[Resolved] Pop ups when i start my computer

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

[Resolved] Pop ups when i start my computer, Please help

Options

kittyrae View Member Profile	Sep 4 2008, 10:36 PM Post #1
New Member Group: New Member Posts: 3 Joined: 4-September 08 Member No.: 81,376 Operating System: XP	These pop ups always appear when i start my computer. The first one would always be 'Can't find C:\ Documents' then when i click ok another 7 more will pop up. Need help, pls reply! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:35:19 PM, on 9/5/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Config\csrss.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vaio-online.sony.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vaio-online.sony.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Config\csrss.exe F3 - REG:win.ini: run="C:\Documents and Settings\Charmaine Chong\Application Data\Adobe\Manager.exe" O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Update] wjjwto.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\RunServices: [Update] wjjwto.exe O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Update] wjjwto.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - S-1-5-18 Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'SYSTEM') O4 - .DEFAULT Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'Default user') O4 - .DEFAULT User Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'Default user') O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/ O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- End of file - 8424 bytes

Rorschach112 View Member Profile	Sep 5 2008, 06:42 AM Post #2
SuperMember Group: Visiting Teacher Posts: 2,195 Joined: 29-September 07 Member No.: 73,164 Operating System: Windows XP	Hello Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding. Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum. Please visit this web page for instructions for downloading and running ComboFix http://www.bleepingcomputer.com/combofix/how-to-use-combofix This includes installing the Windows XP Recovery Console in case you have not installed it yet. For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058. Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal. Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.

kittyrae View Member Profile	Sep 5 2008, 08:48 PM Post #3
New Member Group: New Member Posts: 3 Joined: 4-September 08 Member No.: 81,376 Operating System: XP	SDFix report SDFix: Version 1.221 Run by Charmaine Chong on Sat 09/06/2008 at 09:23 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\DOCUME~1\CHARMA~1\LOCALS~1\Temp\sfsrv.exe.bat - Deleted C:\DOCUME~1\CHARMA~1\LOCALS~1\Temp\08.php - Deleted C:\DOCUME~1\CHARMA~1\LOCALS~1\Temp\08.php.bat - Deleted C:\WINDOWS\Config\csrss.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-06 09:59:26 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe::Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Enabled:iTunes" "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe::Enabled:BitComet - a BitTorrent Client" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe::Enabled:Windows Live Messenger (Phone)" "C:\\WINDOWS\\system32\\dzqqnr.exe"="C:\\WINDOWS\\system32\\dzqqnr.exe::Disabled:dzqqnr" "C:\\WINDOWS\\system32\\wjjwto.exe"="C:\\WINDOWS\\system32\\wjjwto.exe::Disabled:wjjwto" "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe::Enabled:avginet.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe::Enabled:avgamsvr.exe" "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe::Enabled:avgcc.exe" "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe::Enabled:avgemc.exe" "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe::Enabled:avgupd.exe" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe::Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe::Enabled:Windows Live Messenger (Phone)" Remaining Files* : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 18 Nov 2004 94,458 ...H. --- "C:\Program Files\Ahead\Nero PhotoShow\data\Nero PhotoShow Express.exe" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\021bbe9f2a0e31da1414f03ea6d62389\BIT2F.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\BIT3D.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\109fef93c24da62cf8f31668d6ba9060\BIT1C.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\63be32bacbd73459f1f4fbd657823ecc\BIT17.tmp" Wed 20 Aug 2008 492,272 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\837a8691e43011f909e4b3e192fe1437\BIT1E.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b20f1a9610d239c2680847de8fa139a\BIT2A.