Computer drastically slows down at random times

[vmkmailman]

I opened an attachment from an email sent by my mother and almost immediately noticed a sharp decline in computer speed. I called my mother over the phone and she said she never sent an email to me the specified date. Now, every time I leave my computer on for too long, I notice a dramatic difference in speed. It just slows down to a grinding halt and I have to restart the machine in order to get it back to normal speed. Did my mom sabotage my machine?



DDS (Ver_09-07-30.01) - NTFSx86
Run by Liming Ling at 17:08:29.59 on Wed 09/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.490 [GMT -4:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Liming Ling\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Google Update] "c:\documents and settings\liming ling\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217518860937
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-7-30 104000]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-6 99328]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-9 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-7-30 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-7-30 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-7-30 168776]
S2 bjsmjwxcgwqdhf;bjsmjwxcgwqdhf;\??\c:\windows\system32\drivers\bxwqbbximcet.sys --> c:\windows\system32\drivers\bxwqbbximcet.sys [?]
S3 dump_wmimmc;dump_wmimmc;c:\windows\system32\drivers\dump_wmimmc.sys [2008-12-9 141612]

=============== Created Last 30 ================

2009-09-02 09:51 45 a------- c:\documents and settings\liming ling\jagex_runescape_preferences2.dat
2009-09-02 09:38 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-09-02 09:36 <DIR> --d--r-- c:\program files\Skype
2009-08-31 17:13 <DIR> --d----- c:\docume~1\liming~1\applic~1\TortoiseSVN
2009-08-31 17:11 <DIR> --d----- c:\docume~1\liming~1\applic~1\Subversion
2009-08-31 17:02 <DIR> --d----- c:\program files\common files\TortoiseOverlays
2009-08-31 17:02 <DIR> --d----- c:\program files\TortoiseSVN
2009-08-31 16:56 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-20 09:52 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat
2009-08-19 21:19 <DIR> --d----- c:\windows\system32\XPSViewer
2009-08-19 21:18 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-08-19 21:18 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-19 21:18 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-19 21:18 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-08-19 21:18 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-19 21:18 117,760 -------- c:\windows\system32\prntvpt.dll
2009-08-19 21:18 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-19 21:18 <DIR> --d----- C:\6f5716a6a7ab5051bb8bf2bef6666f61
2009-08-19 15:40 <DIR> --d----- C:\.jagex_cache_32
2009-08-17 23:03 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-17 23:01 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-08-05 05:01 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll

==================== Find3M ====================

2009-09-02 15:49 37 a------- c:\documents and settings\liming ling\jagex_runescape_preferences.dat
2009-08-31 16:56 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-23 17:48 52,224 a------- c:\windows\ipuninst.exe
2009-07-19 09:33 3,597,824 -------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 -------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 05:48 219,648 a------- c:\windows\PEV.exe
2009-06-29 07:07 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-06-29 07:07 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-06-29 04:35 634,632 -------- c:\windows\system32\dllcache\iexplore.exe
2009-06-29 04:33 2,452,872 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-06-29 04:33 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-25 04:25 730,112 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 04:25 301,568 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 04:25 147,456 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 04:25 136,192 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 04:25 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-25 04:25 54,272 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-24 07:18 92,928 -------- c:\windows\system32\dllcache\ksecdd.sys
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 08:31 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 09:19 2,066,432 -------- c:\windows\system32\dllcache\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll
2008-07-30 17:34 22 a--sh--- c:\windows\sminst\HPCD.SYS
2009-01-21 20:31 2,713 ---sh--- c:\windows\system32\gopafusa.dll
2009-01-27 09:20 2,713 ---sh--- c:\windows\system32\pibovijo.dll
2009-01-18 23:05 2,713 ---sh--- c:\windows\system32\tuyigope.dll

============= FINISH: 17:09:00.17 ===============

[sjb007]

Howdy there and welcome to TSF Forums

I'm Steve and I will be helping you throughout this fix.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step. Please perform everything in the correct order/sequence.

Vista users please make sure you all run commands with administrator rights (right click icon - run as administrator)

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription

Please note that the forum is very busy and if I don't hear from you within three days from this initial posting then the thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[vmkmailman]

Hey, I'm having trouble disabling my anti-virus programs. I thought I already disabled all of them but combofix still says that I have an anti-virus program running. Could you help me please?

