[AmySue]

Well for two days now I have been trying to run HJT and each time it wont start, ither will any other of my security programs, Trojan Remover, Advanced system care. I try to run them and it tells me I dotn have permission. I could uninstall ASC and reinstall it but still tells me that, I cant even uninstall HJT cuz it tells me I dont have permission. I was able to run a scan using IO Bit 360 and it said I had a trojan, it said it got rid of it, but still I got no joy here and Iam not sure what to do.

Could I get some advice. ?

[AmySue]

I was able to run a high jack scan but not with high jack this.

Logfile of IObit HijackScan v1.0.0.0
Scan saved at 21:46:38, on 2009-9-8

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\system32\svchost.exe
C:\Windows\System32\LEXPPS.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\TUProgSt.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG8\avgemc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\BHODemon 2\BHODemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\TuneUp Utilities 2009\Integrator.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}YInstHelper.YInstStarter.1 - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_14 - http://java.sun.com/...indows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}Java Plug-in 1.6.0_13 - http://java.sun.com/...indows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}Java Plug-in 1.6.0_14 - http://java.sun.com/...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_14 - http://java.sun.com/...indows-i586.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG8\avgwdsvc.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Unknown -
O23 - Service: Diagnostic Policy Service (DPS) - Unknown -
O23 - Service: Windows Media Center Service Launcher (ehstart) - Unknown - %windir%\system32\svchost.exe
O23 - Service: Group Policy Client (gpsvc) - Unknown -
O23 - Service: Windows CardSpace (idsvc) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: Net.Tcp Port Sharing Service (NetTcpPortSharing) - Unknown - %systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Quality Windows Audio Video Experience (QWAVE) - Unknown - %windir%\system32\svchost.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Unknown -
O23 - Service: Security Accounts Manager (SamSs) - Unknown -
O23 - Service: Secondary Logon (seclogon) - Unknown - %windir%\system32\svchost.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Unknown -
O23 - Service: Windows Modules Installer (TrustedInstaller) - Unknown -
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe
O23 - Service: Diagnostic Service Host (WdiServiceHost) - Unknown -
O23 - Service: Diagnostic System Host (WdiSystemHost) - Unknown -
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

[SWI Support Robot]

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]

[jedi]

Hi,

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
  [list]
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Please tell me if Combofix won't run, and make a note of any error or other messages it may give you.

jedi

[AmySue]

ComboFix 09-09-11.01 - Hotrod Hoss 09/12/2009 1:49.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1041 [GMT -4:00]
Running from: c:\users\Hotrod Hoss\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\windows\ShellNew
c:\windows\ShellNew\Journal.jnt

.
((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.

