Noticed Zlob folders scanned during Spybot scanSearch & Destroy

[Butterfly]

Hi,  I was running Spybot Search & Destroy and was watching it at the end and noticed all these files under Zlob.  What got my attention was porn listed with it.  So I Googled "Zlob" and didn't like what I saw.  Now I'm talking to you and have started the Malware removal process again.  I was having trouble with the Fox browser and sluggish speed, so I visited your page a couple days ago. 

I downloaded the Cleaner and ran that according to your instructions.  BUT I didn't update my AVG 7.5. 

I'm in the process of downloading the SuperAntiSpyware and mbam.

When I was at AVG I searched for verification on their sight for the news that 7.5 is no longer supported by them.  I did an 7.5 update. 

Please run me through what I need to do to update latest version.

Sometimes updateing versions seems to cause more problems than it's worth...

I'm running Xp pro ver. 2002

IBM thinkpad 786mhz 128 mb ram

[evilfantasy]

It's best to uninstall AVG 7.5 and then do a fresh install of 8.0.

RECOMMENDED BASIC AVG UNINSTALL INSTRUCTIONS

[Butterfly]

HI

Trouble installing AVG8 says I have an unsupported operating system.  Gave me this web address:  avg.com/ww.special-old-os-app  Went there saya Xp Sp2 needed.  If I read it correctly.  I went to the link given and was told by Microsoft that this download was for netwrk office computers not individual home computer, like myself. 

I mentioned before my os is Xp pro ver. 2002.  Thats all I know.  What to do now?

  Do I have to search in "Microsoft Land" to find what AVG wants me to have or can you cut the chase with your excellent source of knowledge to give me the right link?

I'll wait for reply thanks! 



 

[evilfantasy]

Let me see a HJT log please.

Download TrendMicro HijackThis.exe (HJT) to the Desktop.

• Double-click on HJTInstall.
• Click on the Install button.
  
• It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
  
• Upon install, HijackThis should open for you.
• Click on the Do a system scan and save a log file button
  
• HijackThis will scan and then a log will open in notepad.
• Copy and then paste the entire contents of the log in your post.
  
• Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

[Butterfly]

Here is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:11 PM, on 10/7/2008
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\TpKmpSVC.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\ltcm000c.exe
C:\WINNT\System32\tp4serv.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Browser MOUSE\mouse32a.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\CFGSAFE\AUTOCHK.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft Office\Office\1033\msoffice.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dreamscape.com/rebecca3/index.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [XircWinModem4] ltcm000c.exe 9
O4 - HKLM\..\Run: [trackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [NT Logging Service] syslog32.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\RunServices: [Microsoft System Checkup] libsysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Office Monitor] C:\WINNT\System32\nvsvc86.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: AUTOCHK.LNK = C:\CFGSAFE\AUTOCHK.EXE
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138765758506
O16 - DPF: {76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29} (IASRunner Class) - https://www.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINNT\System32\libsysmgr.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINNT\system32\TpKmpSVC.exe

--
End of file - 8128 bytes

[evilfantasy]

Please do the following:

1. Download this diagnostics tool MGADiag.exe and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.

[Butterfly]

Here's the copy

Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Validation Control not Installed
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-MQW9P-BXJGX-3782B
Windows Product Key Hash: IOSdwMnTPaeNXFnM0Zv+pFbBaug=
Windows Product ID: 55274-640-0984446-23902
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.0.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {2442F1F7-3B55-49BF-873B-2FFDB0BE40F4}(1)
Is Admin: Yes
TestCab: 0x0
WGA Version: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-282-80041028_025D1FF3-170-80041028_025D1FF3-171-1_025D1FF3-179-2
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-282-80041028_025D1FF3-170-80041028_025D1FF3-171-1_025D1FF3-179-2

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2442F1F7-3B55-49BF-873B-2FFDB0BE40F4}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010100.0.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3782B</PKey><PID>55274-640-0984446-23902</PID><PIDType>1</PIDType><SID>S-1-5-21-861567501-1957994488-1358025987</SID><SYSTEM><Manufacturer>IBM</Manufacturer><Model>26488AU</Model></SYSTEM><BIOS><Manufacturer>IBM</Manufacturer><Version>KZET30WW (1.11 )</Version><SMBIOSVersion major="2" minor="3"/><Date>20010904******.******+***</Date></BIOS><HWID>B7B83607018400B6</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>IBM Corporation</name><model>IBM ThinkPad</model></SBID><OEM/><BRT/></MachineData>     <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

[evilfantasy]

Is this a valid license of Windows The diagnostics scan says it isn't.

[Butterfly]

Yes, according to the Certificate of Authority sticker on the bottom of the laptop.



I know this was a refurbished laptop.

