget to copy and paste REGEDIT4):
  
  
  Quote:

  REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{58FF7395-B48F-41CB-A20C-2FFA2A049EB2}"=-

  Save the file as "delete.reg". Make sure to save it with the quotes. It should look like this:
  
  Close Notepad.
  
  Double click on the delete.reg file and choose Yes to merge/add it to the registry. You may delete the file afterwards.
  
  ---------------------------------------------------------------------------------------------
  
  Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.
  
  ---------------------------------------------------------------------------------------------
  
  
  Double-click ATF-Cleaner.exe to run the program.
  Under Main choose: Select All
  Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
  Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------


Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click smitfraudfix.exe to start the tool.
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

---------------------------------------------------------------------------------------------

Run ComboScan once again. Post it's log here.

---------------------------------------------------------------------------------------------

Please return with logs from:

C:\VundoFix.txt
AVG Anti-Spyware
Panda
C:\rapport.txt
ComboScan.txt

__________________

** PC Safety and Security--What Do I Need? **

Proud Member of ASAP since 2005
Proud Member of UNITE since 2006