2009-09-11 19:00 . 2009-09-11 19:02 -------- d-----w- c:\windows\system32\ca-ES
2009-09-11 19:00 . 2009-09-11 19:02 -------- d-----w- c:\windows\system32\eu-ES
2009-09-11 19:00 . 2009-09-11 19:02 -------- d-----w- c:\windows\system32\vi-VN
2009-09-11 18:16 . 2009-09-11 18:16 -------- d-----w- c:\windows\system32\EventProviders
2009-09-10 18:14 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-09-10 18:14 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2009-09-10 18:14 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2009-09-10 18:14 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2009-09-10 18:12 . 2009-04-11 06:28 17920 ----a-w- c:\windows\system32\wscisvif.dll
2009-09-09 01:05 . 2009-09-09 01:05 -------- d-----w- c:\program files\Enigma Software Group
2009-09-08 22:28 . 2009-09-08 22:28 -------- d-----w- c:\users\Hotrod Hoss\AppData\Roaming\TrojanHunter
2009-09-08 21:23 . 2009-09-09 01:15 -------- d-----w- c:\program files\TrojanHunter 5.2
2009-09-07 19:34 . 2009-09-07 19:34 -------- d-----w- c:\programdata\Simply Super Software
2009-09-07 18:32 . 2009-09-07 19:13 -------- d-----w- c:\program files\Loaris Trojan Remover
2009-09-07 09:38 . 2009-09-07 09:38 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-07 09:38 . 2009-09-07 09:38 -------- d-----w- c:\program files\Lavasoft(113)
2009-09-05 17:29 . 2009-09-05 17:29 -------- d-----w- c:\program files\ESET
2009-09-02 19:51 . 2009-08-29 00:27 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 19:51 . 2009-08-29 00:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 16:53 . 2009-09-02 16:53 -------- d-----w- c:\users\Hotrod Hoss\AppData\Roaming\Plazmic
2009-09-02 16:53 . 2008-09-26 13:29 225280 ----a-w- c:\windows\system32\net_rim_plazmic_flint_dialog.dll
2009-09-02 16:52 . 2009-09-02 16:53 -------- d-----w- c:\program files\Plazmic CDK 4.6
2009-09-02 16:52 . 2009-09-02 16:53 -------- d--h--w- c:\program files\Zero G Registry
2009-09-02 16:41 . 2009-09-02 16:41 -------- d--h--w- c:\users\Hotrod Hoss\InstallAnywhere
2009-09-02 16:08 . 2009-09-02 16:53 256 ----a-w- c:\windows\system32\pool.bin
2009-09-02 16:08 . 2009-09-02 16:08 -------- d-----w- c:\users\Hotrod Hoss\AppData\Roaming\Research In Motion
2009-09-02 16:08 . 2009-09-02 16:08 -------- d-----w- c:\programdata\Research In Motion
2009-09-02 16:07 . 2009-01-09 20:18 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2009-09-02 16:07 . 2009-09-02 16:07 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-09-02 16:07 . 2009-09-02 16:07 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-09-02 16:07 . 2009-09-02 16:08 -------- d-----w- c:\program files\Research In Motion
2009-09-02 03:51 . 2009-09-02 16:57 -------- d-----w- c:\users\Hotrod Hoss\Tracing
2009-09-02 03:48 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-02 03:45 . 2009-09-02 03:45 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-02 03:44 . 2009-09-02 17:02 -------- d-----w- c:\program files\Windows Live
2009-09-02 03:38 . 2009-09-02 03:38 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-28 05:03 . 2009-08-28 05:03 -------- d-----w- c:\programdata\IObit
2009-08-28 04:52 . 2009-09-09 01:38 -------- d-----w- c:\program files\IObit
2009-08-28 04:52 . 2009-08-28 05:01 -------- d-----w- c:\users\Hotrod Hoss\AppData\Roaming\IObit
2009-08-28 04:31 . 2009-08-28 04:32 -------- d-----w- c:\program files\BHODemon 2
2009-08-26 22:33 . 2009-09-07 03:43 -------- d--h--w- c:\windows\msdownld.tmp
2009-08-26 21:38 . 2009-09-09 01:28 -------- d-----w- c:\program files\Pcsx2
2009-08-26 07:01 . 2009-06-22 10:09 2048 ----a-w- c:\windows\system32\tzres.dll
2009-08-25 21:49 . 2009-04-11 06:28 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-08-20 04:02 . 2009-08-20 04:02 -------- d-----w- c:\program files\Rockstar Games
2009-08-16 07:01 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-08-15 18:59 . 2009-08-15 18:59 -------- d-----w- c:\program files\LSI SoftModem
2009-08-15 18:56 . 2009-03-08 11:33 18944 ----a-w- c:\windows\system32\corpol.dll
2009-08-15 18:55 . 2009-06-15 14:54 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-15 18:55 . 2009-06-15 14:53 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-15 18:55 . 2009-06-15 14:52 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-15 18:55 . 2009-06-15 14:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-15 18:55 . 2009-06-15 23:15 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-15 18:55 . 2009-06-15 14:53 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-15 18:55 . 2009-06-15 14:53 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-15 18:55 . 2009-06-15 12:48 9728 ----a-w- c:\windows\system32\lsass.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-11 19:06 . 2004-01-01 04:17 -------- d-----w- c:\programdata\NVIDIA
2009-09-11 19:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-11 19:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-11 19:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-09-11 19:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-09-11 19:03 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-09-11 19:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-09-11 19:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-09-11 18:59 . 2009-09-11 18:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-11 18:12 . 2009-06-16 03:40 -------- d-----w- c:\programdata\Yahoo! Companion
2009-09-09 01:28 . 2009-07-04 05:24 -------- d-----w- c:\program files\Trojan Remover
2009-09-09 01:28 . 2009-06-17 07:48 -------- d-----w- c:\program files\LimeWire
2009-09-09 01:28 . 2009-06-17 07:27 -------- d-----w- c:\program files\Lavasoft
2009-09-09 01:28 . 2009-06-16 06:54 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-09-09 01:28 . 2009-06-17 07:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-09 01:28 . 2009-06-17 06:44 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-09-09 01:17 . 2004-01-01 04:01 680 ----a-w- c:\users\Hotrod Hoss\AppData\Local\d3d9caps.dat
2009-09-08 22:41 . 2009-06-16 03:49 -------- d-----w- c:\program files\Java
2009-09-07 09:37 . 2009-06-22 10:59 -------- d-----w- c:\program files\SpywareBlaster
2009-09-07 09:35 . 2009-07-05 07:32 -------- d-----w- c:\users\Hotrod Hoss\AppData\Roaming\LimeWire
2009-08-27 14:30 . 2009-06-24 03:09 -------- d-----w- c:\program files\Flock
2009-08-20 04:48 . 2004-01-01 04:19 33449 ----a-w- c:\programdata\nvModes.dat