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\962449eaea2a809dd7a3a95c81a023bd\BIT28.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a4a9ccd1806461c53ce89bdd6f4591bf\BIT1B.tmp" Wed 20 Aug 2008 2,295,632 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ccaf14158dd167fe34055e2bcf5a04e7\BIT2D.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d20fc1765c1d2a8e6c26cf77036ce48f\BIT3C.tmp" Wed 20 Aug 2008 705,857 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da70638ee8e6f6c7eff37e755cd6f449\BIT11.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e3c3121982c8a4d0c1605cfbcb9bb7c8\BIT22.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\edc9e523d8678897d85b5ee0ef1bbf7a\BIT42.tmp" Wed 20 Aug 2008 152,541 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f040a43a7788e207ef67f26bf9f0471f\BIT1A.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a7407b49e4a15c0b9a45c0426de5360\download\BIT41.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1d8773e3b9bba05290b442f31de09a2e\download\BIT46.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\208c1a8c52f47d7b2df4baa21f58d3da\download\BIT4B.tmp" Wed 20 Aug 2008 506,566 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\28b254fb1d3df181eb61de1dab1aaf98\download\BIT48.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32e99364da67a7850c38a7a4e067a1ed\download\BIT4A.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\512e19b377bd5d52a1e190ecbd7a83eb\download\BIT47.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\694301dbfd149d8645046cbc0b1067e8\download\BIT45.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c9cdbfcd49200c55d94bb81819c80f2b\download\BIT4C.tmp" Wed 20 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d424e8f655073b64c82b6f4f138d5f7e\download\BIT4E.tmp" Finished! ComboFix ComboFix 08-09-05.02 - Charmaine Chong 2008-09-06 10:37:06.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.185 [GMT 8:00] Running from: C:\Documents and Settings\Charmaine Chong\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Charmaine Chong\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML . ((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))) . 2008-09-06 09:22 . 2008-09-06 09:22 577,024 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll 2008-09-06 09:21 . 2008-09-06 09:21 <DIR> d-------- C:\WINDOWS\ERUNT 2008-09-06 09:04 . 2008-09-06 10:01 <DIR> d----c--- C:\SDFix 2008-09-05 19:41 . 2008-09-05 19:42 <DIR> d-------- C:\Program Files\Apple Software Update 2008-09-05 12:24 . 2008-09-05 12:25 2,164,216 --a--c--- C:\Program Files\mbam-setup.exe 2008-09-04 21:34 . 2008-09-04 21:34 <DIR> d-------- C:\Program Files\Trend Micro 2008-09-04 21:30 . 2008-09-04 21:30 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\Lavasoft 2008-09-04 21:29 . 2008-09-04 21:33 812,344 --a--c--- C:\Program Files\HJTInstall.exe 2008-09-04 15:02 . 2008-09-06 10:15 <DIR> d--h-c--- C:\$AVG8.VAULT$ 2008-09-04 14:17 . 2008-09-04 14:17 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-09-04 14:17 . 2008-09-04 14:17 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-09-04 14:17 . 2008-09-04 14:17 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-09-04 14:16 . 2008-09-06 06:40 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-09-04 14:16 . 2008-09-04 14:40 <DIR> d-------- C:\Program Files\AVG 2008-09-04 14:16 . 2008-09-04 14:16 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\avg8 2008-09-04 06:09 . 2008-05-01 22:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-09-04 04:42 . 2008-09-04 08:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-09-03 19:32 . 2008-05-08 20:28 202,752 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-09-03 15:31 . 2008-06-13 21:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-09-01 19:47 . 2008-09-01 19:47 <DIR> d---s---- C:\Documents and Settings\Charmaine Chong\UserData 2008-09-01 11:23 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-09-01 11:23 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-09-01 11:23 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-08-23 20:30 . 2008-08-23 20:30 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-08-23 20:30 . 2008-08-23 20:30 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-08-23 09:08 . 2008-08-23 09:08 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\Snapfish 2008-08-22 19:03 . 2008-08-22 19:03 268 --ah-c--- C:\sqmdata04.sqm 2008-08-22 19:03 . 2008-08-22 19:03 244 --ah-c--- C:\sqmnoopt04.sqm 2008-08-22 13:45 . 