[hopthwoks]

Downloaded Kaspersky and have been finding many things. But the pc is still running very slow.SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 03/13/2009 at 04:57 PM
Application Version : 4.25.1014
Core Rules Database Version : 3412
Trace Rules Database Version: 1404
Scan type : Complete Scan
Total Scan Time : 00:32:17
Memory items scanned : 574
Memory threats detected : 0
Registry items scanned : 5573
Registry threats detected : 19
File items scanned : 32630
File threats detected : 54
Trojan.TopInstalls/Guard
HKU\S-1-5-21-2869611830-4205488211-2984368079-1006\Software\Classes\CLSID\{1B77D30A-81C9-497A-8647-142F7511B1FB}
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{1B77D30A-81C9-497A-8647-142F7511B1FB}
HKU\S-1-5-21-2869611830-4205488211-2984368079-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{1B77D30A-81C9-497A-8647-142F7511B1FB}
HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}
HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0
HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0\0
HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0\0\win32
HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0\FLAGS
HKCR\TypeLib\{5AB0D266-DD2B-4006-B9D6-A9145291BDD6}\1.0\HELPDIR
HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}
HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}\ProxyStubClsid
HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}\ProxyStubClsid32
HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}\TypeLib
HKCR\Interface\{267B1ED2-2C9E-4A3F-BE15-7AFC79403073}\TypeLib#Version
HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}
HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}\ProxyStubClsid
HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}\ProxyStubClsid32
HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}\TypeLib
HKCR\Interface\{80CC88FE-2567-42ED-A3AE-E397D2A12C52}\TypeLib#Version
Adware.Tracking Cookie
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@advertising[2].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@bs.serving-sys[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@cache.trafficmp[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@media6degrees[2].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@realmedia[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@tribalfusion[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@www.googleadservices[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@specificclick[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@ar.atwola[3].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@tracking.citibank[2].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@at.atwola[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@ar.atwola[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@kaspersky.122.2o7[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@specificmedia[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@adopt.specificclick[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@adopt.euroclick[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@ads.pointroll[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@tacoda[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@citi.bridgetrack[2].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@serving-sys[2].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@atdmt[1].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@adopt.euroclick[2].txt
C:\Documents and Settings\Owner.YOUR-DC0C6E8137\Cookies\owner@atwola[1].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@pandasoftwar e.112.2o7[1].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@ehg-kingstontechnology.hitbox[1].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@geeksaresexy .blogspot[1].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@ehg-bbelectronics.hitbox[1].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@hitbox[1].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@media.adrevo lver[2].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@ehg-newarkinone.hitbox[1].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@premierfarne ll.112.2o7[1].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@specificclic k[2].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@tacoda[2].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@at.atwola[2].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@revsci[2].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@ehg-tigerdirect2.hitbox[1].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@ads.techguy[1].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@bizrate[2].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@pcstats[1].txt
C:\My Backup -- 27-03-08 1143\Documents and Settings\Owner.sunporch\Cookies\owner@ad.us-ec.adtechus[1].txt