[sjb007]

Hi vmkmailman

For disabling your antivirus take a peek at this guide here - How to Temporarily Disable your Anti-virus

[vmkmailman]

Ok, i ran combofix and this is the log:

[sjb007]

Hi there

Close any open browsers.

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

FCopy::
c:\windows\system32\dllcache\proquota.exe|c:\windows\system32\proquota.exe

File::
c:\windows\system32\drivers\bxwqbbximcet.sys
c:\windows\system32\gopafusa.dll
c:\windows\system32\pibovijo.dll
c:\windows\system32\tuyigope.dll

Driver::
bjsmjwxcgwqdhf

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply

---------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner.

Please note that this may take some time to complete

**Vista users - right click IE/Firefox icon and run as administrator

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

This animation will guide you through the process:


**Note**

To optimize scanning time and produce a more sensible report for review:
Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. You may disconnect from the internet once you begin the scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Post back in your next reply with:

The new combofix log
The log from Kaspersky
Keep me updated on your system status

Please copy and paste all files directly into your replies as this makes it easier for analysis. Thanks

[vmkmailman]

So my computer is still infected? :(

[sjb007]

Please carry on with the fix issued until I give you the all clear. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

[vmkmailman]

Kaspersky got an error message while it was running. This is what it said:

Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program. You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Key is expired]

--------------------------------------------------------------------------

This is what the log report for ComboFix said:

ComboFix 09-09-05.03 - Liming Ling 09/06/2009 8:50.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.590 [GMT -4:00]
Running from: c:\documents and settings\Liming Ling\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Liming Ling\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\drivers\bxwqbbximcet.sys"
"c:\windows\system32\gopafusa.dll"
"c:\windows\system32\pibovijo.dll"
"c:\windows\system32\tuyigope.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\gopafusa.dll
c:\windows\system32\pibovijo.dll
c:\windows\system32\tuyigope.dll

c:\windows\system32\proquota.exe . . . is missing!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BJSMJWXCGWQDHF
-------\Service_bjsmjwxcgwqdhf


