Solved Need to make sure all trojans and malware are off of my computer

panda24 · 2010/01/19

[Resolved] Need to make sure all trojans and malware are off of my computer

I honestly don't have much info to give. I need to make sure all of the malware and trojans are off of my computer. I am not able to do windows automatic update to get sp3 for XP. I am not able to run ie at all. I have used spybot, ccleaner, and avira antivir. Most of the removals were done by my hubby while I was at work. Now I need a lot of help fixing what was messed up. I so far have no detections that I know of. Thanks.

wildfire · 2010/01/19

Hello again Panda24

One more time READ THIS and post requested logs

Broni et al,

In case you missed them, this is a followup from this and this

panda24 · 2010/01/19

DDS Log

DDS (Ver_09-12-01.01) - NTFSx86
Run by Amanda at 16:04:10.65 on Tue 01/19/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1279.735 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated)

{17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning enabled* (Updated)

{AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG8\avgrsx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\NVATray.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\DitExp.exe
C:\Documents and Settings\Amanda\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Amanda\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uSearch Page = hxxp://www.google.com
uWindow Title = Internet Explorer Provided by Cox High Speed Internet
uSearchMigratedDefaultURL =

hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} -

c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -

c:\program files\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} -

c:\progra~1\spybot~1\SDHelper.dll
BHO: {6551001F-A07B-40B1-8F55-B44BF35A42A6} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search

enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program

files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program

files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program

files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows

live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program

files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NVIDIA nForce APU1 Utilities] NVATray.exe
mRun: [Dit] Dit.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device

support\bin\AppleSyncNotifier.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Easy Dock]
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SoundMan] SOUNDMAN.EXE
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [ygua8e7yhuiesfha876yfauy8fe] c:\windows\temp\tf6r7.exe
dRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\windows\temp\mdm.exe
dRun: [thdjfnxw] c:\windows\system32\config\systemprofile\local settings\application

data\iaogda\shyjsysguard.exe
StartupFolder: c:\docume~1\amanda\startm~1\programs\startup\rcadet~1.lnk - c:\documents and

settings\amanda\my documents\rca detective\RCADetective.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program

files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Search - ?p=ZJxdm128YYUS
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program

files\java\jre1.6.0_03\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program

files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} -

hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -

hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?112725349612

5
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131427458

859
DPF: {6F750200-1362-4815-A476-88533DE61D0C} -

hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -

hxxp://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} -

hxxps://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

hxxp://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft

shared\web folders\PKMCDO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli tadofuvo.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\amanda\applic~1\mozilla\firefox\profiles\jbp8iwfp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\amanda\application

data\mozilla\firefox\profiles\jbp8iwfp.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\

platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\amanda\application

data\mozilla\firefox\profiles\jbp8iwfp.default\extensions\kodak-companion@mozilla.com\platform\wi

nnt_x86-msvc\components\mozFotofox.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b}

- c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ",

true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-10 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-10 108552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir

desktop\sched.exe [2010-1-11 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe

[2010-1-11 185089]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-15 55152]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-11 11608]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys

[2008-5-10 27784]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe -->

c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-10 297752]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-11 56816]
S2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe

[2009-2-6 533360]

=============== Created Last 30 ================

2010-01-19 21:42:56 0 d-----w- c:\program files\CCleaner
2010-01-15 04:34:59 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-15 04:34:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search &