Malwarebytes' Anti-Malware 1.34
Database version: 1848
Windows 5.1.2600 Service Pack 3
3/14/2009 4:20:54 PM
mbam-log-2009-03-14 (16-20-54).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 192174
Time elapsed: 1 hour(s), 12 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:22:01 PM, on 3/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\PROGRA~1\COMMON~1\AOL\122961~1\EE\AOLHOS~1.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\filehippo.com\UpdateChecker.exe
C:\PROGRA~1\COMMON~1\AOL\122961~1\EE\AOLServiceHos t.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VIPTToolbarManager Class - {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
O2 - BHO: Enterra Download Manager Helper - {2956DD50-4F3E-4C20-81D1-FF36435FF288} - C:\Program Files\Enterra\Download Manager\edm.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: URLHooker2 Class - {93935F7F-9C88-42F8-8445-95251D27FABC} - C:\PROGRA~1\FLASHV~1\URLHOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\s wg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Enterra Download Manager - {B5147546-9359-4D9B-8B36-F54C54555799} - C:\Program Files\Enterra\Download Manager\edm.dll
O3 - Toolbar: Visual IP Trace - {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files\Visual IP Trace 2008\VisualIPTraceIE.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1229613011\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [filehippo.com] "C:\Program Files\filehippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Download by Enterra Download Manager - res://C:\Program Files\Enterra\Download Manager\edm.dll/3000
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Enterra Download Manager - {1AB6CC97-17C1-4207-BC51-5C9D435A338E} - res://C:\Program Files\Enterra\Download Manager\edm.dll/3002 (file missing)
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: FWI Fraud Shield - {44E50755-EAC0-49ea-B52D-37372157D100} - C:\Program Files\FWI\FraudShield\FWIFraudShield.exe (HKCU)
O9 - Extra button: Flash Video Downloader - {df7831dd-a048-4336-8cc8-266a03f00d63} - C:\Program Files\Flash Video Downloader\FlashRunner.exe (HKCU)
O15 - Trusted Zone: http://www.windowsupdate.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: ??????P,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll ,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROG RA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KAS PER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbtcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 10663 bytes

[evilfantasy]

Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Double click LopSD.exe - If you are using Windows Vista, right-click on the LopSD icon and select Run as administrator to perform this scan.

• Choose the language by typing of the corresponding letter and press Enter
• Click OK at the informative window
• Type 1, to choose Option 1 (Search) then press Enter
• Wait until the end of the scan
• A report will be generated, post the contents of it in your next reply.

A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt

[hopthwoks]

--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : Owner ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.506 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.506 (Not Activated)
C:\ (Local Disk) - NTFS - Total:227 Go (Free:207 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:0 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Sat 03/14/2009|19:04 )

