[Active] Generic Host Process for Win32

tesladomain · 4th October 2009

It encounter a problem n when it happens it disables sound card, looks like it changes theme for win n who knows what else... anyway sound card is not working after that. If i reinstall drivers for sound card again it will happen again after sometime. I have nod32 antivirus, trojan remover n both didnt found any viruses...i scanned system with DDS scanner so these r results....

DDS (Ver_09-09-29.01) - NTFSx86
Run by xp at 17:43:43.82 on Sun 10/04/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.511.83 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\xp\Desktop\dds.scr
C:\WINDOWS\SoftwareDistribution\Download\61c1721af834119a58811f42fc1bb9fc\u pdate\update.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://search.live.com
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Windows Live] c:\documents and settings\xp\application data\WindowsLive.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Windows Live] c:\documents and settings\xp\application data\WindowsLive.exe
mRun: [SoundMan] SOUNDMAN.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Windows Live] c:\documents and settings\all users\WindowsLive.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\MSMSGS.EXE
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1254665868484
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254665847046
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\xp\applic~1\mozilla\firefox\profiles\ilal4rr8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1500000
FF - user.js: content.notify.interval - 750000
FF - user.js: nglayout.initialpaint.delay - 100

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-9-18 54752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2007-3-2 2825088]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

=============== Created Last 30 ================

2009-10-04 17:34 <DIR> --d----- c:\windows\system32\appmgmt
2009-10-04 17:23 <DIR> --d----- c:\windows\system32\PreInstall
2009-10-04 17:23 <DIR> --d-h--- c:\windows\$hf_mig$
2009-10-04 16:58 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-10-04 16:58 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-10-04 16:58 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-10-04 16:58 75,264 a------- c:\windows\system32\unacev2.dll
2009-10-04 16:58 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-10-04 16:57 <DIR> --d----- c:\program files\Trojan Remover
2009-10-04 16:57 <DIR> --d----- c:\docume~1\xp\applic~1\Simply Super Software
2009-10-04 16:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-10-04 16:22 268,648 a------- c:\windows\system32\mucltui.dll
2009-10-04 16:22 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-10-04 16:19 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-10-04 16:19 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-10-04 16:19 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2009-10-04 16:19 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2009-10-04 16:19 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-10-04 15:50 3,350,519 a------- c:\docume~1\xp\applic~1\WindowsLive.exe
2009-10-04 15:33 3,350,519 a------- c:\documents and settings\all users\WindowsLive.exe
2009-10-04 15:32 813,772 a------- c:\windows\system32\rss.exe
2009-09-21 19:31 31,616 ac------ c:\windows\system32\dllcache\usbccgp.sys
2009-09-21 19:31 31,616 a------- c:\windows\system32\drivers\usbccgp.sys
2009-09-18 10:49 <DIR> --d----- c:\documents and settings\xp\Tracing
2009-09-18 10:42 <DIR> --d----- c:\program files\Microsoft Office Outlook Connector
2009-09-18 10:42 54,752 a------- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-09-18 10:37 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition
2009-09-18 10:37 23,856 a------- c:\windows\system32\spupdsvc.exe
2009-09-18 10:35 <DIR> --d----- c:\program files\Microsoft
2009-09-18 10:35 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-09-18 10:10 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2009-07-10 12:15 306,544 a------- c:\windows\WLXPGSS.SCR
2007-11-30 22:19 22,328 a------- c:\docume~1\xp\applic~1\PnkBstrK.sys

