COmputer going Slow - virus

hy forum members , recently my computer is getting slower than expected and my interet is almost dead ... i am using a 1 mb link but it took me 15 mins to get here and post this :S ..
And i know that it is happening due to a virus that neither my nod32 or mbam have caught uptill yet.. i have used the tune up utlitiles also to fix this problem but it was helpless.

Plz help me out of this problem. i am posting me mbam ,hijack this and otl log ..


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4139

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/5/2010 1:55:00 AM
mbam-log-2010-06-05 (01-55-00).txt

Scan type: Quick scan
Objects scanned: 125712
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:51:41 AM, on 6/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] E:\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Download all links with IDM - E:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - E:\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - E:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://E:\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271631251921
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - E:\ESET\ESET NOD32 Antivirus\ekrn.exe

--
End of file - 4055 bytes

OTL logfile created on: 6/5/2010 2:00:03 AM - Run 2
OTL by OldTimer - Version 3.1.37.3 Folder = E:\download\ANTIvirus
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 582.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.90 Gb Total Space | 20.08 Gb Free Space | 67.15% Space Free | Partition Type: NTFS
Drive D: | 68.36 Gb Total Space | 8.16 Gb Free Space | 11.94% Space Free | Partition Type: NTFS
Drive E: | 24.41 Gb Total Space | 16.76 Gb Free Space | 68.66% Space Free | Partition Type: NTFS
Drive F: | 26.37 Gb Total Space | 20.38 Gb Free Space | 77.29% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HASAN
Current User Name: !
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/19 03:01:25 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/31 04:54:48 | 000,555,520 | ---- | M] (OldTimer Tools) -- E:\download\ANTIvirus\OTL.exe
PRC - [2009/11/16 20:54:12 | 000,402,760 | ---- | M] (TuneUp Software GmbH) -- E:\TuneUp Utilities 2009\OneClickStarter.exe
PRC - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) -- E:\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2007/06/13 15:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/03/31 04:54:48 | 000,555,520 | ---- | M] (OldTimer Tools) -- E:\download\ANTIvirus\OTL.exe
MOD - [2006/08/25 20:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (WPFFontCache_v0400)
SRV - [2010/05/06 22:43:53 | 000,604,488 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010/05/06 22:43:49 | 000,361,288 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- E:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/11/16 16:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009/09/11 07:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- E:\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/09/11 07:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- E:\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2008/11/10 01:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/27 00:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/03/18 14:29:10 | 000,096,656 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009/11/20 15:26:50 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/09/11 07:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/09/11 07:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/09/11 07:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/02/15 22:48:14 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/12/01 14:23:58 | 000,392,122 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2006/11/01 08:10:06 | 000,035,840 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/10/13 14:52:04 | 004,387,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/15 06:00:00 | 001,109,568 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/04/25 10:57:42 | 000,428,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmfilter303.sys -- (vmfilter303)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/14 23:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-796845957-2049760794-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.pk/
IE - HKU\S-1-5-21-796845957-2049760794-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-2049760794-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.7
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.2

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\Mozilla Firefox\components [2010/04/29 00:39:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\Mozilla Firefox\plugins [2010/05/26 09:22:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: E:\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/04/19 01:50:06 | 000,000,000 | ---D | M]

[2010/04/29 00:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Mozilla\Extensions
[2010/06/04 03:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\ycwuivy6.default\extensions
[2010/05/06 22:06:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\ycwuivy6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/03 20:24:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\ycwuivy6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/30 04:32:06 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\ycwuivy6.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2010/05/02 21:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\!\Application Data\Mozilla\Firefox\Profiles\ycwuivy6.default\extensions\firefox@tvunetworks.com