--------------------\\ Listing folders in APPLIC~1
[06/17/2006|05:41] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[03/27/2008|03:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[03/27/2008|03:17] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[03/27/2008|03:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver
[06/22/2008|11:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[12/18/2008|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[12/17/2008|08:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[10/23/2008|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Backup
[07/23/2008|05:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Broderbund LLC
[07/23/2008|05:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Broderbund Software
[09/06/2008|06:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[03/29/2008|09:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FaxCtr
[04/03/2008|01:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/03/2008|01:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iolo
[03/14/2009|06:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab
[03/11/2009|10:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kaspersky Lab Setup Files
[04/10/2008|03:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macromedia
[11/09/2008|02:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[03/27/2008|03:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[11/09/2008|01:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/27/2008|03:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[05/12/2008|02:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NVIDIA
[05/12/2008|07:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[06/19/2006|02:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[03/27/2008|03:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[03/27/2008|03:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[07/23/2008|05:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Riverdeep Interactive Learning Limited
[06/24/2008|03:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> RoboForm
[12/18/2008|11:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SecTaskMan
[03/29/2008|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> sentinel
[03/13/2009|04:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[04/03/2008|04:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[03/27/2008|03:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[07/25/2008|04:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WildTangent
[04/03/2008|01:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[06/17/2006|05:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[03/27/2008|03:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[03/27/2008|03:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[03/27/2008|03:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver
[12/18/2008|10:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> AOL
[05/29/2008|10:46] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[09/29/2008|05:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[06/17/2006|05:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[12/17/2008|06:06] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> acccore
[06/29/2008|10:41] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Adobe
[03/09/2009|02:09] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> AdobeUM
[02/13/2009|06:19] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Aladdin Systems
[12/18/2008|11:12] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> AOL
[09/06/2008|06:50] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> CyberLink
[03/03/2009|02:29] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> ErrorFix
[03/29/2008|10:58] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> FaxCtr
[12/25/2008|06:51] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> FUJIFILM
[03/13/2009|10:50] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> GetRightToGo
[10/02/2008|04:03] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> GlarySoft
[05/26/2008|12:29] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Google
[03/29/2008|10:13] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Help
[06/17/2006|05:41] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Identities