============= FINISH: 17:44:06.34 ===============

DDS (Ver_09-09-29.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/1/2007 12:30:38 PM
System Uptime: 10/4/2009 5:21:33 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | 'K8N'
Processor: AMD Sempron(tm) Processor 3000+ | Socket 754 | 1808/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 38 GiB total, 12.022 GiB free.
D: is FIXED (NTFS) - 36 GiB total, 30.75 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP24: 7/13/2009 9:40:36 PM - Kontrolna tačka sistema
RP25: 7/14/2009 10:08:38 PM - Kontrolna tačka sistema
RP26: 7/15/2009 10:14:21 PM - Kontrolna tačka sistema
RP27: 7/25/2009 5:39:24 PM - Kontrolna tačka sistema
RP28: 7/29/2009 7:03:01 PM - Kontrolna tačka sistema
RP29: 7/30/2009 7:43:41 PM - Kontrolna tačka sistema
RP30: 7/31/2009 8:17:59 PM - Kontrolna tačka sistema
RP31: 8/3/2009 9:50:20 PM - Kontrolna tačka sistema
RP32: 8/8/2009 6:20:50 PM - Kontrolna tačka sistema
RP33: 8/9/2009 6:25:28 PM - Kontrolna tačka sistema
RP34: 8/10/2009 8:18:14 PM - Kontrolna tačka sistema
RP35: 8/11/2009 9:07:23 PM - Kontrolna tačka sistema
RP36: 8/12/2009 9:36:49 PM - Kontrolna tačka sistema
RP37: 8/19/2009 11:33:05 AM - Kontrolna tačka sistema
RP38: 8/23/2009 8:51:39 PM - Kontrolna tačka sistema
RP39: 8/25/2009 7:09:44 PM - Kontrolna tačka sistema
RP40: 8/26/2009 7:14:01 PM - Kontrolna tačka sistema
RP41: 8/28/2009 8:26:41 PM - Kontrolna tačka sistema
RP42: 8/30/2009 4:37:32 PM - Kontrolna tačka sistema
RP43: 8/31/2009 10:10:14 PM - Kontrolna tačka sistema
RP44: 9/2/2009 2:19:49 PM - Kontrolna tačka sistema
RP45: 9/3/2009 6:52:57 PM - Kontrolna tačka sistema
RP46: 9/5/2009 6:07:46 PM - Kontrolna tačka sistema
RP47: 9/7/2009 9:12:38 PM - Kontrolna tačka sistema
RP48: 9/8/2009 9:42:58 PM - Kontrolna tačka sistema
RP49: 9/9/2009 10:08:28 PM - Kontrolna tačka sistema
RP50: 9/11/2009 7:03:30 PM - Kontrolna tačka sistema
RP51: 9/12/2009 7:57:51 PM - Kontrolna tačka sistema
RP52: 9/13/2009 8:53:37 PM - Kontrolna tačka sistema
RP53: 9/14/2009 8:58:16 PM - Kontrolna tačka sistema
RP54: 9/15/2009 9:17:32 PM - Kontrolna tačka sistema
RP55: 9/16/2009 9:51:30 PM - Kontrolna tačka sistema
RP56: 9/18/2009 12:08:36 AM - Kontrolna tačka sistema
RP57: 9/18/2009 10:37:05 AM - Installed Windows XP WIC.
RP58: 9/18/2009 10:37:21 AM - Installed Windows XP KB954708.
RP59: 9/18/2009 10:37:33 AM - Installed DirectX
RP60: 9/20/2009 11:37:05 AM - Kontrolna tačka sistema
RP61: 9/22/2009 5:44:14 PM - Kontrolna tačka sistema
RP62: 9/24/2009 5:38:19 PM - Kontrolna tačka sistema
RP63: 9/25/2009 6:41:05 PM - Kontrolna tačka sistema
RP64: 9/26/2009 9:23:56 PM - Kontrolna tačka sistema
RP65: 9/29/2009 10:36:58 AM - Kontrolna tačka sistema
RP66: 9/30/2009 4:44:15 PM - Kontrolna tačka sistema
RP67: 10/4/2009 11:05:59 AM - Kontrolna tačka sistema
RP68: 10/4/2009 1:56:02 PM - Installed ESET NOD32 Antivirus
RP69: 10/4/2009 5:23:40 PM - Software Distribution Service 3.0
(*kontrolna tacka sistema=system check point)
==== Installed Programs ======================

18 Wheels of Steel Pedal to the Metal
ACDSee 6.0 Standard
Ad-Aware SE Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
ATI - Software Uninstall Utility
ATI Display Driver
BSPlayer
Call of Duty(R) 2
Call of Duty(R) 4 - Modern Warfare(TM)
ESET NOD32 Antivirus
Far Cry
ffdshow (remove only)
GameSpy Arcade
Hotfix for Windows XP (KB954708)
Junk Mail filter update
MakeDVD 1.0
Max Payne
Medal of Honor Allied Assault
Microsoft .NET Framework 2.0
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Mozilla Firefox (3.0.14)
MSN
MSVCRT
My Cinema
Nero 6 Enterprise Edition
NVIDIA Drivers
PCI SoftV92 Modem
PhotoNow! 1.0
PowerCinema
PowerDirector
PowerProducer Express
Realtek AC'97 Audio
Segoe UI
Sniper Elite
Trojan Remover 6.8.1
Update for Windows XP (KB898461)
WebFldrs XP
Winamp
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows XP srpski interfejs paket - latinica
WinRAR archiver
WinZip

==== Event Viewer Messages From Past Week ========

9/30/2009 11:58:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the CyberLink Task Scheduler (CTS) service to connect.
9/30/2009 11:58:27 PM, error: Service Control Manager [7000] - The CyberLink Task Scheduler (CTS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/30/2009 11:58:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the NOD32 Kernel Service service to connect.
9/30/2009 11:58:26 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Machine Debug Manager service to connect.
9/30/2009 11:58:26 PM, error: Service Control Manager [7000] - The NOD32 Kernel Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/30/2009 11:58:26 PM, error: Service Control Manager [7000] - The Machine Debug Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/30/2009 11:35:43 PM, error: Service Control Manager [7023] - The Microsoft Windows service terminated with the following error: Access is denied.
9/30/2009 11:35:43 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
9/30/2009 11:35:43 PM, error: Service Control Manager [7000] - The Cyberlink RichVideo Service(CRVS) service failed to start due to the following error: The system cannot find the file specified.
10/4/2009 4:44:00 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
10/4/2009 4:09:45 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
10/4/2009 3:54:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ehdrv epfwtdir Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss sptd Tcpip
10/4/2009 3:54:09 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2009 3:54:09 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2009 3:54:09 PM, error: Service Control Manager [7001] - The fssfltr service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2009 3:54:09 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2009 3:54:09 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2009 3:53:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/4/2009 3:53:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/4/2009 3:53:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/4/2009 3:52:41 PM, error: sfsync02 [12] -
10/4/2009 2:09:57 PM, error: Service Control Manager [7023] - The Microsoft Windows service terminated with the following error: The specified module could not be found.
10/4/2009 1:52:41 PM, error: Service Control Manager [7023] - The Microsoft Windows service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
10/4/2009 1:39:19 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

==== End Of File ===========================

**broni** · 4th October 2009

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en...kthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!