2008-04-12 02:50 683,520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-22 12:18 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-08-22 12:18 . 2008-08-22 12:18 268 --ah-c--- C:\sqmdata03.sqm 2008-08-22 12:18 . 2008-08-22 12:18 244 --ah-c--- C:\sqmnoopt03.sqm 2008-08-21 20:05 . 2008-08-21 20:05 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-08-21 20:03 . 2008-08-21 20:08 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Contacts 2008-08-21 20:03 . 2008-08-21 20:03 268 --ah-c--- C:\sqmdata02.sqm 2008-08-21 20:03 . 2008-08-21 20:03 244 --ah-c--- C:\sqmnoopt02.sqm 2008-08-20 20:09 . 2008-08-20 20:09 <DIR> d-------- C:\Program Files\Photoshop CS3 2008-08-20 15:04 . 2008-08-20 15:04 <DIR> d-------- C:\Program Files\Auslogics 2008-08-20 15:04 . 2008-08-20 15:04 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\Auslogics 2008-08-20 15:03 . 2008-08-20 15:03 1,426,904 --a------ C:\Program Files\disk-defrag-setup.exe 2008-08-20 13:33 . 2008-08-20 13:33 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\AdobeUM 2008-08-20 13:32 . 2008-08-20 13:32 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\Drag'n Drop CD+DVD 2008-08-20 13:25 . 2008-08-20 13:25 <DIR> d-------- C:\WINDOWS\HelpFiles 2008-08-20 13:25 . 2008-08-20 13:25 <DIR> d-------- C:\WINDOWS\BinFiles 2008-08-20 13:24 . 2002-12-20 15:47 29,696 --a------ C:\WINDOWS\system32\XmlInst.exe 2008-08-20 13:24 . 2002-12-20 15:47 25,088 --a------ C:\WINDOWS\system32\msxml3a.dll 2008-08-20 13:23 . 2008-08-20 13:23 <DIR> d-------- C:\Program Files\Drag'n Drop CD+DVD 2008-08-20 13:23 . 2002-08-20 10:29 40,960 --a------ C:\WINDOWS\system32\ezSP_Px.exe 2008-08-20 13:23 . 2003-09-08 21:15 2 --------- C:\WINDOWS\system32\Px.ini 2008-08-20 13:18 . 2004-04-01 09:50 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\Sony Corporation 2008-08-20 13:18 . 2008-09-01 19:47 <DIR> d-------- C:\Documents and Settings\Charmaine Chong 2008-08-20 13:18 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-08-20 13:17 . 2008-08-20 13:17 <DIR> d-------- C:\Program Files\Program Shortcuts 2008-08-20 13:17 . 2004-04-01 09:50 <DIR> d-------- C:\Documents and Settings\Default User\Application Data\Sony Corporation 2008-08-20 13:17 . 2008-08-20 13:17 0 -rah----- C:\WINDOWS\system32\drivers\Sony_VGN-A19GP(I).mrk 2008-08-20 11:51 . 2008-08-20 11:51 <DIR> d-------- C:\Program Files\Skype 2008-08-20 11:51 . 2008-09-04 05:04 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\Skype 2008-08-20 11:47 . 2008-08-20 11:47 <DIR> d-------- C:\Program Files\K-Lite Codec Pack 2008-08-20 11:45 . 2008-08-20 11:45 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\Simple Star 2008-08-20 11:45 . 2004-11-18 05:29 1,568,768 --a------ C:\WINDOWS\system32\ImagX7.dll 2008-08-20 11:45 . 2004-11-18 05:29 476,320 --a------ C:\WINDOWS\system32\ImagXpr7.dll 2008-08-20 11:45 . 2004-11-18 05:29 471,040 --a------ C:\WINDOWS\system32\ImagXRA7.dll 2008-08-20 11:45 . 2004-11-18 05:24 421,888 --a------ C:\WINDOWS\Nero PhotoShow.scr 2008-08-20 11:45 . 2004-11-18 05:29 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll 2008-08-20 11:45 . 2004-11-18 05:29 262,144 --a------ C:\WINDOWS\system32\ImagXR7.dll 2008-08-20 11:45 . 2004-11-18 05:29 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll 2008-08-20 11:45 . 2004-11-18 05:29 38,912 --a------ C:\WINDOWS\system32\picn20.dll 2008-08-20 11:44 . 2008-08-20 11:44 <DIR> d-------- C:\Program Files\Ahead 2008-08-20 11:44 . 2008-08-20 11:45 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\Ahead 2008-08-20 11:43 . 2008-08-20 11:43 <DIR> d-------- C:\Program Files\Rainlendar 2008-08-20 11:43 . 2008-08-20 11:43 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\Rainlendar 2008-08-20 11:27 . 2008-08-20 11:27 268 --ah-c--- C:\sqmdata01.sqm 2008-08-20 11:27 . 2008-08-20 11:27 244 --ah-c--- C:\sqmnoopt01.sqm 2008-08-20 11:26 . 2006-08-25 11:47 129,784 --------- C:\WINDOWS\system32\pxafs.dll 2008-08-20 11:26 . 2006-08-25 11:47 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe 2008-08-20 11:26 . 2006-08-25 11:47 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-08-20 11:26 . 2006-08-25 11:47 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-08-20 11:23 . 2008-08-20 12:00 <DIR> d-------- C:\Program Files\Winamp 2008-08-20 11:17 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2008-08-20 11:17 . 2008-08-20 11:17 376 --a------ C:\WINDOWS\ODBC.INI 2008-08-20 11:16 . 2008-08-20 11:16 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-08-20 11:15 . 2008-08-20 11:15 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2008-08-20 11:13 . 2008-08-20 11:16 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-08-20 11:07 . 