Destroy
2010-01-15 04:05:26 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-01-15 01:12:53 6656 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2010-01-15 01:11:54 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-01-15 01:10:56 28 ----a-w- c:\windows\system32\redist.rsp
2010-01-15 01:10:56 253 ----a-w- c:\windows\system32\mdaccore.rsp
2010-01-15 01:10:56 181 ----a-w- c:\windows\system32\sqlclnt.rsp
2010-01-15 01:08:59 77824 -c--a-w- c:\windows\system32\dllcache\isign32.dll
2010-01-15 01:07:20 272896 -c--a-w- c:\windows\system32\dllcache\pinball.exe
2010-01-15 01:05:08 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-01-15 01:05:00 5888 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-01-15 01:03:40 56576 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-01-15 00:58:30 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-01-15 00:58:29 117248 ----a-w- c:\windows\system32\ksproxy.ax
2010-01-15 00:49:03 38024 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-01-12 20:45:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-12 05:07:28 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-12 05:07:25 0 d-----w- c:\program files\Avira
2010-01-12 05:07:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-01-10 18:45:35 96512 ------w- c:\windows\system32\drivers\atapi.sys6AA74E4A
2010-01-10 18:45:35 30784 ----a-w- c:\windows\system32\drivers\jrkxhufd.sys
2010-01-10 18:44:07 96512 ------w- c:\windows\system32\drivers\atapi.sysF5812507
2010-01-10 18:44:07 30784 ----a-w- c:\windows\system32\drivers\qubrhphz.sys
2010-01-10 18:43:48 96512 ----a-w- c:\windows\system32\drivers\atapi.sys0D557C46
2010-01-10 18:43:48 30784 ----a-w- c:\windows\system32\drivers\haoiemly.sys
2010-01-10 01:23:45 30784 ----a-w- c:\windows\system32\drivers\vyjtsnny.sys
2010-01-10 00:03:35 0 d-----w- c:\program files\common

files\PersonalSecUninstall
2010-01-09 23:25:24 0 ----a-w-

c:\windows\system32\157288916384231507337393217163842315073371638423.exe
2010-01-09 23:25:23 0 ----a-w-

c:\windows\system32\150735316384231507337393217163842315073371638423.exe
2010-01-09 21:32:00 473 ----a-w- c:\windows\system32\uses32.dat
2010-01-09 21:32:00 100 ----a-w- c:\windows\system32\flags.ini
2010-01-09 21:31:17 40960 ----a-w- c:\windows\system32\info.tmp
2010-01-09 21:24:53 0 ----a-w-

c:\windows\system32\347343215728851376265393217157288513762651572885.exe
2010-01-09 21:24:52 0 ----a-w-

c:\windows\system32\340789615728851376265393217157288513762651572885.exe
2010-01-09 03:37:07 0 d-----w- c:\program files\Simply Media
2010-01-06 19:36:32 0 ----a-w-

c:\windows\system32\209718823593151245190196609235931512451902359315.exe
2010-01-06 19:36:31 0 ----a-w-

c:\windows\system32\203165223593151245190196609235931512451902359315.exe
2010-01-06 13:35:28 0 ----a-w-

c:\windows\system32\1835043229377385197419660922937738519742293773.exe
2010-01-06 13:35:27 0 ----a-w-

c:\windows\system32\1769507229377385197419660922937738519742293773.exe
2010-01-05 01:55:07 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-04 21:54:34 0 ----a-w-

c:\windows\system32\22282783538965137626065537353896513762603538965.exe
2010-01-04 21:54:33 0 ----a-w-

c:\windows\system32\21627423538965137626065537353896513762603538965.exe

==================== Find3M ====================

2010-01-15 01:08:13 23348 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-11-24 04:31:46 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2009-11-22 01:45:02 45004 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-11 02:03:56 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll
2005-12-28 16:42:39 774144 -c--a-w- c:\program files\RngInterstitial.dll

============= FINISH: 16:04:49.85 ===============

panda24 · 2010/01/19

Attach Log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/14/2010 11:14:02 AM
System Uptime: 1/19/2010 3:01:00 PM (1 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6701
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Socket 478

| 2405/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 41.478 GiB free.
D: is FIXED (NTFS) - 114 GiB total, 52.458 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is Removable
J: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Realtek AC'97 Audio
Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_70101462&REV_A0\3&61AAA01&0&17
Manufacturer: Realtek
Name: Realtek AC'97 Audio
PNP Device ID:

PCI\VEN_1039&DEV_7012&SUBSYS_70101462&REV_A0\3&61AAA01&0&17
Service:

==== System Restore Points ===================

RP1: 1/14/2010 10:27:08 PM - System Checkpoint
RP2: 1/15/2010 10:30:42 PM - System Checkpoint
RP3: 1/16/2010 10:43:12 PM - System Checkpoint
RP4: 1/17/2010 11:30:42 PM - System Checkpoint
RP5: 1/19/2010 12:02:25 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5
Ahead NeroMediaPlayer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
Authentium
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Bejeweled 2 Deluxe
Bonjour
CCleaner
CCScore
Choice Guard
Chuzzle Deluxe
Cox High Speed Internet security suite
Dig'nRigs
DivX
Drivers Install For Linksys Easylink Advisor
ebgcInfra
ebgcRes
ebgcSDK
Encore LaunchPad 6.8.25.100
EPSON Copy Utility
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
EPSON User's Guide
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
FoxyTunes for Firefox
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Board Games 2007
Hoyle Board Games 3 Demo
Hoyle Card Games 4
Hoyle Casino 4 Demo
Hoyle Puzzle Games 2007
Hoyle Word Games Demo
Images of Ireland Theme for Windows XP
iPod for Windows 2006-01-10
iTunes
Java(TM) 6 Update 3
Junk Mail filter update
kgcbase
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
Linksys EasyLink Advisor 1.6 (0032)
Macromedia Shockwave Player
Medion Flash XL
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Picture It! Photo 7.0
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Photo Adventure
netbrdg
NVIDIA Drivers
NVIDIA nForce APU1 Utilities
OfotoXMI
Opera 10.01
QuickTime
RCA Detectiveâ„¢ 2.0.0.99
RCA easyRip 2.1.7.0
RealArcade
Realtek AC'97 Audio
ScanToWeb
Segoe UI
SFR
SHASTA
Shockwave
SideWinder Game Pad Pro
SimCity 3000
SiS 900 PCI Fast Ethernet Adapter Driver
skin0001
SKINXSDK
Slingo(R) Mystery - Who's Gold
Splash
Spybot - Search & Destroy
staticcr
System Requirements Lab
The Game Of Life
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Ventrilo Client
Viewpoint Media Player
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
WIRELESS
Works Suite OS Pack
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/18/2010 1:59:58 PM, error: Service Control Manager [7023] - The

WebClient service terminated with the following error: The specified

procedure could not be found.
1/18/2010 1:59:58 PM, error: Service Control Manager [7023] - The

Remote Access Connection Manager service terminated with the following

error: The specified procedure could not be found.
1/18/2010 1:59:58 PM, error: Service Control Manager [7023] - The

Network Connections service terminated with the following error: The

specified procedure could not be found.
1/18/2010 1:59:58 PM, error: Service Control Manager [7023] - The

Cryptographic Services service terminated with the following error:

The specified procedure could not be found.
1/18/2010 1:59:58 PM, error: Service Control Manager [7001] - The

Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)

service depends on the Network Connections service which failed to

start because of the following error: The specified procedure could

not be found.
1/18/2010 1:58:58 PM, error: RemoteAccess [20151] - The Control

Protocol EAP in the Point to Point Protocol module

C:\WINDOWS\System32\rasppp.dll returned an error while initializing.

The specified procedure could not be found.
1/18/2010 1:58:58 PM, error: RemoteAccess [20070] - Point to Point

Protocol engine was unable to load the C:\WINDOWS\System32\rastls.dll

module. The specified procedure could not be found.
1/18/2010 1:58:58 PM, error: Rasman [20063] - Remote Access Connection

Manager failed to start because the Point to Point Protocol failed to

initialize. The specified procedure could not be found.
1/15/2010 1:51:06 PM, error: DCOM [10005] - DCOM got error "%1053"

attempting to start the service fsssvc with arguments " " in order to

run the server: {89BC5589-1066-4EC1-B738-651DF9572A5E}
1/14/2010 11:24:18 AM, error: Service Control Manager [7001] - The

SSDP Discovery Service service depends on the HTTP service which failed

to start because of the following error: The specified procedure could

not be found.
1/14/2010 11:24:18 AM, error: Service Control Manager [7000] - The

HTTP service failed to start due to the following error: The specified

procedure could not be found.
1/14/2010 11:24:12 AM, error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load: avgio

AvgMfx86 FltMgr
1/14/2010 11:24:12 AM, error: Service Control Manager [7024] - The

Wireless Zero Configuration service terminated with service-specific

error 11 (0xB).
1/14/2010 11:24:12 AM, error: Service Control Manager [7022] - The

DCOM Server Process Launcher service hung on starting.
1/14/2010 11:24:12 AM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the Windows Live Family Safety service

to connect.
1/14/2010 11:24:12 AM, error: Service Control Manager [7001] - The

avgntflt service depends on the FltMgr service which failed to start

because of the following error: A device attached to the system is not

functioning.
1/14/2010 11:24:12 AM, error: Service Control Manager [7000] - The

Windows Live Family Safety service failed to start due to the following

error: The service did not respond to the start or control request in

a timely fashion.
1/14/2010 11:24:12 AM, error: Service Control Manager [7000] - The

Security Center service failed to start due to the following error:

The executable program that this service is configured to run in does

not implement the service.
1/14/2010 11:18:17 AM, error: Setup [60055] - Windows Setup

encountered non-fatal errors during installation. Please check the

setuperr.log found in your Windows directory for more information.
1/14/2010 11:10:11 AM, error: DCOM [10005] - DCOM got error "%1058"

attempting to start the service SENS with arguments " " in order to run

the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
1/12/2010 9:08:39 AM, error: Dhcp [1002] - The IP address lease

192.168.1.100 for the Network Card with network address 0010DCA188C2

has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a

DHCPNACK message).
1/12/2010 9:06:48 AM, error: Dhcp [1002] - The IP address lease

192.168.1.104 for the Network Card with network address 0010DCA188C2

has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a

DHCPNACK message).
1/12/2010 8:15:49 AM, error: Service Control Manager [7024] - The AVG8

WatchDog service terminated with service-specific error 3758161981

(0xE001003D).
1/12/2010 8:15:49 AM, error: Service Control Manager [7001] - The AVG8

E-mail Scanner service depends on the AVG8 WatchDog service which

failed to start because of the following error: The service has

returned a service-specific error code.
1/12/2010 8:15:38 AM, error: Ftdisk [49] - Configuring the Page file

for crash dump failed. Make sure there is a page file on the boot

partition and that is large enough to contain all physical memory.
1/12/2010 8:15:38 AM, error: Ftdisk [45] - The system could not

sucessfully load the crash dump driver.
1/12/2010 6:53:42 AM, error: Service Control Manager [7023] - The

Application Management service terminated with the following error:

The specified module could not be found.
1/12/2010 6:49:58 AM, error: DCOM [10005] - DCOM got error "%1058"

attempting to start the service wuauserv with arguments " " in order to

run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/12/2010 6:29:52 AM, error: Service Control Manager [7034] - The

NVIDIA Display Driver Service service terminated unexpectedly. It has

done this 1 time(s).
1/12/2010 10:06:10 AM, error: Service Control Manager [7023] - The

System Restore Service service terminated with the following error:

The system cannot find the file specified.
1/12/2010 10:06:08 AM, error: SRService [104] - The System Restore

initialization process failed.

==== End Of File ===========================

panda24 · 2010/01/19

I'm sorry if I've been a little impatient sounding. This has just been so frustrating. All the help I can get is welcome and very much appreciated. Thank you.

Admin. · 2010/01/19

A Malware expert will have a look at your log in due course.

panda24 · 2010/01/19

Thanks.

broni · 2010/01/19

Please, disable "word wrap" in Notepad and repost DDS logs.
In current version, they're almost impossible to read.

Also...

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

panda24 · 2010/01/19

Attach Log w/o word wrap

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/14/2010 11:14:02 AM
System Uptime: 1/19/2010 3:01:00 PM (1 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6701
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | Socket 478 | 2405/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 41.478 GiB free.
D: is FIXED (NTFS) - 114 GiB total, 52.458 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is Removable
J: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Realtek AC'97 Audio
Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_70101462&REV_A0\3&61AAA01&0&17
Manufacturer: Realtek
Name: Realtek AC'97 Audio
PNP Device ID: PCI\VEN_1039&DEV_7012&SUBSYS_70101462&REV_A0\3&61AAA01&0&17
Service:

==== System Restore Points ===================

RP1: 1/14/2010 10:27:08 PM - System Checkpoint
RP2: 1/15/2010 10:30:42 PM - System Checkpoint
RP3: 1/16/2010 10:43:12 PM - System Checkpoint
RP4: 1/17/2010 11:30:42 PM - System Checkpoint
RP5: 1/19/2010 12:02:25 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe Acrobat 5.0
Adobe AIR
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.5
Ahead NeroMediaPlayer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression
Authentium
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Bejeweled 2 Deluxe
Bonjour
CCleaner
CCScore
Choice Guard
Chuzzle Deluxe
Cox High Speed Internet security suite
Dig'nRigs
DivX
Drivers Install For Linksys Easylink Advisor
ebgcInfra
ebgcRes
ebgcSDK
Encore LaunchPad 6.8.25.100
EPSON Copy Utility
EPSON Photo Print
EPSON Printer Software
EPSON Smart Panel
EPSON TWAIN 5
EPSON User's Guide
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
FoxyTunes for Firefox
Google Desktop
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Board Games 2007
Hoyle Board Games 3 Demo
Hoyle Card Games 4
Hoyle Casino 4 Demo
Hoyle Puzzle Games 2007
Hoyle Word Games Demo
Images of Ireland Theme for Windows XP
iPod for Windows 2006-01-10
iTunes
Java(TM) 6 Update 3
Junk Mail filter update
kgcbase
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
Linksys EasyLink Advisor 1.6 (0032)
Macromedia Shockwave Player
Medion Flash XL
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta Encyclopedia Standard 2003
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Picture It! Photo 7.0
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
MobileMe Control Panel
Mozilla Firefox (3.5.7)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Photo Adventure
netbrdg
NVIDIA Drivers
NVIDIA nForce APU1 Utilities
OfotoXMI
Opera 10.01
QuickTime
RCA Detectiveâ„¢ 2.0.0.99
RCA easyRip 2.1.7.0
RealArcade
Realtek AC'97 Audio
ScanToWeb
Segoe UI
SFR
SHASTA
Shockwave
SideWinder Game Pad Pro
SimCity 3000
SiS 900 PCI Fast Ethernet Adapter Driver
skin0001
SKINXSDK
Slingo(R) Mystery - Who's Gold
Splash
Spybot - Search & Destroy
staticcr
System Requirements Lab
The Game Of Life
tooltips
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Ventrilo Client
Viewpoint Media Player
VPRINTOL
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
WIRELESS
Works Suite OS Pack
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