Hope this helps.  There is more info on the sticker if needed.

[evilfantasy]

Go to How to Tell (Microsoft website) using Internet Explorer (not Firefox or any other browser as they won't work)

• Click on Windows Validation Assistant
  
• Click on the Validate Now button.
  
• Be patient while the ActiveX loads, do not click on any links.
• Read the instructions on this page while it's loading. You will be prompted to install - click YES.
  
• Enter your product key then click continue
  
• When it says "Validation Complete" please click Continue to return to your previous activity
  
• Copy what it says and paste it here.

[Butterfly]

I went through the validation process but am suspect that something went wrong.  After I clicked Yes to install there were no more prompts including no prompt to give the Key code.  It just took me to this message that I copied.

Thank you for completing the validation process and for using genuine Microsoft software.

By using genuine Microsoft software, you can be confident that you will have access to the latest features, security, and support, which will help to improve your productivity and expand the capabilities of your computer.

You will also have access to new innovations and offerings available only to genuine Microsoft software customers.

Should I do it again or does that first sentence say I'm genuine? 

SAYING:     "...and for using genuine Microsoft software."

[evilfantasy]

Run this scan again and post the results.

1. Download this diagnostics tool MGADiag.exe and save this to your Desktop.
2. Double-click on MGADiag.exe and click Continue
3. When the program has finished, click on Copy
4. Post the results in your next reply.

[Butterfly]

here it is

Diagnostic Report (1.7.0095.0):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-MQW9P-BXJGX-3782B
Windows Product Key Hash: IOSdwMnTPaeNXFnM0Zv+pFbBaug=
Windows Product ID: 55274-640-0984446-23902
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.0.0.pro
CSVLK Server: N/A
CSVLK PID: N/A
ID: {2442F1F7-3B55-49BF-873B-2FFDB0BE40F4}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-282-80041028_025D1FF3-170-80041028_025D1FF3-171-1_025D1FF3-179-2
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-282-80041028_025D1FF3-170-80041028_025D1FF3-171-1_025D1FF3-179-2

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\PROGRA~1\MOZILL~1\FIREFOX.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control:
Active scripting:
Script ActiveX controls marked as safe for scripting:

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{2442F1F7-3B55-49BF-873B-2FFDB0BE40F4}</UGUID><Version>1.7.0095.0</Version><OS>5.1.2600.2.00010100.0.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3782B</PKey><PID>55274-640-0984446-23902</PID><PIDType>1</PIDType><SID>S-1-5-21-861567501-1957994488-1358025987</SID><SYSTEM><Manufacturer>IBM</Manufacturer><Model>26488AU</Model></SYSTEM><BIOS><Manufacturer>IBM</Manufacturer><Version>KZET30WW (1.11 )</Version><SMBIOSVersion major="2" minor="3"/><Date>20010904******.******+***</Date></BIOS><HWID>B7B83607018400B6</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>IBM Corporation</name><model>IBM ThinkPad</model></SBID><OEM/><BRT/></MachineData>     <Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults> 

Now I'm genuine   That is a good thing right?

[evilfantasy]

Everything should install and run now. You may need to go to Windows updates and get the current updates first but don't do it yet!! We need to clean the malware first!!

Download DrWeb CureIt & save it to your desktop.

Scan with DrWeb-CureIt as follows:

• Double-click on drweb-cureit.exe and then click Start.
  
• An Express Scan of your PC notice will appear.
  
• Under Start the Express Scan Now Click OK to start.
  • This is a short scan that will scan the files currently running in memory.
  • If or when something is found, click the Yes button when it asks you if you want to cure it.
• Once the short scan has finished, Click Options > Change settings
  
• Choose the Scan tab and UNcheck Heuristic analysis and click OK
  
• Back at the main window, select the Complete scan button.
  
• Then click the Green Arrow Start Scanning button on the right and the scan will start.
  • Click Yes to all if it asks if you want to cure/move any file(s).
• When the scan is done.
• In the Dr.Web CureIt menu on top left, click File and choose Save report list.
  
• Save the DrWeb.csv report to your Desktop.
  
• Exit Dr.Web Cureit.

• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

[/COLOR]

• After reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
  
• Copy and paste that log in the next reply

[Butterfly]

Hey I have a quick question do I need all the other Malware fighters that I had downloaded from the general instructions you in Malware Removal?

I have Ccleaner (which I did run once last week)
           SUPERantispyware (installed But not Scanned)
           MBAM  (installed NOT scanned)
           
And how about this one too?  JAVA update (Ran BUT wouldn't work saying my OS wasn't good enough)

I guess I want to only keep what I need and get rid of the rest at your instructions.  Let me know how I rid of things to... OH,  there's the old Spybot search and destroy too???

Thanks for all your help thus far....