O1 HOSTS File: ([2010/05/12 04:47:38 | 000,000,000 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - E:\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-796845957-2049760794-725345543-1003..\Run: [IDMan] E:\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-2049760794-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all links with IDM - E:\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - E:\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - E:\Internet Download Manager\IEExt.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1271631251921 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/19 01:37:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/17 00:19:04 | 000,000,000 | ---D | M] - F:\Auto.Hide.IP.4.7.0.2.Full.Version -- [ NTFS ]
O32 - AutoRun File - [2010/05/17 00:18:40 | 005,255,315 | ---- | M] () - F:\Auto.Hide.IP.4.7.0.2.Full.Version.rar -- [ NTFS ]
O32 - AutoRun File - [2010/05/17 02:28:38 | 000,000,000 | ---D | M] - F:\Autocx Registration By Kush Krackers -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/05 01:55:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\!\Recent
[2010/05/27 05:37:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2010/05/27 05:37:57 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2010/05/27 05:37:57 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2010/05/27 01:00:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/05/27 01:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/05/26 22:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/05/26 17:03:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\!\Local Settings\Application Data\PCHealth
[2010/05/26 09:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/05/26 09:22:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/26 09:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/26 09:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/26 09:20:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/26 09:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/05/26 09:14:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/26 09:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/26 09:11:57 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/05/25 21:13:58 | 000,000,000 | ---D | C] -- C:\4035f84f0d2281434b
[2010/05/25 05:42:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Steganos VPN
[2010/05/23 00:19:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\!\My Documents\Outlook Files
[2010/05/22 03:52:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/05/20 01:25:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\Real Desktop
[2010/05/18 00:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\!\Local Settings\Application Data\www.MoHackz.com
[2010/05/16 21:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\!\Local Settings\Application Data\Cov3n3nt
[2010/05/10 05:41:05 | 000,428,160 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\drivers\vmfilter303.sys
[2010/05/10 05:41:05 | 000,392,122 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\drivers\usbVM303.sys
[2010/05/10 05:41:05 | 000,081,920 | ---- | C] (VM) -- C:\WINDOWS\System32\VM303STI.dll
[2010/05/10 05:41:04 | 000,102,400 | ---- | C] (www.zsmc.com.cn) -- C:\WINDOWS\VM303Cap.exe
[2010/05/10 05:41:03 | 000,258,188 | ---- | C] (Vimicro) -- C:\WINDOWS\System32\VM303Prp.Ax
[2010/05/10 05:41:03 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\amcap.exe
[2010/05/10 05:41:03 | 000,049,152 | ---- | C] (Vimicro) -- C:\WINDOWS\Domino.exe
[2010/05/10 05:41:02 | 000,049,152 | ---- | C] (ZSMCSNAP) -- C:\WINDOWS\vmsnap3.exe
[2010/05/10 05:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Vimicro
[2010/05/10 05:40:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\InstallShield
[2010/05/09 20:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\ubotcompile7603466
[2010/05/08 15:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
[2010/05/07 00:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\!\Application Data\ubot
[2010/05/07 00:37:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\!\Local Settings\Application Data\Xenocode
[2010/05/06 22:43:53 | 000,604,488 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010/05/06 22:43:51 | 000,029,000 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2010/05/06 22:43:49 | 000,361,288 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe
[2010/04/21 05:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010/04/19 01:44:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/19 01:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/19 01:41:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/19 01:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/06/05 02:00:07 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/06/05 00:58:22 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-796845957-2049760794-725345543-1003.job
[2010/06/05 00:58:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/05 00:58:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/05 00:57:50 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\!\NTUSER.DAT
[2010/06/05 00:57:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\!\ntuser.ini
[2010/06/05 00:57:32 | 000,000,890 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/05 00:57:32 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/05 00:57:32 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/06/05 00:12:21 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-796845957-2049760794-725345543-1003.job
[2010/06/04 16:53:25 | 004,811,348 | -H-- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\IconCache.db
[2010/06/04 00:23:26 | 000,000,433 | ---- | M] () -- C:\Documents and Settings\!\My Documents\Fadz Biographical Autographiee.rtf
[2010/06/04 00:12:23 | 000,000,406 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/06/04 00:02:02 | 000,044,462 | ---- | M] () -- C:\Documents and Settings\!\Desktop\close any FB acount in 24 hours.pdf
