Hijack this trouble

I downloaded hijack this saved it to my desktop and when i try an open, it asks what to open it with. I dont know what to do from here. My comp is just running really slow and i need some help.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

here is the log from the combo fix:

ComboFix 10-01-13.06 - Momz 01/13/2010 13:49:57.2.1 - x86
Running from: C:\Documents and Settings\Momz\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.

2010-01-12 01:44:41 . 2010-01-12 01:44:42 1956072 ----a-w- C:\Documents and Settings\Momz\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-11 21:12:52 . 2010-01-11 21:12:52 -------- dc----w- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-20 01:51:39 . 2009-12-16 20:42:00 43008 ----a-w- C:\Documents and Settings\Momz\Application Data\Mozilla\Firefox\Profiles\c74k418h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-20 01:51:39 . 2009-12-16 20:42:00 340480 ----a-w- C:\Documents and Settings\Momz\Application Data\Mozilla\Firefox\Profiles\c74k418h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-20 01:51:38 . 2009-12-16 20:42:00 872960 ----a-w- C:\Documents and Settings\Momz\Application Data\Mozilla\Firefox\Profiles\c74k418h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-20 01:51:38 . 2009-12-16 20:41:00 346624 ----a-w- C:\Documents and Settings\Momz\Application Data\Mozilla\Firefox\Profiles\c74k418h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-19 19:36:20 . 2009-12-19 23:28:39 -------- d-----w- C:\WINDOWS\system32\CatRoot_bak
2009-12-19 19:34:46 . 2004-08-04 06:56:44 21504 ----a-w- C:\WINDOWS\system32\drivers\hidserv.dll
2009-12-19 19:27:07 . 2009-12-19 19:27:07 -------- d-----w- C:\WINDOWS\ServicePackFiles
2009-12-19 19:23:47 . 2008-06-13 13:10:50 272128 -c----w- C:\WINDOWS\system32\dllcache\bthport.sys
2009-12-19 19:23:47 . 2008-06-13 13:10:50 272128 ------w- C:\WINDOWS\system32\drivers\bthport.sys
2009-12-17 23:16:51 . 2009-12-17 23:17:45 -------- d-----w- C:\Program Files\2Wire
2009-12-17 22:50:09 . 2001-08-17 19:48:00 12160 -c--a-w- C:\WINDOWS\system32\dllcache\mouhid.sys
2009-12-17 22:50:09 . 2001-08-17 19:48:00 12160 ----a-w- C:\WINDOWS\system32\drivers\mouhid.sys
2009-12-17 22:50:00 . 2004-08-04 06:56:44 21504 -c--a-w- C:\WINDOWS\system32\dllcache\hidserv.dll
2009-12-17 22:50:00 . 2004-08-04 06:56:44 21504 ----a-w- C:\WINDOWS\system32\hidserv.dll
2009-12-17 22:49:54 . 2001-08-17 20:02:20 9600 -c--a-w- C:\WINDOWS\system32\dllcache\hidusb.sys
2009-12-17 22:49:54 . 2001-08-17 20:02:20 9600 ----a-w- C:\WINDOWS\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-13 19:44:09 . 2005-07-26 03:14:40 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2010-01-12 01:26:55 . 2005-09-09 00:23:08 -------- d-----w- C:\Program Files\Google
2010-01-11 21:13:16 . 2005-08-11 03:35:08 16368 -c--a-w- C:\Documents and Settings\Momz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-31 01:14:29 . 2007-03-10 19:07:39 -------- d-----w- C:\Program Files\DivX
2009-12-31 01:11:52 . 2007-03-10 19:05:19 -------- d-----w- C:\Program Files\AviSynth 2.5
2009-12-31 01:11:02 . 2005-08-14 02:14:07 -------- d-----w- C:\Program Files\Gabest
2009-12-31 01:09:34 . 2006-04-15 23:06:18 -------- d-----w- C:\Program Files\VideoLAN
2009-12-31 01:08:10 . 2008-03-14 04:01:25 -------- d-----w- C:\Program Files\Broderbund
2009-12-31 01:02:43 . 2007-05-17 02:34:49 -------- d-----w- C:\Documents and Settings\Momz\Application Data\Berlitz
2009-12-31 01:02:31 . 2005-07-26 23:55:39 -------- d--h--w- C:\Program Files\InstallShield Installation Information
2009-12-29 03:43:45 . 2008-10-15 21:32:16 -------- d-----w- C:\Program Files\Symantec
2009-12-19 19:38:43 . 2009-12-19 19:38:43 0 ---ha-w- C:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-12-19 19:38:30 . 2009-12-19 19:38:30 0 ---ha-w- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-11-21 16:36:13 . 2004-08-04 04:56:42 470528 ----a-w- C:\WINDOWS\AppPatch\aclayers.dll
2009-10-29 05:48:04 . 2004-08-04 04:56:48 662016 ------w- C:\WINDOWS\system32\wininet.dll
2009-10-21 06:00:55 . 2004-08-04 04:56:46 75776 ----a-w- C:\WINDOWS\system32\strmfilt.dll
2009-10-21 06:00:55 . 2004-08-04 04:56:44 25088 ----a-w- C:\WINDOWS\system32\httpapi.dll
2009-10-20 14:58:48 . 2004-08-04 03:00:14 263552 ----a-w- C:\WINDOWS\system32\drivers\http.sys
2009-12-29 23:54:12 . 2007-03-10 19:38:50 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-03-10 19:20:31 . 2007-03-10 19:08:14 56 --sh--r- C:\WINDOWS\system32\2ADB922766.sys
2007-03-10 19:20:31 . 2007-03-10 19:08:13 5852 -csha-w- C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24:37 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-12 01:27:17 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 18:47:52 57344]
"S3TRAY2"="S3tray2.exe" [2003-02-25 09:33:14 69632]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-04-15 23:30:38 180269]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-29 23:54:12 30192]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 09:19:34 69632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 11:24:52 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 09:25:21 144784]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 07:27:02 52848]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
hp psc 2000 Series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-6-11 323646]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
officejet 6100.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-6-11 147456]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12581:TCP"= 12581:TCP:BitComet 12581 TCP
"12581:UDP"= 12581:UDP:BitComet 12581 UDP

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [12/25/2006 12:21:17 PM 2368]
.
Contents of the 'Scheduled Tasks' folder

2008-10-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57:52 . 2007-08-29 19:57:52]

2010-01-02 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Momz.job
- C:\PROGRA~1\NORTON~1\NORTON~2\Navw32.exe [2005-09-24 01:37:56 . 2007-05-23 18:13:40]

2009-12-28 C:\WINDOWS\Tasks\Norton AntiVirus - Run Norton QuickScan - Momz.job
- C:\PROGRA~1\NORTON~1\NORTON~2\Navw32.exe [2005-09-24 01:37:56 . 2007-05-23 18:13:40]

2008-10-20 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Norton SystemWorks\OBC.exe [2005-10-06 03:02:30 . 2005-10-06 03:02:30]

2009-12-29 C:\WINDOWS\Tasks\Symantec Drmc.job
- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe [2005-10-04 01:20:10 . 2005-10-04 01:20:10]

2010-01-13 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2008-10-15 21:32:40 . 2005-09-09 19:21:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aimtoday.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - C:\Documents and Settings\Momz\Application Data\Mozilla\Firefox\Profiles\c74k418h.default\
FF - component: C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npmnqmp07010901.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
.

Please download Cheetah-Anti-Rogue, and save to your Desktop.

• Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  
• Double-click on Cheetah-Anti-Rogue.cmd to start.
  
• It will finish quickly and launch a log.
  
• Post the contents of it in your next reply.

==

Please download V-Tool, and save to your Desktop.

• Double-click on vtool.zip, and extract the file to your Desktop.
  
• Double-click on vtool.cmd to start.
  
• At each prompt ("Press any key to continue..."), wait 3 seconds before pressing a key. This tool needs time to process each prompt.
  
• It will finish quickly and launch a log. (vtool.txt)
  
• Post the contents of it in your next reply.

Cheetah Anti-Rogue v1.0.32
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Wed 01/13/2010 17:21:39.29


-- Known infection --

C:\Documents and Settings\Momz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#macromedia.com\settings.sol (Trj.FakeAlert)
C:\Documents and Settings\Momz\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol (Trj.FakeAlert)


Extra message: Detection only.