((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-02 13:51 . 2009-09-06 12:46 45 ----a-w- c:\documents and settings\Liming Ling\jagex_runescape_preferences2.dat
2009-09-02 13:38 . 2009-09-02 13:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-02 13:38 . 2009-09-06 12:15 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\skypePM
2009-09-02 13:36 . 2009-09-06 13:01 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\Skype
2009-09-02 13:36 . 2009-09-02 13:36 -------- d-----w- c:\program files\Common Files\Skype
2009-09-02 13:36 . 2009-09-02 13:36 -------- d-----r- c:\program files\Skype
2009-09-02 13:36 . 2009-09-02 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-31 21:13 . 2009-08-31 21:13 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\TortoiseSVN
2009-08-31 21:11 . 2009-08-31 21:11 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\Subversion
2009-08-31 21:06 . 2009-09-06 12:14 -------- d-----w- c:\documents and settings\Liming Ling\Local Settings\Application Data\TSVNCache
2009-08-31 21:02 . 2009-08-31 21:02 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-08-31 21:02 . 2009-08-31 21:02 -------- d-----w- c:\program files\TortoiseSVN
2009-08-20 01:19 . 2009-08-20 01:19 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-20 01:19 . 2009-08-20 01:19 -------- d-----w- c:\program files\MSBuild
2009-08-20 01:19 . 2009-08-20 01:19 -------- d-----w- c:\program files\Reference Assemblies
2009-08-20 01:18 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-20 01:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-20 01:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-20 01:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-20 01:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-20 01:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-20 01:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-20 01:18 . 2009-08-20 01:19 -------- d-----w- C:\6f5716a6a7ab5051bb8bf2bef6666f61
2009-08-19 19:40 . 2009-08-19 19:40 -------- d-----w- C:\.jagex_cache_32
2009-08-18 03:01 . 2009-08-27 21:06 -------- d-----w- c:\documents and settings\Liming Ling\Local Settings\Application Data\Temp
2009-08-18 03:01 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-06 13:17 . 2008-12-09 21:10 -------- d-----w- c:\program files\DNA
2009-09-06 13:17 . 2008-12-09 21:10 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\DNA
2009-09-06 12:46 . 2009-06-20 16:10 37 ----a-w- c:\documents and settings\Liming Ling\jagex_runescape_preferences.dat
2009-09-06 12:13 . 2009-01-13 01:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-05 20:25 . 2006-04-14 04:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-05 15:15 . 2008-07-30 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-31 20:56 . 2009-02-19 14:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-31 20:52 . 2006-04-14 03:51 -------- d-----w- c:\program files\Java
2009-08-22 04:38 . 2009-06-14 20:51 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\uTorrent
2009-08-20 01:29 . 2006-04-14 04:53 73480 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 01:28 . 2008-08-29 02:07 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-19 11:54 . 2008-08-24 00:02 -------- d-----w- c:\program files\Norton PC Checkup
2009-08-05 09:01 . 2004-08-10 15:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-23 21:48 . 2009-07-23 21:48 52224 ----a-w- c:\windows\ipuninst.exe
2009-07-23 21:47 . 2009-07-23 21:47 -------- d-----w- c:\program files\Interplay
2009-07-23 20:05 . 2009-07-23 20:05 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-22 18:49 . 2009-07-22 18:49 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-20 14:48 . 2008-12-16 04:43 -------- d-----w- c:\program files\pipi
2009-07-20 01:26 . 2009-07-20 00:41 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\U3
2009-07-17 19:01 . 2004-08-10 15:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-10 15:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-10 15:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-10 15:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-10 15:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-27 21:35 . 2009-06-27 21:35 19 ----a-w- c:\windows\popcinfo.dat
2009-06-27 02:50 . 2009-06-27 02:50 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-25 08:25 . 2004-08-10 15:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 15:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 15:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 15:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-10 15:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 15:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-10 15:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-21 16:14 . 2008-12-09 22:13 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys
2009-06-16 14:36 . 2004-08-10 15:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 15:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-10 15:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-10 15:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 15:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-10 15:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 15:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2008-07-30 21:34 . 2008-07-30 22:19 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot_2009-09-05_15.31.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-06 13:18 . 2009-09-06 13:18 16384 c:\windows\temp\Perflib_Perfdata_df0.dat
+ 2009-09-06 13:06 . 2009-09-06 13:06 16384 c:\windows\temp\Perflib_Perfdata_160.dat
+ 2009-06-20 16:09 . 2009-09-06 12:45 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
- 2009-06-20 16:09 . 2009-09-04 23:06 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-06-20 16:09 . 2009-09-06 12:45 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-06-20 16:09 . 2009-09-04 23:06 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2004-01-13 19:46 . 2004-01-13 19:46 172032 c:\windows\system32\tifmicon.dll
- 2009-06-20 16:19 . 2009-09-03 11:49 101948 c:\windows\.jagex_cache_32\loginapplet\cache--2062608270.dat
+ 2009-06-20 16:19 . 2009-09-05 19:09 101948 c:\windows\.jagex_cache_32\loginapplet\cache--2062608270.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-18 342848]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update"="c:\documents and settings\Liming Ling\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-18 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-09 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 28616]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-31 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\pipi\\jfCacheMgr.exe"=
"c:\\Program Files\\pipi\\KmLiveUpdate.exe"=
"c:\\Program Files\\pipi\\PIPIPlayer.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\Program Files\\HPQ\\shared\\HpqToaster.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/9/2009 3:11 PM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
S3 dump_wmimmc;dump_wmimmc;c:\windows\system32\drivers\dump_wmimmc.sys [12/9/2008 6:13 PM 141612]
.
Contents of the 'Scheduled Tasks' folder

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-115539996-1263777199-1257563407-1005Core.job
- c:\documents and settings\Liming Ling\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-18 03:01]

2009-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-115539996-1263777199-1257563407-1005UA.job
- c:\documents and settings\Liming Ling\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-18 03:01]

2009-09-02 c:\windows\Tasks\Norton PC Checkup Weekday Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2009-01-29 22:10]

2009-09-05 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2009-01-29 22:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 09:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????7?7?1?9??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2496)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\ati2evxx.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\progra~1\HPQ\shared\HPQTOA~1.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-09-06 9:21 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-06 13:21
ComboFix2.txt 2009-09-05 15:33
ComboFix3.txt 2009-07-23 15:40

Pre-Run: 40,567,668,736 bytes free
Post-Run: 40,521,900,032 bytes free

269 --- E O F --- 2009-09-02 03:12

[sjb007]

Hi there

I want you to create and run a batch file for me...

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Quote:

DIR /A/S/B C:\Windows\proquota.ex* >Logit.txt

Save this as search.bat Choose to "Save type as - All Files"
It should look like this:
Double click on search.bat & allow it to run

Post back with the log it provides

----------------------------------------------------------------

Lets try a different scanner, this time with ESET

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan. You can find instructions HERE.

Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
• Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
• Click Scan
• Wait for the scan to finish
• Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
• Copy and paste that log as a reply to this topic

Post back with the results of ESET and the batch file in your next reply

[vmkmailman]

Here is the log for ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=7.00.6000.16876 (vista_gdr.090625-2339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=0282db856ff0cf4e85b54b3a80beb338
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-06 10:16:19
# local_time=2009-09-06 06:16:19 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=142837
# found=1
# cleaned=0
# scan_time=4819
C:\Qoobox\Quarantine\C\WINDOWS\system32\vsfocexrssrfvc.dll.vir Win32/Olmarik.JU trojan 00000000000000000000000000000000 I

--------------------------------------------------------------------------



And this is the log for the batch file:

C:\Windows\$NtServicePackUninstall$\proquota.exe
C:\Windows\ServicePackFiles\i386\proquota.exe

[sjb007]

Hi there

Great work, almost there, how are things running now?

Close any open browsers.

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Code:

SkipFix::

FCopy::
C:\Windows\ServicePackFiles\i386\proquota.exe|c:\windows\system32\proquota.exe

Save this as CFScript.txt, in the same location as ComboFix.exe



Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[vmkmailman]

ComboFix 09-09-06.06 - Liming Ling 09/07/2009 8:31.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.666 [GMT -4:00]
Running from: c:\documents and settings\Liming Ling\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Liming Ling\Desktop\CFScript.txt
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\proquota.exe --> c:\windows\system32\proquota.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.

2009-09-07 12:31 . 2008-04-14 09:42 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-07 12:31 . 2008-04-14 09:42 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-09-06 20:51 . 2009-09-06 20:51 -------- d-----w- c:\program files\ESET
2009-09-02 13:51 . 2009-09-07 04:15 45 ----a-w- c:\documents and settings\Liming Ling\jagex_runescape_preferences2.dat
2009-09-02 13:38 . 2009-09-02 13:38 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-02 13:38 . 2009-09-07 12:25 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\skypePM
2009-09-02 13:36 . 2009-09-07 12:25 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\Skype
2009-09-02 13:36 . 2009-09-02 13:36 -------- d-----w- c:\program files\Common Files\Skype
2009-09-02 13:36 . 2009-09-02 13:36 -------- d-----r- c:\program files\Skype
2009-09-02 13:36 . 2009-09-02 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-31 21:13 . 2009-08-31 21:13 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\TortoiseSVN
2009-08-31 21:11 . 2009-08-31 21:11 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\Subversion
2009-08-31 21:06 . 2009-09-06 13:17 -------- d-----w- c:\documents and settings\Liming Ling\Local Settings\Application Data\TSVNCache
2009-08-20 01:19 . 2009-08-20 01:19 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-20 01:19 . 2009-08-20 01:19 -------- d-----w- c:\program files\MSBuild
2009-08-20 01:19 . 2009-08-20 01:19 -------- d-----w- c:\program files\Reference Assemblies
2009-08-20 01:18 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-20 01:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-20 01:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-20 01:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-20 01:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-20 01:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-20 01:18 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-20 01:18 . 2009-08-20 01:19 -------- d-----w- C:\6f5716a6a7ab5051bb8bf2bef6666f61
2009-08-19 19:40 . 2009-08-19 19:40 -------- d-----w- C:\.jagex_cache_32
2009-08-18 03:01 . 2009-08-27 21:06 -------- d-----w- c:\documents and settings\Liming Ling\Local Settings\Application Data\Temp
2009-08-18 03:01 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 12:23 . 2008-12-09 21:10 -------- d-----w- c:\program files\DNA
2009-09-07 12:23 . 2008-12-09 21:10 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\DNA
2009-09-07 04:19 . 2009-06-20 16:10 37 ----a-w- c:\documents and settings\Liming Ling\jagex_runescape_preferences.dat
2009-09-06 12:13 . 2009-01-13 01:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-05 20:25 . 2006-04-14 04:33 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-05 15:15 . 2008-07-30 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-31 20:56 . 2009-02-19 14:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-31 20:52 . 2006-04-14 03:51 -------- d-----w- c:\program files\Java
2009-08-22 04:38 . 2009-06-14 20:51 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\uTorrent
2009-08-20 01:29 . 2006-04-14 04:53 73480 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-20 01:28 . 2008-08-29 02:07 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-19 11:54 . 2008-08-24 00:02 -------- d-----w- c:\program files\Norton PC Checkup
2009-08-05 09:01 . 2004-08-10 15:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-23 21:48 . 2009-07-23 21:48 52224 ----a-w- c:\windows\ipuninst.exe
2009-07-23 21:47 . 2009-07-23 21:47 -------- d-----w- c:\program files\Interplay
2009-07-23 20:05 . 2009-07-23 20:05 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-07-22 18:49 . 2009-07-22 18:49 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-20 14:48 . 2008-12-16 04:43 -------- d-----w- c:\program files\pipi
2009-07-20 01:26 . 2009-07-20 00:41 -------- d-----w- c:\documents and settings\Liming Ling\Application Data\U3
2009-07-17 19:01 . 2004-08-10 15:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-10 15:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-10 15:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-10 15:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-10 15:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-27 21:35 . 2009-06-27 21:35 19 ----a-w- c:\windows\popcinfo.dat
2009-06-27 02:50 . 2009-06-27 02:50 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-25 08:25 . 2004-08-10 15:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 15:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 15:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 15:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-10 15:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 15:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-10 15:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-21 16:14 . 2008-12-09 22:13 141612 ----a-w- c:\windows\system32\drivers\dump_wmimmc.sys
2009-06-16 14:36 . 2004-08-10 15:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 15:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-10 15:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-10 15:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2004-08-10 15:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2004-08-10 15:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2004-08-10 15:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2008-07-30 21:34 . 2008-07-30 22:19 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot_2009-09-05_15.31.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-06-20 16:09 . 2009-09-04 23:06 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-06-20 16:09 . 2009-09-07 04:14 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
+ 2009-06-20 16:09 . 2009-09-07 04:14 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
- 2009-06-20 16:09 . 2009-09-04 23:06 81920 c:\windows\.jagex_cache_32\runescape\jaggl.dll
+ 2004-01-13 19:46 . 2004-01-13 19:46 172032 c:\windows\system32\tifmicon.dll
+ 2009-06-20 16:19 . 2009-09-07 01:33 101948 c:\windows\.jagex_cache_32\loginapplet\cache--2062608270.dat
- 2009-06-20 16:19 . 2009-09-03 11:49 101948 c:\windows\.jagex_cache_32\loginapplet\cache--2062608270.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-18 342848]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Google Update"="c:\documents and settings\Liming Ling\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-18 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-09 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 28616]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-31 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\pipi\\jfCacheMgr.exe"=
"c:\\Program Files\\pipi\\KmLiveUpdate.exe"=
"c:\\Program Files\\pipi\\PIPIPlayer.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\Program Files\\HPQ\\shared\\HpqToaster.exe"=
"c:\\WINDOWS\\system32\\drwtsn32.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/9/2009 3:11 PM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 AM 231424]
S3 dump_wmimmc;dump_wmimmc;c:\windows\system32\drivers\dump_wmimmc.sys [12/9/2008 6:13 PM 141612]
.
Contents of the 'Scheduled Tasks' folder

2009-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-115539996-1263777199-1257563407-1005Core.job
- c:\documents and settings\Liming Ling\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-18 03:01]

2009-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-115539996-1263777199-1257563407-1005UA.job
- c:\documents and settings\Liming Ling\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-18 03:01]

2009-09-02 c:\windows\Tasks\Norton PC Checkup Weekday Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2009-01-29 22:10]

2009-09-06 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2009-01-29 22:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-07 08:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(392)
c:\windows\system32\WININET.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
.
Completion time: 2009-09-07 8:34
ComboFix-quarantined-files.txt 2009-09-07 12:33
ComboFix2.txt 2009-09-06 13:21
ComboFix3.txt 2009-09-05 15:33
ComboFix4.txt 2009-07-23 15:40

Pre-Run: 41,646,567,424 bytes free
Post-Run: 41,689,550,848 bytes free

202 --- E O F --- 2009-09-02 03:12





The machine is running smoothly now. Thank you so much for all your help!