[07/23/2008|01:31] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> InstallShield
[04/03/2008|01:40] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> iolo
[07/23/2008|05:20] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Macromedia
[11/09/2008|02:47] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Malwarebytes
[09/17/2008|06:17] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Microsoft
[04/18/2008|05:04] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> PrivacyControl
[03/27/2008|03:17] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> SampleView
[04/16/2008|12:41] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Sun
[07/11/2008|02:00] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> SUPERAntiSpyware.com
[05/22/2008|08:49] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Template
[08/03/2008|11:50] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Uniblue
[08/07/2008|09:29] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Viewpoint
[08/04/2008|01:26] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Windows Desktop Search
[08/18/2008|01:22] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> Windows Search
[03/27/2008|03:14] C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\<DIR> You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[03/14/2009 06:56 PM][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{FD03A801-5427-4516-93CD-BC74874B5889}.job
[03/14/2009 12:00 PM][--a------] C:\WINDOWS\tasks\ErrorFix Scan.job
[02/18/2009 11:33 AM][--a------] C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
[08/02/2008 10:33 AM][--a------] C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
[03/14/2009 06:09 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 03:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[03/29/2008|09:54] C:\Program Files\<DIR> ABBYY FineReader 5.0 Sprint
[02/03/2009|12:06] C:\Program Files\<DIR> Activision
[03/27/2008|03:11] C:\Program Files\<DIR> Adobe
[02/13/2009|05:08] C:\Program Files\<DIR> Aladdin Systems
[03/27/2008|03:15] C:\Program Files\<DIR> AMD Live!
[12/23/2008|11:40] C:\Program Files\<DIR> America Online 9.0
[02/01/2009|02:27] C:\Program Files\<DIR> AOL
[12/18/2008|03:09] C:\Program Files\<DIR> AOL Deskbar
[04/08/2008|05:54] C:\Program Files\<DIR> BigFix
[03/10/2009|08:23] C:\Program Files\<DIR> CCleaner
[03/13/2009|04:21] C:\Program Files\<DIR> Common Files
[06/17/2006|05:37] C:\Program Files\<DIR> ComPlus Applications
[10/19/2008|07:52] C:\Program Files\<DIR> CONEXANT
[04/13/2008|11:47] C:\Program Files\<DIR> CpuTrueSpeed
[03/27/2008|03:04] C:\Program Files\<DIR> CyberLink
[03/27/2008|02:55] C:\Program Files\<DIR> DIFX
[03/27/2008|03:06] C:\Program Files\<DIR> Digital Media Reader
[09/21/2008|07:46] C:\Program Files\<DIR> eMailTrackerPro 2008
[05/12/2008|03:54] C:\Program Files\<DIR> Enterra
[03/10/2009|02:17] C:\Program Files\<DIR> filehippo.com
[03/05/2009|11:15] C:\Program Files\<DIR> FinePixViewer
[07/19/2008|04:41] C:\Program Files\<DIR> Flash Video Downloader
[01/31/2009|08:32] C:\Program Files\<DIR> FWI
[09/18/2008|09:42] C:\Program Files\<DIR> Gateway Games
[08/01/2008|09:07] C:\Program Files\<DIR> Google
[03/27/2008|03:15] C:\Program Files\<DIR> gtw_logo
[03/11/2009|10:21] C:\Program Files\<DIR> InstallShield Installation Information
[03/09/2009|09:40] C:\Program Files\<DIR> Internet Explorer
[03/09/2009|07:17] C:\Program Files\<DIR> Java
[03/11/2009|10:27] C:\Program Files\<DIR> Kaspersky Lab
[03/29/2008|09:53] C:\Program Files\<DIR> Lexmark 5200 series
[03/29/2008|09:55] C:\Program Files\<DIR> Lexmark Fax Solutions
[03/14/2009|11:02] C:\Program Files\<DIR> Lx_cats
[02/13/2009|03:05] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[09/08/2008|11:30] C:\Program Files\<DIR> Messenger
[04/27/2008|11:03] C:\Program Files\<DIR> MFInstall
[03/27/2008|03:12] C:\Program Files\<DIR> Microsoft Digital Image 2006
[06/17/2006|05:41] C:\Program Files\<DIR> microsoft frontpage
[05/01/2008|02:52] C:\Program Files\<DIR> Microsoft Money 2006
[09/21/2008|07:49] C:\Program Files\<DIR> Microsoft Office
[03/03/2009|09:42] C:\Program Files\<DIR> Microsoft Silverlight
[05/01/2008|03:27] C:\Program Files\<DIR> Microsoft Works
[09/08/2008|11:23] C:\Program Files\<DIR> Movie Maker
[08/04/2008|07:04] C:\Program Files\<DIR> MSBuild
[06/17/2006|05:35] C:\Program Files\<DIR> MSN
[09/28/2008|07:36] C:\Program Files\<DIR> MSN Encarta Plus
[06/17/2006|05:35] C:\Program Files\<DIR> MSN Gaming Zone
[04/15/2008|03:00] C:\Program Files\<DIR> MSXML 4.0
[05/01/2008|03:28] C:\Program Files\<DIR> MSXML 6.0
[03/27/2008|03:12] C:\Program Files\<DIR> Napster
[09/08/2008|11:20] C:\Program Files\<DIR> NetMeeting
[06/17/2006|05:36] C:\Program Files\<DIR> Online Services
[09/08/2008|11:30] C:\Program Files\<DIR> Outlook Express
[03/11/2009|10:20] C:\Program Files\<DIR> Panda Security
[04/03/2008|04:33] C:\Program Files\<DIR> PC Doc Pro
[03/07/2009|10:07] C:\Program Files\<DIR> Photo Viewer
[12/25/2008|06:43] C:\Program Files\<DIR> PIXELA
[12/18/2008|11:10] C:\Program Files\<DIR> Pure Networks
[03/27/2008|03:13] C:\Program Files\<DIR> QuickTime
[03/27/2008|03:13] C:\Program Files\<DIR> Real
[03/27/2008|03:10] C:\Program Files\<DIR> Realtek
[08/04/2008|07:01] C:\Program Files\<DIR> Reference Assemblies
[12/25/2008|06:28] C:\Program Files\<DIR> REGSHAVE
[01/11/2009|12:23] C:\Program Files\<DIR> RogueRemover FREE
[01/14/2009|03:10] C:\Program Files\<DIR> Security Task Manager
[12/17/2008|06:06] C:\Program Files\<DIR> Security Task Manager(2)
[07/10/2008|09:58] C:\Program Files\<DIR> Siber Systems
[01/06/2009|10:41] C:\Program Files\<DIR> SIW
[06/22/2008|04:58] C:\Program Files\<DIR> SmartySoft
[01/27/2009|04:55] C:\Program Files\<DIR> SpeedFan
[03/08/2009|01:46] C:\Program Files\<DIR> Spotmau WinCares 2007
[05/13/2008|04:11] C:\Program Files\<DIR> Sun
[03/13/2009|04:22] C:\Program Files\<DIR> SUPERAntiSpyware
[07/02/2008|02:15] C:\Program Files\<DIR> TechSmith
[07/24/2008|10:10] C:\Program Files\<DIR> The Print Shop 21
[04/29/2008|01:24] C:\Program Files\<DIR> TouchStoneSoftware
[05/27/2008|11:55] C:\Program Files\<DIR> Traysoft
[04/05/2008|05:11] C:\Program Files\<DIR> Trend Micro
[06/17/2006|05:46] C:\Program Files\<DIR> Uninstall Information
[03/27/2008|03:13] C:\Program Files\<DIR> Viewpoint
[02/23/2009|11:54] C:\Program Files\<DIR> Visual IP Trace 2008
[08/16/2008|08:19] C:\Program Files\<DIR> Web Publish
[07/29/2008|05:02] C:\Program Files\<DIR> WebSite X5 Evolution
[03/27/2008|03:09] C:\Program Files\<DIR> WildTangent
[08/04/2008|01:26] C:\Program Files\<DIR> Windows Desktop Search
[10/05/2008|07:05] C:\Program Files\<DIR> Windows Live Safety Center
[09/29/2008|08:45] C:\Program Files\<DIR> Windows Media Connect 2
[08/04/2008|01:24] C:\Program Files\<DIR> Windows Media Player
[09/08/2008|11:20] C:\Program Files\<DIR> Windows NT
[06/17/2006|05:36] C:\Program Files\<DIR> Windows Plus
[06/17/2006|05:39] C:\Program Files\<DIR> WindowsUpdate
[06/17/2006|05:41] C:\Program Files\<DIR> xerox
--------------------\\ Listing Folders in C:\Program Files\Common Files
[06/22/2008|11:25] C:\Program Files\Common Files\<DIR> Adobe
[12/18/2008|11:10] C:\Program Files\Common Files\<DIR> AOL
[04/04/2008|08:12] C:\Program Files\Common Files\<DIR> aolback
[12/17/2008|08:50] C:\Program Files\Common Files\<DIR> AolCoach
[12/17/2008|06:06] C:\Program Files\Common Files\<DIR> AolCoach(2)
[12/18/2008|12:03] C:\Program Files\Common Files\<DIR> aolshare
[03/27/2008|03:07] C:\Program Files\Common Files\<DIR> InstallShield
[03/27/2008|03:08] C:\Program Files\Common Files\<DIR> Java
[09/21/2008|07:49] C:\Program Files\Common Files\<DIR> Microsoft Shared
[06/17/2006|05:38] C:\Program Files\Common Files\<DIR> MSSoap
[06/19/2006|02:36] C:\Program Files\Common Files\<DIR> New Boundary
[03/27/2008|03:14] C:\Program Files\Common Files\<DIR> Nullsoft
[06/16/2006|10:31] C:\Program Files\Common Files\<DIR> ODBC
[03/11/2009|10:20] C:\Program Files\Common Files\<DIR> Panda Software
[03/27/2008|03:13] C:\Program Files\Common Files\<DIR> Real
[03/27/2008|03:12] C:\Program Files\Common Files\<DIR> Roxio Shared
[04/13/2008|06:19] C:\Program Files\Common Files\<DIR> Scanner
[05/23/2008|08:54] C:\Program Files\Common Files\<DIR> Services
[06/16/2006|10:31] C:\Program Files\Common Files\<DIR> SpeechEngines
[09/21/2008|07:49] C:\Program Files\Common Files\<DIR> System
[03/13/2009|04:21] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
--------------------\\ Process
( 56 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !

--------------------\\ Searching for Lop Files - Folders
C:\DOCUME~1\OWNER~1.YOU\Cookies\owner@advertising[2].txt

--------------------\\ Searching within the Registry

..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-14 19:05:48
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections
--------------------\\ ROGUES ..
C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\PrivacyControl

[F:1196][D:14]-> C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp
[F:58][D:0]-> C:\DOCUME~1\OWNER~1.YOU\Cookies
[F:1348][D:4]-> C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\TEMPOR~1\content. IE5
1 - "C:\Lop SD\LopR_1.txt" - Sat 03/14/2009|19:06 - Option : [1]
--------------------\\ Scan completed at 19:06:50

[evilfantasy]

Administrator[/B].

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code:

:Processes
explorer.exe

:files
C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\PrivacyControl

:Commands
[purity]
[emptytemp]
[start explorer]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[hopthwoks]

Administrator[/b].

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.

little lost what am I saving to desktop

[evilfantasy]

Sorry that got cut off.

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

[hopthwoks]

Error: Unable to interpret <Processes> in the current context!
Error: Unable to interpret <explorer.exe> in the current context!
========== FILES ==========
C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\PrivacyControl\Se ttings moved successfully.
C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\PrivacyControl\Re gistry Backups moved successfully.
C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\PrivacyControl\Lo g moved successfully.
C:\DOCUME~1\OWNER~1.YOU\APPLIC~1\PrivacyControl moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6a4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03152009_185651
Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_6a4.dat not found!