1/18/2010 1:59:58 PM, error: Service Control Manager [7023] - The WebClient service terminated with the following error: The specified procedure could not be found.
1/18/2010 1:59:58 PM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: The specified procedure could not be found.
1/18/2010 1:59:58 PM, error: Service Control Manager [7023] - The Network Connections service terminated with the following error: The specified procedure could not be found.
1/18/2010 1:59:58 PM, error: Service Control Manager [7023] - The Cryptographic Services service terminated with the following error: The specified procedure could not be found.
1/18/2010 1:59:58 PM, error: Service Control Manager [7001] - The Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The specified procedure could not be found.
1/18/2010 1:58:58 PM, error: RemoteAccess [20151] - The Control Protocol EAP in the Point to Point Protocol module C:\WINDOWS\System32\rasppp.dll returned an error while initializing. The specified procedure could not be found.
1/18/2010 1:58:58 PM, error: RemoteAccess [20070] - Point to Point Protocol engine was unable to load the C:\WINDOWS\System32\rastls.dll module. The specified procedure could not be found.
1/18/2010 1:58:58 PM, error: Rasman [20063] - Remote Access Connection Manager failed to start because the Point to Point Protocol failed to initialize. The specified procedure could not be found.
1/15/2010 1:51:06 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service fsssvc with arguments " " in order to run the server: {89BC5589-1066-4EC1-B738-651DF9572A5E}
1/14/2010 11:24:18 AM, error: Service Control Manager [7001] - The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: The specified procedure could not be found.
1/14/2010 11:24:18 AM, error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: The specified procedure could not be found.
1/14/2010 11:24:12 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio AvgMfx86 FltMgr
1/14/2010 11:24:12 AM, error: Service Control Manager [7024] - The Wireless Zero Configuration service terminated with service-specific error 11 (0xB).
1/14/2010 11:24:12 AM, error: Service Control Manager [7022] - The DCOM Server Process Launcher service hung on starting.
1/14/2010 11:24:12 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Live Family Safety service to connect.
1/14/2010 11:24:12 AM, error: Service Control Manager [7001] - The avgntflt service depends on the FltMgr service which failed to start because of the following error: A device attached to the system is not functioning.
1/14/2010 11:24:12 AM, error: Service Control Manager [7000] - The Windows Live Family Safety service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/14/2010 11:24:12 AM, error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
1/14/2010 11:18:17 AM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
1/14/2010 11:10:11 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments " " in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
1/12/2010 9:08:39 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0010DCA188C2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/12/2010 9:06:48 AM, error: Dhcp [1002] - The IP address lease 192.168.1.104 for the Network Card with network address 0010DCA188C2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/12/2010 8:15:49 AM, error: Service Control Manager [7024] - The AVG8 WatchDog service terminated with service-specific error 3758161981 (0xE001003D).
1/12/2010 8:15:49 AM, error: Service Control Manager [7001] - The AVG8 E-mail Scanner service depends on the AVG8 WatchDog service which failed to start because of the following error: The service has returned a service-specific error code.
1/12/2010 8:15:38 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/12/2010 8:15:38 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/12/2010 6:53:42 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/12/2010 6:49:58 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/12/2010 6:29:52 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
1/12/2010 10:06:10 AM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
1/12/2010 10:06:08 AM, error: SRService [104] - The System Restore initialization process failed.

==== End Of File ===========================

panda24 · 2010/01/19

DDS Log w/o word wrap

DDS (Ver_09-12-01.01) - NTFSx86
Run by Amanda at 16:04:10.65 on Tue 01/19/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.1279.735 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG8\avgrsx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\NVATray.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\DitExp.exe
C:\Documents and Settings\Amanda\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Amanda\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uSearch Page = hxxp://www.google.com
uWindow Title = Internet Explorer Provided by Cox High Speed Internet
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {6551001F-A07B-40B1-8F55-B44BF35A42A6} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NVIDIA nForce APU1 Utilities] NVATray.exe
mRun: [Dit] Dit.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Easy Dock]
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SoundMan] SOUNDMAN.EXE
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRun: [ygua8e7yhuiesfha876yfauy8fe] c:\windows\temp\tf6r7.exe
dRun: [asg984jgkfmgasi8ug98jgkfgfb] c:\windows\temp\mdm.exe
dRun: [thdjfnxw] c:\windows\system32\config\systemprofile\local settings\application data\iaogda\shyjsysguard.exe
StartupFolder: c:\docume~1\amanda\startm~1\programs\startup\rcadet~1.lnk - c:\documents and settings\amanda\my documents\rca detective\RCADetective.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: &Search - ?p=ZJxdm128YYUS
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127253496125
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131427458859
DPF: {6F750200-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} - hxxps://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli tadofuvo.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\amanda\applic~1\mozilla\firefox\profiles\jbp8iwfp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\documents and settings\amanda\application data\mozilla\firefox\profiles\jbp8iwfp.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\amanda\application data\mozilla\firefox\profiles\jbp8iwfp.default\extensions\kodak-companion@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll
FF - plugin: c:\documents and settings\all users\application data\realarcade\npraclient.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npImgCtl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npraclient.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin2.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin3.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin4.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin5.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin6.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin7.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\opera 10 beta\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-10 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-10 108552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-11 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-11 185089]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-15 55152]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-11 11608]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-10 27784]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe --> c:\progra~1\avg\avg8\avgemc.exe [?]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-5-10 297752]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-11 56816]
S2 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