[sjb007]

Hi there

All is looking good malware wise, just a couple of items to update...

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.
There is a newer version of Adobe Acrobat Reader available.

• Please go to this link Adobe Acrobat Reader Download Link
• Click Download
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
• Click the Continue button
• Click Run, and click Run again
• Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

---------------------------------------------------------------------

You have out of date java versions installed. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Go to control panel, select add/remove programs, choose to uninstall the following items

J2SE Runtime Environment 5.0 Update 6

---------------------------------------------------------------------

I see you have Viewpoint installed. Please read this article: http://www.clickz.com/news/article.php/3561546
Unless you are using AOL as an ISP I would recommend removing it. You can download the Viewpoint killer from the link below and follow the prompts.
http://www.prprogramsstudios.us.tc//

---------------------------------------------------------------------

Now that you appear to be free from malware lets help you stay that way!

IMPORTANT

The following will uninstall combofix and implement some cleanup procedures as well as reset System Restore points:

Windows XP Users: Click Start > Select Run and copy/paste the following bolded text below into the Run box and click OK:

Windows Vista Users: Press the Windows key and r to bring up the run dialogue, copy and paste the text below into the run box and click OK:

ComboFix /u

Update windows on a regular basis - If you do not have automatic updates enabled then visit Microsoft's Update Page and update your computer from there.

Update your virus checker on a regular basis - It is no use having a virus checker with out of date definitions.
Keep an eye on your firewall. check what it wants to allow, do not simply allow everything, If there is any processes that you are unsure of then dont be afraid to ask for advice. For more information on firewalls read this article here

Safer Browsing
Use software such as Web of Trust to help you stay away from unsuspecting sites that have malicious purposes.
Use Spywareblaster to help prevent the installation of unwanted BHO's (Browser Helper Objects)

Use an alternative browser
Other browsers tend to be more secure than IE as they do not make use of active x objects, active x objects can be used by spyware as an infection point on your computer. Safer non active x browsers include Opera browser and, more recently, Firefox browser.

NB: Please note that although your browser may be more secure without active x it will not throw a ring of steel around your computer. If you purposly visit sites that are dubious in nature then infection will prevail.

Computer Maintenance
Malware can breed in temporary locations. Use a program such as ccleaner slim to clear out temporary files your computer on a regular basis.

Scan your computer regularly for malware
Scan on a regular basis to keep your computer clean, free software such as Spybot's Search & Destroy can help you stay clear. Other alternative software that runs under licience and monitors your computer continuously in the background for malware is Malwarebytes Anti-Malware (MBAM) and SUPERAntiSpyware- Please note that these products can also be run as free without a licience as a scan on demand scanner.

Secure your router
Change your routers default username and password, do not leave it at factory preset, doing so makes it easy for unauthorised access.

Encrypt your network. Set your wireless network encryption to a minimum level of WPA-PSK [TKIP]. This will help prevent any unauthorised users "piggybacking" onto your network and stealing your bandwidth which you have rightly paid for.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preveting malware, and how to stay safe whilst browsing the internet.

-> So How Did I Get Infected In First Place - By TonyKlein
-> How to prevent Malware - By miekiemoes
-> I'm not pulling your leg, honest - By Sandi Hardmeie

**Kindly respond one more time and let me know if we may consider this thread resolved.

[vmkmailman]

Yes, the issue is fully resolved thanks to your help. So did my mom's email infect my computer? Why would she do something like that?

[sjb007]

Howdy there

Quote:

Why would she do something like that?

To be honest it is doubtful that your mum did, it is more like that her address has been spoofed by someone else in order to send the email. For more information on email address spoofing read this article here - E-mail spoofing

As this issue now appears to be resolved I am closing this topic. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here.

Good luck and happy safe surfin'