ComboFix 09-03-14.02 - Owner 2009-03-15 19:21:29.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3199.2689 [GMT -4:00]
Running from: c:\documents and settings\Owner.YOUR-DC0C6E8137\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-02-15 to 2009-03-15 )))))))))))))))))))))))))))))))
.
2009-03-15 18:56 . 2009-03-15 18:56 <DIR> d-------- C:\_OTMoveIt
2009-03-14 18:36 . 2009-03-14 19:06 <DIR> d-------- C:\Lop SD
2009-03-13 16:22 . 2009-03-13 16:22 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-13 16:22 . 2009-03-13 16:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-13 16:21 . 2009-03-13 16:21 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-12 12:01 . 2009-03-12 12:02 <DIR> d-------- c:\windows\system32\Adobe
2009-03-12 00:21 . 2009-03-12 00:21 4,626 --a------ c:\windows\system32\%LocalXml%
2009-03-11 22:28 . 2009-03-12 00:05 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-03-11 22:28 . 2009-03-12 00:05 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-03-11 22:27 . 2009-03-11 22:27 <DIR> d-------- c:\program files\Kaspersky Lab
2009-03-11 22:27 . 2009-03-15 19:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-03-11 22:27 . 2009-03-15 19:25 4,153,888 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-11 22:27 . 2009-03-15 19:25 598,048 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-03-11 22:27 . 2009-03-15 19:25 33,532 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-11 22:27 . 2009-03-15 19:25 3,124 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-03-11 22:22 . 2009-03-11 22:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-10 20:23 . 2009-03-10 20:23 <DIR> d-------- c:\program files\CCleaner
2009-03-10 14:17 . 2009-03-10 14:17 <DIR> d-------- c:\program files\filehippo.com
2009-03-09 21:50 . 2009-03-09 21:50 <DIR> d--hs---- c:\documents and settings\Owner.YOUR-DC0C6E8137\IECompatCache
2009-03-09 21:49 . 2009-03-09 21:49 <DIR> d--hs---- c:\documents and settings\Owner.YOUR-DC0C6E8137\PrivacIE
2009-03-09 21:45 . 2009-03-09 21:45 <DIR> d--hs---- c:\documents and settings\Owner.YOUR-DC0C6E8137\IETldCache
2009-03-09 21:37 . 2009-03-09 21:37 <DIR> d-------- c:\windows\ie8updates
2009-03-09 21:34 . 2009-03-09 21:35 <DIR> d--h-c--- c:\windows\ie8
2009-03-09 21:32 . 2009-01-11 01:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-03 12:44 . 2008-04-13 21:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-03 12:44 . 2001-08-17 23:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-03 02:21 . 2009-03-03 02:29 <DIR> d-------- c:\documents and settings\Owner.YOUR-DC0C6E8137\Application Data\ErrorFix
2009-02-28 03:56 . 2009-02-28 03:56 <DIR> d-------- c:\windows\NPCommon
2009-02-21 18:08 . 2009-02-21 18:08 104 --a------ c:\windows\system32\SigUpdRequest_1235254119.tmp
2009-02-21 17:30 . 2009-03-11 22:25 <DIR> d-------- C:\SMCLpav
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-03-15 18:29 --------- d-----w c:\program files\Panda Security
2009-03-15 17:17 --------- d-----w c:\program files\Lx_cats
2009-03-13 14:50 --------- d-----w c:\documents and settings\Owner.YOUR-DC0C6E8137\Application Data\GetRightToGo
2009-03-12 04:06 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-12 02:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-12 02:20 --------- d-----w c:\program files\Common Files\Panda Software
2009-03-09 23:17 --------- d-----w c:\program files\Java
2009-03-09 06:09 --------- d-----w c:\documents and settings\Owner.YOUR-DC0C6E8137\Application Data\AdobeUM
2009-03-08 17:46 --------- d-----w c:\program files\Spotmau WinCares 2007
2009-03-07 14:07 --------- d-----w c:\program files\Photo Viewer
2009-03-05 15:15 --------- d-----w c:\program files\FinePixViewer
2009-03-03 13:42 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 22:33 1,772 ----a-w c:\documents and settings\Owner.YOUR-DC0C6E8137\Application Data\wklnhst.dat
2009-02-24 03:54 --------- d-----w c:\program files\Visual IP Trace 2008
2009-02-13 19:05 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-13 10:19 --------- d-----w c:\documents and settings\Owner.YOUR-DC0C6E8137\Application Data\Aladdin Systems
2009-02-13 09:08 --------- d-----w c:\program files\Aladdin Systems
2009-02-11 15:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-03 04:06 --------- d-----w c:\program files\Activision
2009-02-01 00:32 --------- d-----w c:\program files\FWI
2009-01-27 20:55 --------- d-----w c:\program files\SpeedFan
2008-12-19 19:31 86,016 ----a-w c:\windows\unvise32qt.exe
2008-09-09 03:30 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090820080 909\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Fo lderProtect0]
@="{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}"
[HKEY_CLASSES_ROOT\CLSID\{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}]
2006-12-22 16:30 57344 --a------ c:\program files\Spotmau WinCares 2007\FolderProtectShellExtension.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\Fo lderProtect1]
@="{8A814C29-D3CD-4F9E-9770-DF8704503ACA}"
[HKEY_CLASSES_ROOT\CLSID\{8A814C29-D3CD-4F9E-9770-DF8704503ACA}]
2006-12-22 16:30 57344 --a------ c:\program files\Spotmau WinCares 2007\FolderProtectShellExtension.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2005-07-12 50776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"Lexmark 5200 series"="c:\program files\Lexmark 5200 series\lxbtbmgr.exe" [2004-06-04 57344]
"LXBTCATS"="c:\windows\System32\spool\DRIVERS\W32X 86\3\LXBTtime.dll" [2004-03-17 65536]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-27 98304]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-09-18 86016]
"HostManager"="c:\program files\Common Files\AOL\1229613011\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-10-20 34904]
"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-02-11 399504]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-03-12 206088]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-09-18 c:\windows\system32\nwiz.exe]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 c:\windows\arpwrmsg.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-05-25 68856]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2008-03-27 2168360]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-12-25 303104]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 FolderProtectService;FolderProtectService;c:\progr am files\Spotmau WinCares 2007\FolderProtectService.exe [2008-10-02 16384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-11-09 179856]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\dr ivers\mbam.sys [2008-11-09 15504]
R3 Winacusb;Winacusb;c:\windows\system32\drivers\wina cusb.sys [2008-03-27 902860]
S3 FolderProtectDriver;FolderProtectDriver;c:\program files\Spotmau WinCares 2007\FolderProtectDriver.sys [2008-10-02 11264]
S3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\netimflt.sys --> c:\windows\system32\DRIVERS\netimflt.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\drivers\SIVX32.sys [2008-04-05 48480]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-03-14 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix\ErrorFix.exe []
2009-03-14 c:\windows\Tasks\ErrorFix Scan.job
- c:\program files\ErrorFix []
2009-02-18 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2008-08-02 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
2009-03-15 c:\windows\Tasks\User_Feed_Synchronization-{FD03A801-5427-4516-93CD-BC74874B5889}.job
- c:\windows\system32\msfeedssync.exe [2009-01-15 02:01]
.
- - - - ORPHANS REMOVED - - - -
Notify-avldr - avldr.dll