2009-08-20 04:02 . 2009-06-29 10:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-20 04:02 . 2009-06-29 10:25 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-18 13:10 . 2009-06-16 06:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-18 13:10 . 2009-06-16 06:43 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-18 13:10 . 2009-06-16 06:43 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-16 03:28 . 2009-08-16 03:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-08-15 20:24 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-08-15 20:24 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-08-15 16:31 . 2009-06-17 07:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-14 16:27 . 2009-09-09 17:28 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-09 17:28 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-09 17:28 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-09 17:28 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-09 17:28 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49 . 2009-09-09 17:28 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49 . 2009-09-09 17:28 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49 . 2009-09-09 17:28 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49 . 2009-09-09 17:28 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48 . 2009-09-09 17:28 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-08-14 13:48 . 2009-09-09 17:28 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-12 14:44 . 2009-06-16 03:34 53168 ----a-w- c:\users\Hotrod Hoss\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-12 06:50 . 2009-08-12 06:50 -------- d-----w- c:\users\Hotrod Hoss\AppData\Roaming\OpenOffice.org
2009-08-12 06:47 . 2009-08-12 06:47 -------- d-----w- c:\program files\JRE
2009-08-12 06:47 . 2009-08-12 06:47 -------- d-----w- c:\program files\OpenOffice.org 3
2009-08-12 06:35 . 2009-08-12 06:32 -------- d-----w- c:\program files\AbiSuite2
2009-08-09 07:37 . 2009-08-09 07:37 -------- d-----w- c:\program files\DivX
2009-08-09 07:37 . 2009-08-09 07:37 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-08-06 15:56 . 2009-08-06 15:56 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-08-06 15:56 . 2009-08-06 15:56 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-08-04 21:05 . 2009-06-16 07:00 -------- d-----w- c:\users\Hotrod Hoss\AppData\Roaming\WeatherBug
2009-08-04 02:02 . 2009-07-13 12:31 978 ----a-w- c:\windows\eReg.dat
2009-08-04 01:33 . 2009-07-13 12:26 -------- d-----w- c:\program files\EA Games
2009-08-03 03:56 . 2009-08-03 03:56 -------- d-----w- c:\program files\Saitek
2009-08-03 03:18 . 2009-08-03 03:16 -------- d-----w- c:\users\Hotrod Hoss\AppData\Roaming\DAEMON Tools Lite
2009-08-03 03:16 . 2009-08-03 03:16 -------- d-----w- c:\programdata\DAEMON Tools Lite
2009-08-03 03:16 . 2009-08-03 03:16 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-08-03 03:14 . 2009-08-03 03:10 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-08-03 03:10 . 2009-08-03 03:10 -------- d-----w- c:\programdata\DAEMON Tools Pro
2009-08-03 03:10 . 2009-08-03 03:10 -------- d-----w- c:\users\Hotrod Hoss\AppData\Roaming\DAEMON Tools Pro
2009-08-03 02:53 . 2009-08-03 02:53 -------- d-----w- c:\program files\Alcohol Soft
2009-08-03 02:47 . 2009-08-03 02:47 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-31 15:11 . 2009-06-29 10:27 -------- d--h--w- c:\programdata\ArcSoft
2009-07-31 15:11 . 2009-06-29 10:27 -------- d-----w- c:\users\Hotrod Hoss\AppData\Roaming\ArcSoft
2009-07-31 01:06 . 2009-07-31 01:06 -------- d-----w- c:\program files\kSolo
2009-07-29 02:23 . 2009-07-22 05:24 -------- d-----w- c:\programdata\NOS
2009-07-29 02:23 . 2009-07-22 05:24 -------- d-----w- c:\program files\NOS
2009-07-22 05:29 . 2009-07-22 05:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-22 05:27 . 2009-07-22 05:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-21 21:52 . 2009-08-15 18:57 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-15 18:57 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-15 18:57 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-15 18:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 13:54 . 2009-08-12 01:58 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 12:40 . 2009-08-12 01:58 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-15 12:39 . 2009-08-12 01:58 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-15 12:39 . 2009-08-12 01:58 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-15 12:39 . 2009-08-12 01:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-15 09:48 . 2009-08-06 15:56 17224 ----a-w- c:\windows\system32\authuitu.dll
2009-07-15 09:48 . 2009-08-06 15:56 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-14 18:29 . 2009-07-14 18:29 2173472 ----a-w- c:\windows\system32\nvcplui.exe
2009-07-14 18:29 . 2009-07-14 18:29 1346080 ----a-w- c:\windows\system32\nvsvs.dll
2009-07-14 18:29 . 2009-07-14 18:29 3176992 ----a-w- c:\windows\system32\nvwss.dll
2009-07-14 18:29 . 2009-07-14 18:29 4033056 ----a-w- c:\windows\system32\nvvitvs.dll
2009-07-14 18:29 . 2009-07-14 18:29 195104 ----a-w- c:\windows\system32\nvmccss.dll
2009-07-14 18:29 . 2009-07-14 18:29 1292832 ----a-w- c:\windows\system32\nvmobls.dll
2009-07-14 18:29 . 2009-07-14 18:29 3553824 ----a-w- c:\windows\system32\nvgames.dll
2009-07-14 18:29 . 2009-07-14 18:29 92704 ----a-w- c:\windows\system32\nvmctray.dll
2009-07-14 18:29 . 2009-07-14 18:29 764448 ----a-w- c:\windows\system32\nvsvc.dll
2009-07-14 18:29 . 2009-07-14 18:29 4930080 ----a-w- c:\windows\system32\nvdisps.dll
2009-07-14 18:29 . 2009-07-14 18:29 215584 ----a-w- c:\windows\system32\nvvsvc.exe
2009-07-14 18:29 . 2009-07-14 18:29 143360 ----a-w- c:\windows\system32\nvshext.dll
2009-07-14 18:29 . 2009-07-14 18:29 13904416 ----a-w- c:\windows\system32\nvcpl.dll
2009-07-11 19:01 . 2009-09-09 17:28 513536 ----a-w- c:\windows\system32\wlansvc.dll
2009-07-11 19:01 . 2009-09-09 17:28 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-07-11 19:01 . 2009-09-09 17:28 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-07-11 19:01 . 2009-09-09 17:28 65024 ----a-w- c:\windows\system32\wlanapi.dll
2009-07-11 17:03 . 2009-09-09 17:28 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-07-10 12:01 . 2004-01-01 04:14 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2009-01-30 1347584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-18 2007832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-12-12 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-12-12 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-12-12 81920]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-07-02 623960]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-09-02 1216272]