[2010/05/31 22:01:58 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\!\My Documents\~$ names.rtf
[2010/05/31 22:01:43 | 000,000,302 | ---- | M] () -- C:\Documents and Settings\!\My Documents\US Names`.rtf
[2010/05/31 16:29:45 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/29 03:10:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/27 06:41:54 | 000,069,984 | ---- | M] () -- C:\Documents and Settings\!\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/27 02:37:15 | 000,494,390 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/27 02:37:15 | 000,436,470 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/27 02:37:15 | 000,069,032 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/27 01:16:14 | 002,152,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/26 09:45:37 | 000,000,052 | ---- | M] () -- C:\WINDOWS\mafosav.INI
[2010/05/26 09:33:59 | 000,001,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/05/26 06:05:39 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/25 03:36:30 | 000,588,409 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Pawan Finanace.pdf
[2010/05/17 15:13:59 | 000,032,133 | ---- | M] () -- C:\Documents and Settings\!\My Documents\docket.pdf
[2010/05/17 02:39:23 | 000,212,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx
[2010/05/17 02:39:23 | 000,114,688 | ---- | M] (Dummysoft) -- C:\WINDOWS\System32\sexyControls.ocx
[2010/05/17 02:39:23 | 000,036,864 | ---- | M] (DMSoftTechnologies) -- C:\WINDOWS\System32\sclabel.ocx
[2010/05/17 02:39:23 | 000,026,624 | ---- | M] (Paul Duffield pduffield@lineone.net) -- C:\WINDOWS\System32\Roundfrm.ocx
[2010/05/17 02:39:22 | 000,109,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCN.ocx
[2010/05/17 02:39:22 | 000,098,304 | ---- | M] (Gonchuki) -- C:\WINDOWS\System32\prjChameleon.ocx
[2010/05/17 02:39:22 | 000,069,632 | ---- | M] (QuirkSoft) -- C:\WINDOWS\System32\QuirkAIM.ocx
[2010/05/17 02:39:22 | 000,049,152 | ---- | M] (Educational Edge) -- C:\WINDOWS\System32\ProgressBar.ocx
[2010/05/17 02:39:22 | 000,045,099 | ---- | M] (sowa) -- C:\WINDOWS\System32\rdbutton.ocx
[2010/05/17 02:39:22 | 000,045,089 | ---- | M] (PRC) -- C:\WINDOWS\System32\prcbutton.ocx
[2010/05/17 02:39:21 | 000,132,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.ocx
[2010/05/17 02:39:21 | 000,109,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWinSck.ocx
[2010/05/17 02:39:19 | 000,645,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX
[2010/05/17 02:39:18 | 000,176,128 | ---- | M] (LaVolpe) -- C:\WINDOWS\System32\lvButton_H.ocx
[2010/05/17 02:39:18 | 000,143,360 | ---- | M] (DISA-SCOTT) -- C:\WINDOWS\System32\LVbuttons.ocx
[2010/05/17 02:39:18 | 000,073,728 | ---- | M] (Mad Beyond) -- C:\WINDOWS\System32\MadBeyond.ocx
[2010/05/17 02:39:18 | 000,069,632 | ---- | M] (Macro-Pc) -- C:\WINDOWS\System32\Macrobtn.ocx
[2010/05/17 02:39:18 | 000,057,344 | ---- | M] (Macro-Pc) -- C:\WINDOWS\System32\MacroList.ocx
[2010/05/17 02:39:17 | 000,294,912 | ---- | M] (The University of New South Wales) -- C:\WINDOWS\System32\kdu_v32m.dll
[2010/05/17 02:39:17 | 000,040,960 | ---- | M] (JayDeeSolutions) -- C:\WINDOWS\System32\jdsFrame.ocx
[2010/05/17 02:39:17 | 000,018,432 | ---- | M] (Kedasus) -- C:\WINDOWS\System32\Kedatray.ocx
[2010/05/17 02:39:16 | 000,110,592 | ---- | M] (RCTech Labs) -- C:\WINDOWS\System32\glxpbuttonz.ocx
[2010/05/17 02:39:16 | 000,089,088 | ---- | M] (CrACkED! hehehe foi mal.. mas tive q fazer isso heuiheui) -- C:\WINDOWS\System32\IPDAEM34.ocx
[2010/05/17 02:39:16 | 000,084,992 | ---- | M] (devSoft Inc.; P.O.Box 13821; Research Triangle Park NC 27709; U.S.A.) -- C:\WINDOWS\System32\IPPORT34.ocx
[2010/05/17 02:39:16 | 000,081,920 | ---- | M] () -- C:\WINDOWS\System32\HoverButton.ocx
[2010/05/17 02:39:16 | 000,069,632 | ---- | M] (Albayrak Bilgiişlem) -- C:\WINDOWS\System32\DeskUtils.ocx
[2010/05/17 02:39:15 | 000,508,469 | ---- | M] () -- C:\WINDOWS\System32\cygwin.ocx
[2010/05/17 02:39:15 | 000,140,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.ocx
[2010/05/17 02:39:15 | 000,057,344 | ---- | M] (???) -- C:\WINDOWS\System32\CompControls.ocx
[2010/05/17 02:39:14 | 000,609,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx
[2010/05/17 02:39:13 | 000,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\WINDOWS\System32\AniGIF.ocx
[2010/05/17 02:39:13 | 000,164,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\comct232.ocx
[2010/05/17 02:39:13 | 000,131,072 | ---- | M] (Alvaro Redondo) -- C:\WINDOWS\System32\ARButton.ocx
[2010/05/17 02:39:13 | 000,102,400 | ---- | M] (ECX Programming / CCRP) -- C:\WINDOWS\System32\CCRPPRG6.ocx
[2010/05/17 02:39:13 | 000,061,440 | ---- | M] () -- C:\WINDOWS\System32\Chameleon.ocx
[2010/05/17 02:39:12 | 000,380,928 | ---- | M] () -- C:\WINDOWS\System32\Actskin4.ocx
[2010/05/14 00:37:56 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/12 04:47:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2010/05/12 04:47:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/10 05:14:45 | 000,037,169 | ---- | M] () -- C:\Documents and Settings\!\My Documents\Question 2 Ans.rtf
[2010/05/10 04:23:02 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\!\Desktop\~$estion 4 Ans.rtf
[2010/05/10 01:13:26 | 000,002,198 | ---- | M] () -- C:\Documents and Settings\!\My Documents\Document2 Q3.rtf
[2010/05/10 00:24:56 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\!\My Documents\Document1 Q4.rtf
[2010/05/09 16:35:06 | 000,001,177 | ---- | M] () -- C:\Documents and Settings\!\My Documents\us names.rtf
[2010/05/08 17:03:06 | 000,000,542 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Yuri's Revenge.lnk
[2010/05/08 17:03:06 | 000,000,534 | ---- | M] () -- C:\Documents and Settings\!\Desktop\Red Alert 2.lnk
[2010/05/06 22:43:53 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe
[2010/05/06 22:43:49 | 000,361,288 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe

========== Files Created - No Company Name ==========

[2010/06/04 00:23:25 | 000,000,433 | ---- | C] () -- C:\Documents and Settings\!\My Documents\Fadz Biographical Autographiee.rtf
[2010/06/04 00:02:00 | 000,044,462 | ---- | C] () -- C:\Documents and Settings\!\Desktop\close any FB acount in 24 hours.pdf
[2010/05/31 22:01:58 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\!\My Documents\~$ names.rtf
[2010/05/31 22:01:43 | 000,000,302 | ---- | C] () -- C:\Documents and Settings\!\My Documents\US Names`.rtf
[2010/05/26 09:33:59 | 000,001,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/05/26 09:33:56 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/05/26 08:04:08 | 000,000,052 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2010/05/25 03:36:08 | 000,588,409 | ---- | C] () -- C:\Documents and Settings\!\Desktop\Pawan Finanace.pdf
[2010/05/17 15:13:59 | 000,032,133 | ---- | C] () -- C:\Documents and Settings\!\My Documents\docket.pdf
[2010/05/14 00:36:07 | 000,001,505 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/10 05:41:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\setupfilter.exe
[2010/05/10 05:14:43 | 000,037,169 | ---- | C] () -- C:\Documents and Settings\!\My Documents\Question 2 Ans.rtf
[2010/05/10 04:23:02 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\!\Desktop\~$estion 4 Ans.rtf
[2010/05/10 00:27:24 | 000,002,198 | ---- | C] () -- C:\Documents and Settings\!\My Documents\Document2 Q3.rtf
[2010/05/10 00:24:55 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\!\My Documents\Document1 Q4.rtf
[2010/05/09 16:35:05 | 000,001,177 | ---- | C] () -- C:\Documents and Settings\!\My Documents\us names.rtf
[2010/05/08 17:03:06 | 000,000,542 | ---- | C] () -- C:\Documents and Settings\!\Desktop\Yuri's Revenge.lnk
[2010/05/08 17:03:03 | 000,000,534 | ---- | C] () -- C:\Documents and Settings\!\Desktop\Red Alert 2.lnk
[2010/04/19 15:16:12 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\!\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/19 03:03:28 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/19 01:51:40 | 000,192,512 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4670.dll
[2010/04/19 01:51:37 | 000,459,664 | R--- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2010/04/19 01:47:11 | 000,015,114 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/04/19 01:47:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/04/19 01:47:04 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/03 15:07:42 | 000,667,136 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/03/10 22:18:00 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
< End of report >

Hello, and welcome to GeekPolice.

Please note the following information about the malware forum:

• Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  
• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  
• If you have already asked for help somewhere, please post the link to the topic you were helped.
  
• We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:
  
  Reply to this topic with the word BUMP, or
  see this topic.
  
  
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

---

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic