Free Malware Removal Forum

[kukiman]

hi,

started having problems after downloading certain music files from internet and running anti malware software. ran avg free then lavasoft adware free then superantispyware then malware antimalware then finally quicksmash which included hijackthis. avg found and quarantined 2 items. lavasoft got errors and wouldn t even open. superantispyware found 1 item but wouldn t finish scanning because the pc would always reboot automatically. antimalware found and removed 1 item. hijackthis showed me these items on the list that i m giving you and i want to make sure that none of them are related to malware. need all the help i can get. really appreciate it. thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:00 PM, on 10/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\pc\Desktop\hjt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 2044 bytes

[muppy03]

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-

• Continue to respond to this thread until I give you the All Clean!
• Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
• Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
• Please follow all instructions in the order posted.
• If you have any questions or do not understand instructions, please ask before continuing.
• Please reply to this thread. Do not start a new topic.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

• Start HijackThis
• Click on the Config button
• Click on the Misc Tools button
• Click on the Open Uninstall Manager button.
• Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

WGA Diagnostic Tool

Please follow this WGA troubleshooting procedure:

• Download and install the WGA Diagnostic Tool:
  http://go.microsoft.com/fwlink/?linkid=56062
• Click Run and Run again
• Click Continue, click Copy
• Next open Notepad, in the empty pane right click and select Paste

Please post (reply) with the results.

NEXT Download and Run: RSIT

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-

• Uninstall list
• WGA report
• RSIT logs ( info.txt and log.txt)
  

[kukiman]

3D Language
Adobe Reader 7.0
Adobe® Photoshop® Album Starter Edition 3.0
Advanced SystemCare 3
ATITool Overclocking Utility
AVG Free 8.5
Battle for Wesnoth 1.4.7
ComicRack v0.9.76
Disc2Phone
DriveImage XML (Private Edition)
EasyCleaner
Electronic Piano 2.5
Fluenz Mandarin 1+2 Demo
GameHouse Super Games AIO®
HD Tach version 3
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Java(TM) 6 Update 13
JumpStart 1st Grade 2001
JumpStart Baby v1.0
JumpStart Kindergarten 2001
Little People® Play House
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (1.5)
Nero 7 Essentials
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
OpenOffice.org 3.1
QuickTime
RapidTyping
Realtek High Definition Audio Driver
SMART BRO
Smart Bro
Sony Ericsson PC Suite 1.20.224
SpeedFan (remove only)
StarCraft
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Media Format Runtime
WinRAR archiver

Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Blocked VLK
Validation Code: 3

Cached Validation Code: N/A
Windows Product Key: *****-*****-8F8G4-TPG8M-4Q67Y
Windows Product Key Hash: Csd6k5ZhDIfYIqppW5EHykFgwRs=
Windows Product ID: 55274-648-2323245-23092
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: {2F2F53CE-DF16-4A27-B922-9D51E20F4DBF}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2F2F53CE-DF16-4A27-B922-9D51E20F4DBF}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-4Q67Y</PKey><PID>55274-648-2323245-23092</PID><PIDType>1</PIDType><SID>S-1-5-21-1482476501-1035525444-839522115</SID><SYSTEM><Manufacturer>Unknow</Manufacturer><Model>Unknow</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>6.00 PG</Version><SMBIOSVersion major="2" minor="5"/><Date>20070806000000.000000+000</Date></BIOS><HWID>FD6636AF01848056</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>China Standard Time(GMT+08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57590</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

Logfile of random's system information tool 1.06 (written by random/random)
Run by pc at 2009-10-18 08:00:31
Microsoft Windows XP Professional Service Pack 2
System drive C: has 31 GB (81%) free of 38 GB
Total RAM: 510 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:49 AM, on 10/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Smart Bro\Smart Bro.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\pc\Desktop\RSIT.exe
C:\Program Files\trend micro\pc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O17 - HKLM\System\CCS\Services\Tcpip\..\{68B3C8A5-E920-47C4-86E9-56CADA7EAB06}: NameServer = 121.1.3.168 203.84.191.216
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 1638 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-04-19 7700480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-04-19 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-02-15 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-15 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3
"NVSvc"=2
"nSvcLog"=2
"nSvcIp"=2
"NMIndexingService"=3
"MDM"=2
"LightScribeService"=2
"ForcewareWebInterface"=2
"AVGEMS"=2
"Avg7UpdSvc"=2
"Avg7Alrt"=2
"IDriverT"=3
"JavaQuickStarterService"=2
"Autorun CDROM Monitor"=2
"Lavasoft Ad-Aware Service"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-10-15 11952]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0
"DisableTaskMgr"=0
"NoDispCpl"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCMD"=0
"DisableTaskMgr"=0
"NoDispCpl"=0
"NoDispSettingsPage"=0
"NoDispAppearancePage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=223
"RestrictRun"=0
"NoFolderOptions"=0
"NoRun"=0
"NoFind"=0
"NoStartMenuEjectPC"=0
"NoSimpleStartMenu"=0
"NoWindowsUpdate"=0
"NoStartMenuMyMusic"=0
"NoSMMyPictures"=0
"NoFavoritesMenu"=0
"NoResolveSearch"=0
"NoResolveTrack"=0
"StartMenuLogoff"=0
"NoClose"=0
"NoInstrumentation"=0
"NoUserNameInStartMenu"=0
"EnforceShellExtensionSecurity"=0
"NoActiveDesktop"=0
"NoActiveDesktopChanges"=0
"NoFileAssociate"=0
"NoSetFolders"=0
"NoViewContextMenu"=0
"NoTrayContextMenu"=0
"RestrictCpl"=0
"NoStartMenuMorePrograms"=0
"NoThemesTab"=0
"ForceActiveDesktopOn"=0
"NoDesktop"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoFolderOptions"=
"NoRun"=
"NoFind"=
"RestrictRun"=
"NoDriveTypeAutoRun"=
"NoDesktop"=
"NoStartMenuEjectPC"=
"NoSimpleStartMenu"=
"NoWindowsUpdate"=
"NoStartMenuMyMusic"=
"NoSMMyPictures"=
"NoFavoritesMenu"=
"NoResolveTrack"=
"StartMenuLogoff"=
"NoClose"=
"NoInstrumentation"=
"NoUserNameInStartMenu"=
"EnforceShellExtensionSecurity"=
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"NoDrives"=
"NoFileAssociate"=
"NoSetFolders"=
"NoViewContextMenu"=
"NoTrayContextMenu"=
"RestrictCpl"=
"NoThemesTab"=
"ForceActiveDesktopOn"=
"NoStartMenuMorePrograms"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\A]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\B]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
shell\explore\command - "%1" %*

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9300bd7f-fb32-11dd-92d5-003018a7d516}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf39813c-b5f1-11de-a3ae-003018a7d516}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbcba816-b5f0-11de-a3ad-003018a7d516}]
shell\AutoRun\command - F:\AutoRun.exe


======List of files/folders created in the last 1 months======

2009-10-18 08:00:31 ----D---- C:\rsit
2009-10-18 08:00:31 ----D---- C:\Program Files\trend micro
2009-10-18 07:57:59 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2009-10-18 07:57:50 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-10-15 10:44:18 ----SHD---- C:\Config.Msi
2009-10-11 07:09:23 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt

======List of files/folders modified in the last 1 months======

2009-10-18 08:00:31 ----D---- C:\Program Files
2009-10-18 07:57:59 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-18 07:27:27 ----D---- C:\Program Files\Mozilla Firefox
2009-10-18 07:20:43 ----D---- C:\WINDOWS\Temp
2009-10-17 22:16:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-17 21:49:39 ----SHD---- C:\WINDOWS\Installer
2009-10-17 20:59:06 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-10-17 20:57:17 ----D---- C:\WINDOWS
2009-10-17 16:12:35 ----HD---- C:\$AVG8.VAULT$
2009-10-17 16:08:41 ----D---- C:\WINDOWS\Prefetch
2009-10-17 16:08:35 ----D---- C:\WINDOWS\system32\config
2009-10-17 16:08:21 ----D---- C:\Program Files\StarCraft
2009-10-15 10:44:28 ----D---- C:\Documents and Settings\pc\Application Data\SUPERAntiSpyware.com
2009-10-15 10:44:20 ----D---- C:\Program Files\Common Files
2009-10-15 10:44:19 ----D---- C:\Program Files\SUPERAntiSpyware
2009-10-15 10:40:34 ----D---- C:\WINDOWS\system32
2009-10-15 10:39:38 ----D---- C:\Program Files\Lavasoft
2009-10-15 10:39:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-15 10:39:30 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-15 10:39:30 ----D---- C:\WINDOWS\system32\drivers
2009-10-15 10:08:57 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-10-11 07:58:10 ----SH---- C:\boot.ini
2009-10-11 07:58:10 ----A---- C:\WINDOWS\win.ini
2009-10-11 07:58:10 ----A---- C:\WINDOWS\system.ini
2009-10-11 07:31:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-11 07:08:52 ----D---- C:\Program Files\SMART BRO
2009-10-11 07:08:23 ----HD---- C:\WINDOWS\inf
2009-10-09 18:44:26 ----D---- C:\Program Files\Wesnoth 1.4.7

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2006-11-10 24064]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-10-15 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-10-15 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-30 108552]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-09-26 101376]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-10 4449280]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-19 3988384]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-07 5888]
R3 sermouse;Serial Mouse Driver; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-08-17 17664]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 88688]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 90800]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2009-01-06 103936]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2009-01-06 103936]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2009-01-06 103936]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-10-15 297752]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S4 Autorun CDROM Monitor;Autorun CDROM Monitor; C:\WINDOWS\system32\SupportAppXL\cdrom_mon.exe [2009-01-09 81920]
S4 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-15 152984]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S4 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
S4 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-19 159810]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-10-18 08:00:51

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3D Language-->C:\Program Files\Coccinella\Uninstal.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
ATITool Overclocking Utility-->"C:\Program Files\ATITool\Uninstall.exe"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Battle for Wesnoth 1.4.7-->"C:\Program Files\Wesnoth 1.4.7\unins000.exe"
ComicRack v0.9.76-->C:\Program Files\ComicRack\uninst.exe
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
DriveImage XML (Private Edition)-->"C:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files\Runtime Software\DriveImage XML\install.log" -u
EasyCleaner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
Electronic Piano 2.5-->"C:\Program Files\Electronic Piano 2.5\unins000.exe"
Fluenz Mandarin 1+2 Demo-->"C:\Program Files\Fluenz Mandarin 1+2 Demo\uninstall.exe"
GameHouse Super Games AIO®-->"C:\Program Files\GameHouse\GameHouse\unins000.exe"
HD Tach version 3-->"C:\Program Files\Simpli Software\HD Tach\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"G:\HijackThis.exe" /uninstall
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
JumpStart 1st Grade 2001-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Knowledge Adventure\JS1G2001\DeIsL1.isu"
JumpStart Baby v1.0-->C:\WINDOWS\IsUninst.exe -fC:\KA\JSBABY\DeIsL1.isu
JumpStart Kindergarten 2001-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Knowledge Adventure\JSKG2001\DeIsL1.isu"
Little People® Play House-->E:\setup.exe -fundhouse.ins
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTSf22.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (1.5)-->C:\Program Files\Mozilla Firefox\uninstall\uninstall.exe /ua "1.5 (en-US)"
Nero 7 Essentials-->MsiExec.exe /X{B28B351F-1232-46EA-85EF-B8EA91641033}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1033
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1033
RapidTyping-->"C:\Program Files\RapidTyping\Uninstall.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
SMART BRO-->"C:\Program Files\InstallShield Installation Information\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}\setup.exe" -runfromtemp -l0x0009 -removeonly
Smart Bro-->C:\Program Files\Smart Bro\uninst.exe
Sony Ericsson PC Suite 1.20.224-->MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
StarCraft-->C:\WINDOWS\iun503.exe C:\Program Files\StarCraft\irunin.ini
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free
FW: ActiveArmor Firewall (disabled)