2008-08-20 11:08 67 --a------ C:\WINDOWS\IDMan.INI 2008-08-20 11:01 . 2008-08-20 11:01 268 --ah-c--- C:\sqmdata00.sqm 2008-08-20 11:01 . 2008-08-20 11:01 244 --ah-c--- C:\sqmnoopt00.sqm 2008-08-20 10:59 . 2008-09-03 14:12 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\DMCache 2008-08-20 10:57 . 2008-08-20 10:57 137 --a------ C:\WINDOWS\system32\MRT.INI 2008-08-20 10:49 . 2008-08-20 10:49 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-08-20 10:49 . 2008-08-20 10:49 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-08-20 10:45 . 2008-08-20 10:45 <DIR> d-------- C:\Program Files\Lavasoft 2008-08-20 09:06 . 2008-08-20 09:07 <DIR> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-20 03:55 . 2008-08-20 03:56 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WinZip 2008-08-20 03:29 . 2008-09-05 12:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware 2008-08-20 03:29 . 2008-08-20 03:29 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\SUPERAntiSpyware.com 2008-08-20 03:29 . 2008-08-20 03:29 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-08-20 03:28 . 2008-08-20 03:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-20 03:03 . 2008-09-04 21:46 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-08-20 03:03 . 2008-08-20 03:17 <DIR> d-------- C:\Program Files\Windows Live 2008-08-20 03:03 . 2008-08-20 03:08 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-08-20 03:03 . 2008-08-20 03:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-08-20 02:48 . 2008-09-05 23:34 <DIR> d----c--- C:\Downloads 2008-08-20 02:47 . 2008-08-20 02:53 <DIR> d-------- C:\Program Files\BitComet 2008-08-20 02:32 . 2008-08-20 02:32 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\Apple Computer 2008-08-20 02:31 . 2008-08-20 02:31 <DIR> d-------- C:\Program Files\iTunes 2008-08-20 02:31 . 2008-08-20 02:31 <DIR> d-------- C:\Program Files\iPod 2008-08-20 02:30 . 2008-08-20 02:30 <DIR> d-------- C:\Program Files\Bonjour 2008-08-20 02:29 . 2008-08-20 02:30 <DIR> d-------- C:\Program Files\QuickTime 2008-08-20 02:29 . 2008-08-20 02:31 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-08-20 02:28 . 2008-08-20 03:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-08-20 02:28 . 2008-08-20 02:28 <DIR> d-------- C:\Program Files\Common Files\Apple 2008-08-20 02:28 . 2008-08-20 02:28 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Apple 2008-08-20 02:07 . 2008-08-20 02:07 <DIR> d-------- C:\WINDOWS\ServicePackFiles 2008-08-20 02:00 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-08-20 02:00 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002435_.tmp 2008-08-20 01:57 . 2008-08-20 01:57 <DIR> d-------- C:\WINDOWS\EHome 2008-08-19 23:12 . 2008-08-19 23:12 63,530,280 --a------ C:\Program Files\iTunesSetup.exe 2008-08-19 23:05 . 2008-08-19 23:05 0 --a------ C:\WINDOWS\nsreg.dat 2008-08-19 22:45 . 2008-08-19 22:45 <DIR> d-------- C:\Documents and Settings\Charmaine Chong\Application Data\Symantec 2008-08-19 22:45 . 2008-09-03 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-23 12:26 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-20 05:25 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-20 05:25 --------- d-----w C:\Program Files\Sony 2008-07-18 14:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 14:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 14:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 14:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 14:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 14:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 14:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 14:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-07-17 2599224] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe" [2005-02-26 212992] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 20058152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Hcontrol"="C:\WINDOWS\ATK0100\Hcontrol.exe" [2003-09-19 61440] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 114688] "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2003-12-12 167936] "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-21 32768] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952] "MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2003-03-31 59392] "PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168] "PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2003-03-31 455168] "HKSERV.EXE"="C:\Program Files\Sony\HotKey Utility\HKserv.exe" [2004-02-13 98304] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-26 