[Shifty13]

everytime I boot up my computer I get a dialog box on my desktop that is title ApcMAIN and inside the box it says please re-install Performance Center, I have read afew past post and followed directions as to ask you guys for help. so hopefully you guys could give me a hand

Deckard's System Scanner v20071014.68
Run by Yerby on 2008-05-24 01:33:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
83: 2008-05-24 05:34:19 UTC - RP582 - Deckard's System Scanner Restore Point
82: 2008-05-24 04:49:03 UTC - RP581 - System Checkpoint
81: 2008-05-23 00:01:22 UTC - RP580 - System Checkpoint
80: 2008-05-21 22:51:56 UTC - RP579 - System Checkpoint
79: 2008-05-20 22:19:42 UTC - RP578 - System Checkpoint


-- First Restore Point --
1: 2008-03-15 03:55:46 UTC - RP500 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 191 MiB (512 MiB recommended).


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-24 01:37:10
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Comcast\Comcast PhotoShow 4\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\NewDotNet\nnrun.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Yerby\Desktop\dss.exe
C:\WINDOWS\regedit.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcnews.go.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=...1UClfDumFAM8Y4nPsiCeG1IGrfU/Cn62GL416d5Qg0ELd
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.35.0\HostIE.dll (file missing)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\Programs\whiehlpr.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Starware - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.35.0\HostIE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.35.0\OEAddOn.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [smiley.exe] c:\smiley\smiley.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\Program Files\webHancer\Programs\webhdll.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downl...-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} () - http://ak.exe.imgfarm.com/images/no...opularScreenSaversFWBInitialSetup1.0.0.15.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: NNServ - New.net, Inc. - C:\Program Files\NewDotNet\nnrun.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


--
End of file - 8096 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 CA561 (EZCam III) - c:\windows\system32\drivers\spca561.sys (file missing)
S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NNServ - "c:\program files\newdotnet\nnrun.exe" "c:\program files\newdotnet\nncore.dll" servicestart <Not Verified; New.net, Inc.; New.net runner>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-04-24 and 2008-05-24 -----------------------------

2008-05-24 00:17:42 0 d--hs---- C:\FOUND.000
2008-05-23 14:31:29 86016 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-05-23 14:30:53 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
2008-05-23 14:30:53 154624 --a------ C:\WINDOWS\system32\fmod.dll <Not Verified; Firelight Technologies Pty, Ltd; FMOD>
2008-05-23 13:19:50 0 d-------- C:\sierra
2008-05-19 15:28:30 0 d-------- C:\Program Files\Steam
2008-05-17 18:07:48 0 d--hs---- C:\FOUND.096
2008-05-17 16:22:34 0 d--hs---- C:\FOUND.095
2008-04-29 16:56:55 0 d-------- C:\Program Files\Ascentive
2008-04-26 23:48:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Last.fm
2008-04-26 23:38:36 0 d-------- C:\Program Files\Last.fm
2008-04-26 23:38:24 0 d-------- C:\Program Files\Windows Media Connect 2
2008-04-26 23:26:56 0 d-------- C:\1551ebd673ebfa7811377ca48c93
2008-04-26 23:09:54 0 d-------- C:\1f3eb1bf0815bbb264994bb2a0b71ed3
2008-04-26 23:07:21 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-26 01:13:34 0 d-------- C:\Program Files\Sega
2008-04-25 23:21:54 0 d--hs---- C:\FOUND.094


-- Find3M Report ---------------------------------------------------------------

2008-04-21 16:28:38 0 d-------- C:\Documents and Settings\Yerby\Application Data\Azureus
2008-04-01 12:48:32 0 d-------- C:\Program Files\Google
2008-03-29 10:34:04 0 d-------- C:\Program Files\Oberon Media


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B}]
C:\Program Files\Zango\bin\10.3.35.0\HostIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c900b400-cdfe-11d3-976a-00e02913a9e0}]
05/05/2008 08:52 AM 159744 --a------ C:\Program Files\webHancer\programs\whiehlpr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}]
08/19/2005 03:41 PM 635904 --a------ C:\Program Files\Starware\bin\Starware.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{D49E9D35-254C-4C6A-9D17-95018D228FF5}"= C:\Program Files\Starware\bin\Starware.dll [08/19/2005 03:41 PM 635904]
"{2D51D869-C36B-42BD-AE68-0A81BC771FA5}"= C:\Program Files\Starware\bin\Starware.dll [08/19/2005 03:41 PM 635904]

[-HKEY_CLASSES_ROOT\CLSID\{D49E9D35-254C-4C6A-9D17-95018D228FF5}]

[-HKEY_CLASSES_ROOT\CLSID\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZangoOE"="C:\Program Files\Zango\bin\10.3.35.0\OEAddOn.exe" []
"webHancer Survey Companion"="C:\Program Files\webHancer\Programs\whsurvey.exe" [07/21/2005 11:54 AM]
"webHancer Agent"="C:\Program Files\webHancer\Programs\whagent.exe" [05/05/2008 08:52 AM]
"ViewMgr"="C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [01/04/2007 04:38 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [10/22/2005 11:56 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"smiley.exe"="c:\smiley\smiley.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07/23/2005 02:17 PM]
"New.net Startup"="C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 11:15 AM]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Comcast\COMCAS~1\data\xtras\mssysmgr.exe" [05/09/2005 06:16 PM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 03:56 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/04/2008 02:23 PM]
"Performance Center"="C:\Program Files\Ascentive\Performance Center\APCMain.exe" [03/13/2008 05:35 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Yerby^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Yerby\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Yerby^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Yerby\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Yerby^Start Menu^Programs^Startup^Xfire.lnk]
path=C:\Documents and Settings\Yerby\Start Menu\Programs\Startup\Xfire.lnk
backup=C:\WINDOWS\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1125940981\ee\AOLHostManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherDPA]
"C:\Program Files\Zango\bin\10.3.35.0\Weather.exe" -auto

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
"C:\Program Files\Zango\bin\10.3.35.0\ZangoSA.exe"




-- End of Deckard's System Scanner: finished at 2008-05-24 01:39:35 ------------

 

[chemist]

Hello and welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please save this page to Notepad in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please explain why this computer has no running or installed antivirus program.

Please enable your Windows Firewall via the Security Center in your Control Panel.

------------------------------------------------------

If your system seems sluggish, it could be due to low RAM:

Percentage of Memory in Use: 54%
Physical Memory (total/avail): 190.48 MiB / 86.74 MiB
Total Physical Memory: 191 MiB (512 MiB recommended).

Please read the following article: http://www.techsupportforum.com/security-center/hijackthis-log-help/247567-your-pc-running-slow.html

Please visit Crucial where you can either input your model number or download a small application that will tell you exactly the type of RAM you need.

------------------------------------------------------

Uninstall the following via Start > (or My Computer) > Control Panel > Add or Remove Programs:

CursorCafe Installer<<Please read this and this
Performance Center<<This program was likely installed onto your computer along with the program SpywareStriker(made by the same company) and is left behind when SpywareStriker is uninstalled. Please read this and this

Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar

The above are considered foistware instead of malware since they are installed without users approval, but don't spy or do anything "bad". Please read here and here

------------------------------------------------------

I see you have P2P software ( Limewire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

References for the risk of these programs are here, here, and here.

I would strongly recommend that you uninstall it, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Add or Remove Programs.

If you decide to uninstall Limewire, also delete these Folders if they still exist:

C:\Documents and Settings\Yerby\Application Data\LimeWire
C:\Program Files\LimeWire

------------------------------------------------------

Please visit this webpage for instructions on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery(repair) mode, if needed. This allows us to help you in the case that your computer has a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

As part of installing the Recovery Console, ComboFix will begin to run. Follow the prompts to install the Recovery Console. Your desktop may disappear. This is normal. It will return.

Once the Recovery Console is installed, this blue window will appear:

Please continue as follows:

• Close/disable all antivirus and antispyware programs so they do not interfere with the running of ComboFix. Get help here
• Please click Yes to continue scanning for malware.

When the tool is finished, it will produce a log for you.

Please post that log, ComboFix.txt along with a new HijackThis log so we may continue cleansing the system.

------------------------------------------------------

Please download HijackThis and Save it to your Desktop.

Alternate link

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double-click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Please post the HijackThis log in your next reply. Do not fix anything in HijackThis since they may be harmless.

------------------------------------------------------

Please post the following in your next reply:

C:\ComboFix.txt
new HijackThis log

If you have any questions along the way...STOP and ask them before proceeding.