=============== Created Last 30 ================

2010-01-19 21:42:56 0 d-----w- c:\program files\CCleaner
2010-01-15 04:34:59 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-15 04:34:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-15 04:05:26 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-01-15 01:12:53 6656 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2010-01-15 01:11:54 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-01-15 01:10:56 28 ----a-w- c:\windows\system32\redist.rsp
2010-01-15 01:10:56 253 ----a-w- c:\windows\system32\mdaccore.rsp
2010-01-15 01:10:56 181 ----a-w- c:\windows\system32\sqlclnt.rsp
2010-01-15 01:08:59 77824 -c--a-w- c:\windows\system32\dllcache\isign32.dll
2010-01-15 01:07:20 272896 -c--a-w- c:\windows\system32\dllcache\pinball.exe
2010-01-15 01:05:08 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-01-15 01:05:00 5888 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-01-15 01:03:40 56576 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-01-15 00:58:30 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-01-15 00:58:29 117248 ----a-w- c:\windows\system32\ksproxy.ax
2010-01-15 00:49:03 38024 ----a-w- c:\windows\system32\drivers\termdd.sys
2010-01-12 20:45:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-12 05:07:28 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-12 05:07:25 0 d-----w- c:\program files\Avira
2010-01-12 05:07:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-01-10 18:45:35 96512 ------w- c:\windows\system32\drivers\atapi.sys6AA74E4A
2010-01-10 18:45:35 30784 ----a-w- c:\windows\system32\drivers\jrkxhufd.sys
2010-01-10 18:44:07 96512 ------w- c:\windows\system32\drivers\atapi.sysF5812507
2010-01-10 18:44:07 30784 ----a-w- c:\windows\system32\drivers\qubrhphz.sys
2010-01-10 18:43:48 96512 ----a-w- c:\windows\system32\drivers\atapi.sys0D557C46
2010-01-10 18:43:48 30784 ----a-w- c:\windows\system32\drivers\haoiemly.sys
2010-01-10 01:23:45 30784 ----a-w- c:\windows\system32\drivers\vyjtsnny.sys
2010-01-10 00:03:35 0 d-----w- c:\program files\common files\PersonalSecUninstall
2010-01-09 23:25:24 0 ----a-w- c:\windows\system32\157288916384231507337393217163842315073371638423.exe
2010-01-09 23:25:23 0 ----a-w- c:\windows\system32\150735316384231507337393217163842315073371638423.exe
2010-01-09 21:32:00 473 ----a-w- c:\windows\system32\uses32.dat
2010-01-09 21:32:00 100 ----a-w- c:\windows\system32\flags.ini
2010-01-09 21:31:17 40960 ----a-w- c:\windows\system32\info.tmp
2010-01-09 21:24:53 0 ----a-w- c:\windows\system32\347343215728851376265393217157288513762651572885.exe
2010-01-09 21:24:52 0 ----a-w- c:\windows\system32\340789615728851376265393217157288513762651572885.exe
2010-01-09 03:37:07 0 d-----w- c:\program files\Simply Media
2010-01-06 19:36:32 0 ----a-w- c:\windows\system32\209718823593151245190196609235931512451902359315.exe
2010-01-06 19:36:31 0 ----a-w- c:\windows\system32\203165223593151245190196609235931512451902359315.exe
2010-01-06 13:35:28 0 ----a-w- c:\windows\system32\1835043229377385197419660922937738519742293773.exe
2010-01-06 13:35:27 0 ----a-w- c:\windows\system32\1769507229377385197419660922937738519742293773.exe
2010-01-05 01:55:07 195456 ------w- c:\windows\system32\MpSigStub.exe
2010-01-04 21:54:34 0 ----a-w- c:\windows\system32\22282783538965137626065537353896513762603538965.exe
2010-01-04 21:54:33 0 ----a-w- c:\windows\system32\21627423538965137626065537353896513762603538965.exe