335872] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 40960] "Drag'n Drop CD+DVD"="C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe" [2004-02-02 1183744] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-04 1235736] "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-15 C:\WINDOWS\system32\ico.exe] "BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-04 C:\WINDOWS\system32\irprops.cpl] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe] C:\Documents and Settings\Default User\Start Menu\Programs\Startup\ E-Flyer.lnk - C:\Program Files\Sony\E-Flyer\E-Flyer.exe [2004-04-01 364544] C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ E-Flyer.lnk - C:\Program Files\Sony\E-Flyer\E-Flyer.exe [2004-04-01 364544] C:\Documents and Settings\Charmaine Chong\Start Menu\Programs\Startup\ Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2006-01-21 118784] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-09-01 11:20 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "VIDC.dvsd"= C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\BitComet\\BitComet.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "20296:TCP"= 20296:TCP:BitComet 20296 TCP "20296:UDP"= 20296:UDP:BitComet 20296 UDP R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-04 97928] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-09-04 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-04 231704] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-09-04 76040] R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2001-08-17 37040] Newly Created Service - PROCEXP90 Newly Created Service - SASDIFSV . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Charmaine Chong\Application Data\Mozilla\Firefox\Profiles\8afht3oc.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/ FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPOJI610.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-06 10:39:05 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\Ati2evxx.dll . Completion time: 2008-09-06 10:40:33 ComboFix-quarantined-files.txt 2008-09-06 02:40:28 Pre-Run: 16,678,993,920 bytes free Post-Run: 16,765,296,640 bytes free 262 --- E O F --- 2008-09-05 19:09:10 Hijack This log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:45:21 AM, on 9/6/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\WINDOWS\ATK0100\Hcontrol.exe C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\BitComet\BitComet.exe C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Rainlendar\Rainlendar.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vaio-online.sony.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://vaio-online.sony.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - S-1-5-18 Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'SYSTEM') O4 - .DEFAULT Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'Default user') O4 - .DEFAULT User Startup: E-Flyer.lnk = C:\Program Files\Sony\E-Flyer\E-Flyer.exe (User 'Default user') O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://vaio-online.sony.com/ O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe -- End of file - 8144 bytes I encountered a problem when I dragged the Windows XP recovery Console icon into ComboFix. First there was a pop up that said 'Windows cannot access the specific device, path or file. You may not have the appropriate permissions to access the item.' Then there was this AVG Resident Shield Alert that said Potentially Unwanted Program File name: C:\ 327882R2FWJFW\hidec.exe Threat Name: Potentially harmful program HideExec.EV Detected on open. So I clicked Move to Vault then tried to drag the Recovery Console icon into ComboFix again but the same thing popped up so I clicked ignore this time then proceeded to run ComboFix. Did I mess up the whole thing? This post has been edited by kittyrae*: Sep 5 2008, 09:03 PM

Rorschach112 View Member Profile	Sep 6 2008, 07:01 AM Post #4
SuperMember Group: Visiting Teacher Posts: 2,195 Joined: 29-September 07 Member No.: 73,164 Operating System: Windows XP	Nope Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Please do an online scan with Kaspersky WebScanner Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept You will be prompted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Make sure to use Internet Explorer for this Please go to VirSCAN.org FREE on-line scan service Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page: C:\WINDOWS\system32\dllcache\user32.dll Click on the Upload button Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. Paste the contents of the Clipboard in your next reply.

