Hi, I've been through all the steps suggested in the sticky. Hope someone can help! THanks in anticipation! AJ. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Saturday, October 11, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Friday, October 10, 2008 23:46:35 Records in database: 1304096 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ I:\ J:\ K:\ L:\ Scan statistics: Files scanned: 432911 Threat name: 31 Infected objects: 67 Suspicious objects: 15 Duration of the scan: 14:45:12 File name / Threat name / Threats count C:\Program Files\UltraVNC\WinVNC.exe/C:\Program Files\UltraVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.q 2 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temp\.tt18.tmp.exe/C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temp\.tt18.tmp.exe Infected: Backdoor.Win32.Frauder.le 1 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 15 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Infected: Trojan-Downloader.Win32.Small.acyi 1 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temp\.tt18.tmp Infected: Backdoor.Win32.Frauder.le 1 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temp\.tt18.tmp.exe Infected: Backdoor.Win32.Frauder.le 1 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temp\57329.exe Infected: Backdoor.Win32.Frauder.jt 7 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temp\BIT22.tmp Infected: Trojan-Downloader.Win32.Zlob.aacg 1 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temp\t17.php Infected: Trojan.Win32.Vapsup.lzl 1 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temp\t17.php Infected: Trojan.Win32.Vapsup.lzj 1 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temp\t17.php Infected: Trojan.Win32.Vapsup.mck 1 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temp\t17.php Infected: Trojan.Win32.Vapsup.lzm 1 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temp\t17.php Infected: Trojan.Win32.Vapsup.mag 1 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temporary Internet Files\Content.IE5\PSP2H0QK\scan[1].exe Infected: Trojan-Downloader.Win32.Small.aemg 1 C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temporary Internet Files\Content.IE5\X3XKH2WT\wEvkx1zFE1[1].exe Infected: Trojan.Win32.Obfuscated.gx 1 C:\Program Files\Alwil Software\Avast4\DATA\moved\confirm.exe.2.vir Infected: Trojan-Downloader.Win32.VB.cp 1 C:\Program Files\Alwil Software\Avast4\DATA\moved\confirm.exe.vir Infected: Trojan-Downloader.Win32.VB.cp 1 C:\Program Files\Alwil Software\Avast4\DATA\moved\isit.exe.2.vir Infected: Trojan-Downloader.Win32.Agent.brk 1 C:\Program Files\Alwil Software\Avast4\DATA\moved\isit.exe.vir Infected: Trojan-Downloader.Win32.Agent.brk 1 C:\Program Files\Alwil Software\Avast4\DATA\moved\unblock.exe.2.vir Infected: Trojan-Downloader.Win32.VB.cp 1 C:\Program Files\Alwil Software\Avast4\DATA\moved\unblock.exe.vir Infected: Trojan-Downloader.Win32.VB.cp 1 C:\Program Files\BT Broadband Desktop Help\vendors\btbb\wwwcache\wt\deviceview\private\content\driven_dev\upgrade\McciContextUpgrade.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1 C:\Program Files\Common Files\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1 C:\Program Files\mirc\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 C:\Program Files\mirc\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 C:\Program Files\PCHealthCenter\0.exe Infected: Backdoor.Win32.Frauder.jt 1 C:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.q 1 C:\WINDOWS\Motive\btbb\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1 C:\WINDOWS\Motive\btbb\UninstallHelper.exe Infected: not-a-virus:RiskTool.Win32.PsKill.1101 1 C:\WINDOWS\system32\dxdllreg.exe~ Infected: Trojan-Downloader.Win32.Agent.qen 1 C:\WINDOWS\system32\gdbiytby.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1 C:\WINDOWS\system32\gfydfnoe.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1 C:\WINDOWS\system32\iufpgohs.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1 C:\WINDOWS\system32\jkhhh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp 1 C:\WINDOWS\system32\mvjrqvxf.dll Infected: Trojan-Spy.Win32.VBStat.h 1 C:\WINDOWS\system32\wwidskvt.exe Infected: Trojan-Dropper.Win32.Agent.bmk 1 D:\Archives\Keep\Cracks\absolutistmahjongv1.0pocketpckeygentsrh.zip Infected: Trojan.Win32.Pakes.av 1 D:\Archives\Keep\Cracks\Cyberlink.PowerDVD.Ultra.Deluxe.v7.2.Multilingual.Keymaker.Only-CORE.zip Infected: Trojan-Downloader.Win32.Delf.ozk 1 D:\Archives\Keep\Internet\mcombo.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1 D:\Archives\Keep\Internet\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\Archives\Keep\PSP\PSPTool201Full.zip Infected: not-a-virus:AdWare.Win32.EShoper.bi 1 D:\Archives\Keep\Security\backups\backup-20070709-180738-526.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp 1 D:\Archives\Keep\Security\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 D:\Archives\Keep\Utilities\UltraVNC-100-RC18-Setup.