======System event log======

Computer Name: PC-D606BEC491FC
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Record Number: 11255
Source Name: DCOM
Time Written: 20090731174836.000000+480
Event Type: error
User: PC-D606BEC491FC\pc

Computer Name: PC-D606BEC491FC
Event Code: 7023
Message: The Config Network service terminated with the following error:
The specified module could not be found.


Record Number: 11237
Source Name: Service Control Manager
Time Written: 20090731174746.000000+480
Event Type: error
User:

Computer Name: PC-D606BEC491FC
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Record Number: 11232
Source Name: DCOM
Time Written: 20090731111523.000000+480
Event Type: error
User: PC-D606BEC491FC\pc

Computer Name: PC-D606BEC491FC
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 11231
Source Name: Disk
Time Written: 20090731110051.000000+480
Event Type: warning
User:

Computer Name: PC-D606BEC491FC
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 11230
Source Name: Disk
Time Written: 20090731105510.000000+480
Event Type: warning
User:

=====Application event log=====

Computer Name: PC-D606BEC491FC
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 308
Source Name: ASP.NET 1.1.4322.0
Time Written: 20090218111729.000000+480
Event Type: warning
User:

Computer Name: PC-D606BEC491FC
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 294
Source Name: ASP.NET 1.1.4322.0
Time Written: 20090218111614.000000+480
Event Type: warning
User:

Computer Name: PC-D606BEC491FC
Event Code: 1517
Message: Windows saved user PC-D606BEC491FC\pc registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 286
Source Name: Userenv
Time Written: 20090216183742.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PC-D606BEC491FC
Event Code: 1517
Message: Windows saved user PC-D606BEC491FC\pc registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 284
Source Name: Userenv
Time Written: 20090215175710.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PC-D606BEC491FC
Event Code: 1517
Message: Windows saved user PC-D606BEC491FC\pc registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 282
Source Name: Userenv
Time Written: 20090215164016.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=5f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"DEFAULT_CA_NR"=CA6

-----------------EOF-----------------

[muppy03]

Hi, Unfortunately I will have to discontinue helping you for the time being as per our Forum Policy.

It is this forum's policy to decline help to those who are either using invalid copies of software and/or are attempting to circumvent the software's restrictions in order to use said software without lawfully purchasing the product, in violation of the EULA (End User License Agreement).
To do otherwise would put us in the position of aiding and abetting an unlawful act.
The forum's policy on invalid copies of Windows or Other Software is here : http://forum.malwareremoval.com/viewtopic.php?t=550

As the information you have posted indicates that your system falls into this category, we are unable to offer assistance until it can be conclusively demonstrated that this situation has been rectified.

Right now, your computer has a Volume Licensing edition of XP installed (Line 9), and that installation was done with a Blocked Volume Licensing Key (VLK) (Line 2).

Please visit:

http://www.microsoft.com/genuine/

Click on Validate Windows. Then when validation fails - click on Get Genuine to find out how to get a WGA Kit.

Once you've made your operating system genuine then I will be able to continue assisting you.

[markkhunt]

Due to your Windows software, this topic is now closed.

If you can rectify the problem with your Windows software and need further assistance from us, please open a new thread in the Malware Removal forum, include a fresh HijackThis log, and wait for a new helper.