.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
uStart Page = hxxp://www.aol.com/?src=toolbar
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Download by Enterra Download Manager - c:\program files\Enterra\Download Manager\edm.dll/3000
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: {{1AB6CC97-17C1-4207-BC51-5C9D435A338E} - res://c:\program files\Enterra\Download Manager\edm.dll/3002
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: regnow.com\www
Trusted Zone: windowsupdate.com\www
.
************************************************** ************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-15 19:27:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBTtim e.dll,_RunDLLEntry@16????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2869611830-4205488211-2984368079-1006\Software\Microsoft\SystemCertificates\Address Book*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(656)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\windows\arservice.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\bgsvcgen.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\Lexmark 5200 series\lxbtbmon.exe
c:\windows\system32\rundll32.exe
c:\program files\America Online 9.0\waol.exe
c:\progra~1\COMMON~1\AOL\122961~1\EE\AOLServiceHos t.exe
c:\windows\system32\wscntfy.exe
c:\program files\America Online 9.0\shellmon.exe
.
************************************************** ************************
.
Completion time: 2009-03-15 19:34:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-15 23:34:14
ComboFix2.txt 2009-03-08 21:32:13
Pre-Run: 222,502,379,520 bytes free
Post-Run: 222,547,673,088 bytes free
224 --- E O F --- 2009-03-14 20:46:16

[evilfantasy]

* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code:

:Processes
explorer.exe

:files
c:\windows\system32\SigUpdRequest_1235254119.tmp

:Commands
[purity]
[emptytemp]
[start explorer]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

----------

• Click START then RUN
• Now type Combofix /u in the runbox
• Make sure there's a space between Combofix and /u
• Then hit Enter.

• The above procedure will:
• Delete the following:
• ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Set a new, clean Restore Point.

----------

This scanner works with Internet Explorer only!

Scan with the BitDefender Online Scanner
Click I Agree to the license and then install the ActiveX control.
Please DO NOT change the Scanning Options.
That will make your logs huge and we don't need to see clean files.
Select Start Scan to begin.
This scan can take a while so please be patient and let it complete.

Once BitDefender completes the scan:
Click-on the Detected Problems tab.
Then select Click here to export the scan report



This will save a file named bdscan.html I would suggest saving it to the Desktop so you can easily find it. (take notice of where you save it so you can find it later)

You will have to upload the file online. The forums will not accept HTML.

Go to File Dropper

Click Upload
Locate the file and double click it.
Copy the link below Share This Link: and post it back here.

----------

Also let me know how the computer is running now.

[hopthwoks]

Have tryed everything I can think of but on line scanner will not run. Bitdefender keeps giving error message. need to use Internet Explorer . Aol Explorer dose not work and IE 8 dose not work .
Also when I get that message the computer stops working all together. only way I can get the computer to work is by pulling the plug. And waiting 5min. then pluging it back in .

[evilfantasy]

Download DrWeb CureIt & save it to your desktop. Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start
• An information notice will appear, click OK.
• This starts a short scan that will scan the files currently running in memory.
• If you get a prompt to buy the full version just exit out of the window. The scanner will still work without buying the full version
• If or when something is found, click the Yes button when it asks you if you want to cure it.

• Once the short scan has finished, Click Settings > Change Settings
• Under the Scanning tab UNcheck Heuristic analysis and click OK
• Back at the main window, select the Complete scan button and then click the Green Arrow Start Scanning button on the right and the scan will start.
• Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
• Save the DrWeb.csv report to your Desktop.
• Exit Dr.Web Cureit.
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

* After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
* Copy and paste that log in the next reply