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1 D:\Archives\UltraVNC_1.0.4_RC17_Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.q 1 D:\Archives\X\[NDS]Pipe_Mania_[USA]2345.exe Infected: Trojan.Win32.Agent.aggt 1 D:\KaZaA\January\0101-0103\0101-0102\F-Cabir.zip Infected: Trojan.SymbOS.Killav.a 1 D:\KaZaA\January\0113-0115\0113-0114\MM_Pro_7.0.2_Build_2716.zip Infected: Trojan-Dropper.Win32.Pincher.bt 1 D:\RECYCLER\S-1-5-21-1177238915-884357618-682003330-1003\Dd10\NO$GBA 2.6a including BIOS and Firmware.zip Infected: Trojan.Win32.Agent.aggt 1 D:\RECYCLER\S-1-5-21-1177238915-884357618-682003330-1003\Dd10\[NDS]Line_Rider_2_Unbound_[USA]_NDS-iND.zip Infected: Trojan.Win32.Agent.aggt 1 D:\RECYCLER\S-1-5-21-1177238915-884357618-682003330-1003\Dd16\0101-0103\0101-0102\F-Cabir.zip Infected: Trojan.SymbOS.Killav.a 1 D:\RECYCLER\S-1-5-21-1177238915-884357618-682003330-1003\Dd16\0113-0115\0113-0114\MM_Pro_7.0.2_Build_2716.zip Infected: Trojan-Dropper.Win32.Pincher.bt 1 D:\RECYCLER\S-1-5-21-1177238915-884357618-682003330-1003\Dd17.exe Infected: Trojan.Win32.Agent.aggt 1 D:\RECYCLER\S-1-5-21-1177238915-884357618-682003330-1003\Dd18.exe Infected: not-a-virus:AdWare.Win32.WeatherBug.a 1 D:\RECYCLER\S-1-5-21-1177238915-884357618-682003330-1003\Dd19.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 D:\RECYCLER\S-1-5-21-1177238915-884357618-682003330-1003\Dd20\backup-20070709-180738-526.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp 1 D:\RECYCLER\S-1-5-21-1177238915-884357618-682003330-1003\Dd22.zip Infected: not-a-virus:AdWare.Win32.EShoper.bi 1 D:\RECYCLER\S-1-5-21-1177238915-884357618-682003330-1003\Dd23.zip Infected: Trojan-Downloader.Win32.Delf.ozk 1 D:\RECYCLER\S-1-5-21-1177238915-884357618-682003330-1003\Dd24.zip Infected: Trojan.Win32.Pakes.av 1 D:\RECYCLER\S-1-5-21-1177238915-884357618-682003330-1003\Dd25.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1 D:\RECYCLER\S-1-5-21-1177238915-884357618-682003330-1003\Dd26.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1 The selected area was scanned. ----------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:51:08, on 11/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\iPod Access for Windows\iPAHelper.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\UltraVNC\WinVNC.exe C:\WINDOWS\system32\Fast.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\UltraVNC\WinVNC.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temp\.tt18.tmp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Last.fm\LastFM.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe C:\Program Files\Maxthon\Maxthon.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {15C2DE55-9796-4657-AAA5-EB605D6C5F9A} - (no file) O3 - Toolbar: olnmraew - {8357C7B3-5BBF-4A22-A18D-A1D1C43BE188} - C:\WINDOWS\olnmraew.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [inrhca6gj0eanu] C:\Documents and Settings\Adam.JACKSON01.000\Local Settings\Temp\.tt18.tmp.exe /CR=648A362AA5036C56AC44DC7859B564CAAD9C160D5D8931883A806BCBD1C08E04B3D652A1D10AD02D38C4AC28FEBE30D09576D8B85EF3A0FA045976889737E847D24A34247D759084AAEC912ABD700E87BB O4 - HKLM\..\Run: [7b65e0f9] rundll32.exe "C:\WINDOWS\system32\iweejjxs.dll",b O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NSeries.PCSync] C:\Program Files\Nokia\Nseries System Utilities\System Utilities\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [] C:\Documents and Settings\Adam.JACKSON01.000\Application Data\Adobe\Player.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - Global Startup: Nokia Nseries PC Suite.lnk = C:\Program Files\Nokia\NNPCS\RunLauncher.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\Adam.JACKSON01.000\Application Data\RssBandit\iecontext_subscribebandit.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://cag.domgen.com/CitrixSessionInit/ICAWEB/icaweb.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133378193249 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1133382839859 O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\..\{3EEBEB4E-4218-4FEA-B159-4CAFBE29D598}: NameServer = 194.72.9.38,194.74.65.68 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: ekagdg.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPAHelper.exe - Unknown owner - C:\Program Files\iPod Access for Windows\iPAHelper.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XIb\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business XIb\RpcSandraSrv.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE -- End of file - 13226 bytes
Hi jacksona Just exactly what problems do you have? What symptoms? Please download Malwarebytes Anti-Malware and install it. Follow the prompts and reboot if required. Launch Malwarebytes either by running C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe or double-click the Malwarebytes' Anti-Malware shortcut on your Desktop. Configuring Malwarebytes • Click on the tab Settings. • Make sure only these boxes are checked: Code: Terminate Internet Explorer Automatically save and display logfile after removal Always scan memory objects Always scan registry objects Always scan filesystem Always scan extra and heuristics objects Updating Malwarebytes • Click on the tab Update. • Press the button Check for Updates • Wait for Malwarebytes to be fully updated. Scanning Time • Click on the tab Scanner. • Check Perform full scan and click on Scan • Wait for the scan to complete, and then click on Show Results. • Make sure all items are checked, then click on Remove Selected. **If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If you are asked to restart the computer, please do so immediately. Post A Log • A text box will pop up after the removal process is over. Post the contents of the text here. • If no text box pops up, launch Malwarebytes, and click on the tab Logs. • The logs will appear as mbam-log-*date-*time.txt. Select the latest one, and then click on Open. • Post the log here. Best Regards