c:\users\Hotrod Hoss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BHODemon 2.0.lnk - c:\program files\BHODemon 2\BHODemon.exe [2005-6-19 946176]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2009-7-1 1717592]
Philips GoGear VIBE Device Manager.lnk - c:\philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2009-5-20 1611152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):5e,f7,55,44,13,33,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1455F94A-B792-41B7-95F2-BBD7F40EC840}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{D7A45F38-D1D8-481B-8A79-CAFF183EE644}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{F745EB2D-6BBA-47BE-9520-C9CEB5663D1F}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{D37DB511-6DB8-4E92-82E7-709C614E3C29}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{AAA28BA1-F9C6-4E53-9AB6-2B68E7BEC84F}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{87832EF1-D3A0-4F62-A42E-207FA9E069F2}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{27B7BE07-6A2C-4F90-86EE-FD5F52309217}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{56C5009C-6299-4C18-9D10-46DFE5EAD679}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary
"UDP Query User{009A3FCA-C88F-4855-92E3-22A7F7871AFB}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java™ Platform SE binary
"TCP Query User{3F732B24-70CE-4768-92C4-899AF578434E}c:\\program files\\ea games\\command & conquer generals zero hour\\patchget.dat"= UDP:c:\program files\ea games\command & conquer generals zero hour\patchget.dat:patchgrabber
"UDP Query User{03B53B46-27D4-4A3E-BEA9-E30DF333032A}c:\\program files\\ea games\\command & conquer generals zero hour\\patchget.dat"= TCP:c:\program files\ea games\command & conquer generals zero hour\patchget.dat:patchgrabber
"TCP Query User{FA53028A-294D-4B38-9D7F-CF535BD567A0}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7710B387-E777-4F8C-A919-23D3BD5ED14D}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{BF28AC9F-1863-489A-9CFB-A007C0C01B9E}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{E2C100B2-A785-464F-8236-708F49C8406F}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{19E24E5E-FD7C-4453-B767-24F52BD9C3B6}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [6/16/2009 2:43 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [6/16/2009 2:43 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 1:05 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 1:05 PM 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/16/2009 2:43 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/16/2009 2:43 AM 297752]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [8/28/2009 1:03 AM 305936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [7/14/2009 1:28 PM 239648]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [8/6/2009 11:56 AM 604488]
S3 SaiNtSub;SaiNtSub;c:\windows\System32\drivers\SaiNtSub.sys [8/2/2009 11:56 PM 19200]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 1:05 PM 7408]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-09-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]