==================== Find3M ====================

2010-01-15 01:08:13 23348 -c--a-w- c:\windows\system32\emptyregdb.dat
2009-11-24 04:31:46 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2009-11-22 01:45:02 45004 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-11 02:03:56 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll
2005-12-28 16:42:39 774144 -c--a-w- c:\program files\RngInterstitial.dll

============= FINISH: 16:04:49.85 ===============

panda24 · 2010/01/19

Checkup.txt

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 1
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Avira AntiVir Personal - Free Antivirus
Avira updated!
``````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
CCleaner
Java(TM) 6 Update 3
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0.5
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgrsx.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

broni · 2010/01/19

Please, run AVG Remover: http://www.avg.com/us-en/download-tools

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Terminate memory threats before quarantining.

* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

panda24 · 2010/01/19

I am also using a laptop so I can easily keep these instructions up. Thank you so much and I will let you know if this works.

panda24 · 2010/01/19

This is all I got off of the avg remover. Is this correct?

2010-01-20 01:11:38,468 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2010-01-20 01:11:38,484 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2010-01-20 01:11:38,484 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersionrogramFilesDir (x86) value failed (error: e001003d)
2010-01-20 01:11:38,484 WARN AvgDir param empty.
2010-01-20 01:11:38,484 WARN AvgDataDir param empty.

panda24 · 2010/01/19

I received this message tryin to install Superantispyware

Installer Information
Error 1904. Module C:\Program
Files\SUPERAntiSpyware\SASWINLO.dll failed to register.
HRESULT -2147024769. Contact your support personnel.

That's exact. I left it up on my screen. What do I do?
Also have 'Abort', 'Retry', and 'Ignore' buttons. Retry does not work, getting same error message. Thanks.

broni · 2010/01/19

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator

panda24 · 2010/01/23

I'm sorry, I need some more help here. Please read the 2 posts above. I am not able to finish the steps as I am not able to download superantispyware. Thanks

broni · 2010/01/23

That's why I want you to run Combofix now.
We'll get back other scans later.

panda24 · 2010/01/24

ok, the 1st link you gave me didn't work, the second link was in spanish...when I tried to google combofix to download, the site came up as a site that is known to have trojans, malware and other maliscious software that automatically downloads. Is there another link??

panda24 · 2010/01/24

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:18 PM, on 1/24/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\NVATray.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Documents and Settings\Amanda\My Documents\RCA Detective\RCADetective.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6551001F-A07B-40B1-8F55-B44BF35A42A6} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\WINDOWS\TEMP\tf6r7.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\WINDOWS\TEMP\mdm.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [thdjfnxw] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\iaogda\shyjsysguard.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: RCA Detective.lnk = C:\Documents and Settings\Amanda\My Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - ?p=ZJxdm128YYUS
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127253496125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131427458859
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4056/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - Unknown owner - C:\PROGRA~1\AVG\AVG8\avgemc.exe (file missing)
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 12341 bytes

Log in or Sign up

Solved Need to make sure all trojans and malware are off of my computer

panda24 Inactive Thread Starter

wildfire Getting Old

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

Admin. Administrator Administrator Staff

panda24 Inactive Thread Starter

broni Moderator Malware Analyst

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

broni Moderator Malware Analyst

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

broni Moderator Malware Analyst

panda24 Inactive Thread Starter

broni Moderator Malware Analyst

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Need to make sure all trojans and malware are off of my computer

panda24 Inactive Thread Starter

wildfire Getting Old

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

Admin. Administrator Administrator Staff

panda24 Inactive Thread Starter

broni Moderator Malware Analyst

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

broni Moderator Malware Analyst

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

broni Moderator Malware Analyst

panda24 Inactive Thread Starter

broni Moderator Malware Analyst

panda24 Inactive Thread Starter

panda24 Inactive Thread Starter

Share This Page

Useful Searches