kittyrae View Member Profile	Sep 7 2008, 03:38 AM Post #5
New Member Group: New Member Posts: 3 Joined: 4-September 08 Member No.: 81,376 Operating System: XP	Malwarebytes' Anti-Malware 1.26 Database version: 1119 Windows 5.1.2600 Service Pack 2 2008-09-06 23:11:44 mbam-log-2008-09-06 (23-11-44).txt Scan type: Quick Scan Objects scanned: 42868 Time elapsed: 9 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Kaspersky Scanner said no malware has been detected. VirSCAN.org Scanned Report : Scanner results: All Scanners reported not find malware! File Name : user32.dll File Size : 577024 byte File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi MD5 : c72661f8552ace7c5c85e16a3cf505c4 SHA1 : 19dc0854aaeaadf26bae8b7daace8115b5209f73 Online report : http://virscan.org/report/b67e8cfa4bfb0736...910501b8ea.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 3.5.0.22 2008.08.31 2008-08-31 2.50 - AhnLab V3 2008.08.30.00 2008.08.30 2008-08-30 0.90 - AntiVir 7.8.1.23 7.0.6.95 2008-08-31 2.18 - Arcavir 1.0.5 200808311533 2008-08-31 1.20 - AVAST! 3.0.1 080831-0 2008-08-31 0.03 - AVG 7.5.51.442 270.6.14/1644 2008-08-31 1.59 - BitDefender 7.60825.1689679 7.20762 2008-09-01 2.96 - CA (VET) 9.0.0.143 31.6.6057 2008-08-29 3.78 - ClamAV 0.93.3 8122 2008-08-31 0.13 - Comodo 2.11 2.0.0.633 2008-08-31 0.43 - CP Secure 1.1.0.715 2008.09.01 2008-09-01 6.56 - Dr.Web 4.44.0.9170 2008.08.31 2008-08-31 3.12 - ewido 4.0.0.2 2008.08.31 2008-08-31 2.86 - F-Prot 4.4.4.56 20080831 2008-08-31 1.03 - F-Secure 5.51.6100 2008.08.31.01 2008-08-31 2.05 - Fortinet 2.81-3.11 9.499 2008-09-01 0.55 - ViRobot 20080829 2008.08.29 2008-08-29 0.39 - Ikarus T3.1.01.34 2008.08.31.71372 2008-08-31 3.27 - JiangMin 11.0.706 2008.08.31 2008-08-31 1.22 - Kaspersky 5.5.10 2008.09.01 2008-09-01 0.04 - KingSoft 2008.1.14.15 2008.9.1.10 2008-09-01 0.60 - McAfee 5.3.00 5373 2008-08-29 2.11 - Microsoft 1.3807 2008.09.01 2008-09-01 4.34 - mks_vir 2.01 2008.08.25 2008-08-25 2.63 - Norman 5.93.01 5.93.00 2008-08-29 5.03 - Panda 9.05.01 2008.08.31 2008-08-31 3.74 - Trend Micro 8.700-1004 5.510.03 2008-08-31 0.03 - Quick Heal 9.50 2008.08.29 2008-08-29 1.85 - Rising 20.0 20.59.62.00 2008-08-31 0.77 - Sophos 2.78.0 4.33 2008-09-01 1.68 - Sunbelt 3.1.1592.1 2210 2008-08-29 0.40 - Symantec 1.3.0.24 20080831.003 2008-08-31 0.10 - nProtect 2008-08-29.00 1993388 2008-08-29 7.04 - The Hacker 6.3.0.6 v00068 2008-08-29 0.48 - VBA32 3.12.8.4 20080831.1339 2008-08-31 1.31 - VirusBuster 4.5.11.10 10.86.1/623289 2008-08-31 1.58 - So does this mean I'm finally free from malware now?? This post has been edited by kittyrae: Sep 7 2008, 03:40 AM

Rorschach112 View Member Profile	Sep 7 2008, 06:18 AM Post #6
SuperMember Group: Visiting Teacher Posts: 2,195 Joined: 29-September 07 Member No.: 73,164 Operating System: Windows XP	Yes Follow these steps to uninstall Combofix and tools used in the removal of malware Click START then RUN Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there. Make sure you have an Internet Connection. Download OTCleanIt to your desktop and run it A list of tool components used in the Cleanup of malware will be downloaded. If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so. Click Yes to beging the Cleanup process and remove these components, including this application. You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes. Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here : http://www.adobe.com/products/acrobat/readstep2.html Below I have included a number of recommendations for how to protect your computer against malware infections. * Keep Windows updated by regularly checking their website at : http://windowsupdate.microsoft.com/ This will ensure your computer has always the latest security updates available installed on your computer. * To reduce re-infection for malware in the future, I strongly recommend installing these free programs: SpywareBlaster protects against bad ActiveX IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all Have a look at this tutorial for IE-Spyad here * SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict. Make Internet Explorer more secure Click Start > Run Type Inetcpl.cpl & click OK Click on the Security tab Click Reset all zones to default level Make sure the Internet Zone is selected & Click Custom level In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable". Next Click OK, then Apply button and then OK to exit the Internet Properties page. ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points. Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions. MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future. * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place' Here Thank you for your patience, and performing all of the procedures requested.

Rorschach112