2009-09-12 c:\windows\Tasks\User_Feed_Synchronization-{A67E6346-0A91-4983-936E-ACCCD1DCD7B6}.job
- c:\windows\system32\msfeedssync.exe [2009-08-15 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
FF - ProfilePath - c:\users\Hotrod Hoss\AppData\Roaming\Mozilla\Firefox\Profiles\glwca53e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc7&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc7&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\users\Hotrod Hoss\AppData\Roaming\Mozilla\Firefox\Profiles\glwca53e.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\program files\kSolo\npAVX.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 01:57
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,73,f3,72,ab,9f,af,fd,4d,92,d5,3a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,73,f3,72,ab,9f,af,fd,4d,92,d5,3a,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-12 1:59
ComboFix-quarantined-files.txt 2009-09-12 05:59
ComboFix2.txt 2008-08-09 15:46

Pre-Run: 141,580,337,152 bytes free
Post-Run: 141,554,008,064 bytes free

339 --- E O F --- 2009-09-11 18:57

[jedi]

Hi again,

Please do the following:
Run a BitDefender Online scan Here and post the results.

(And Happy Birthday!)

jedi

[AmySue]

Where will the results show at, cuz it scanned for 3 hours and all it said was my pc was still infected hun? What should I look for so I know what to show you. I will run that scan again. Thanks for all your time babe. And thanks for the B day wishes

This post has been edited by AmySue: 13 September 2009 - 07:55 PM

[jedi]

Hi again,

You're welcome.

OK, please run this scan next, it should be easier to find the report.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan
  Wait for the scan to finish
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

jedi

[AmySue]

All is that thing told me was no threats was found no kind of report came up.

[jedi]

Hi again,

How is the PC running now? Any continuing problems?

jedi

[AmySue]

Its reallly still not acting like as if its running at its full speed. It is better thou.

[TheJoker]

Hi AmySue

jedi is away for a while so I'll help you for not.

I would recommend that you uninstall your IObit software from Control Panel's Add or Remove Programs, and then delete the following folder if still there:
c:\programdata\IObit

Then if HijackThis doesn't run, uninstall it also from Add or Remove Programs and download a new copy from http://www.trendsecu...p?page=download and install and run it.

You might want to take a look at this page created by miekiemoes, one of the Global Moderators here, on slow systems, and some things you can try to do to try to improve it:
http://users.telenet...owcomputer.html

Please post a new HijackThis log. How is the system running now?

[AmySue]

SOrry it took me so long but now I was having trouble getting firefox to open at times and I have to hold the power button in to shut down the pc then do a reboot.

Not sure I understand why I should uninstall that program, it cost me good money and it seems to be a great all around cleaner and have grown to like it, is there some sort of problem with it?

I had to do some research on finding out why firefox wouldnt open and I think I got that fixed now we shall see.

[TheJoker]

It's up to you if you decide to uninstall it or not, but it would be considered a rogue program as they are using code from another software developer (Trend Micro) without permission. They did not have permission from Trend Micro to include code from HijackThis in their program, so we would consider it no better than any other program on this list:
http://www.spywarewa...nti-spyware.htm

[AmySue]

Ok then its gone I guess.

Iam still having problems with my pc when it comes to opening programs after my pc has ben on for some time. I have to shut it off the bad way each time and I would rather not have to do that.

Ok I will take out that program and see about getting my cash back from them.