EOF

V-Tool by DragonMaster Jay


Username: Momz - Date: 01/13/2010 - Time: 17:23:36 - Number of processors: 1 - Arch.: x86 SF:


((((( Security Software information )))))

AV: Norton AntiVirus *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

((((( System File Verify )))))

c:\windows\system32\cngaudit.dll is missing! (If Vista/7)

((((( System File Enumeration )))))

Volume in drive C has no label.
Volume Serial Number is 9C79-9EB3

Directory of C:\WINDOWS\$hf_mig$\KB968389\SP2QFE

netlogon.dll
1 File(s) 408,064 bytes

Directory of C:\WINDOWS\$hf_mig$\KB975467\SP2QFE

netlogon.dll
1 File(s) 408,064 bytes

Directory of C:\WINDOWS\ERDNT\cache

scecli.dll beep.sys eventlog.dll
atapi.sys netlogon.dll
5 File(s) 742,656 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

scecli.dll atapi.sys netlogon.dll eventlog.dll
4 File(s) 741,120 bytes

Directory of C:\WINDOWS\system32

scecli.dll netlogon.dll eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\system32\dllcache

scecli.dll beep.sys netlogon.dll eventlog.dll
4 File(s) 647,296 bytes

Directory of C:\WINDOWS\system32\drivers

atapi.sys beep.sys
2 File(s) 99,584 bytes

Total Files Listed:
20 File(s) 3,689,856 bytes
0 Dir(s) 25,370,517,504 bytes free

-----------------------------

+++ End-of-file +++


also there is notification on my desktop saying my software isnt geniune microsoft. This comp was given to me so im not sure what all is going on with it as far as that goes.

We'll check that, then.

Please download MGADiag.exe to your desktop.


Double-click MGADiag.exe and click Continue in the bottom right of the window to run the tool.

When it's done, capture a screenshot of the finished scan, and post that.

In Windows a screenshot of the entire monitor, complete with taskbar, can be copied to the system clipboard by pressing the Print screen key (normally located in the top row on the right-hand side of the keyboard)..

You can then paste the clipboard into a program like MS Paint to save it as an image file or paste it directly into a document.

1. Press the Print screen key
2. Click the "Start" button (normally located in the bottom left of your screen).
3. Click "Run" & type "mspaint" (without quotes) & click the "OK" button.
4. Wait while the application "Paint" opens. Once it is open, proceed to the next step.
5. Click the "Edit" menu and select "Paste".
6. Click the "File" menu and select "Save As...". A dialog box will appear.
7. In the "File name" field, enter a name of your choice.
8. Click the "Save as type" drop-down and select "JPEG (*.JPG;*.JPEG;*.JPE*;.JFIF)".
9. Click the "Save" button.


Then, go to ImageShack, and upload the picture for me please.

For some reason it would not do a screen shot i followed your directions several times but couldnt get anything to paste in mspaint. under the mgadiag it had a copy option so i pressed that an pasted it to notebook. here is what came up:
Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Blocked VLK
Validation Code: 3

Cached Validation Code: N/A
Windows Product Key: *****-*****-RHFHJ-WHFWP-9GWCF
Windows Product Key Hash: PIfLIVNj/xcJNUa24GJPvL2XUsI=
Windows Product ID: 55274-648-6394373-23731
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: {966DB3EF-8C76-4FE0-871B-D204F3ABE374}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 3
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: {966DB3EF-8C76-4FE0-871B-D204F3ABE374}1.9.0011.05.1.2600.2.00010100.2.0.prox32*****-*****-*****-*****-9GWCF55274-648-6394373-237311S-1-5-21-57989841-1682526488-725345543Compaq Presario 06DA236A-ABA 6420NX NA910Phoenix Technologies, LTD3.01 20021210000000.000000+0008C5E3C570184204B04090409Central Standard Time(GMT-06:00)03 109

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 10858:Compaq Computer Corporation|1E0D3:Compaq Computer Corporation|1D900:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

This information:

Validation Status: Blocked VLK
Validation Code: 3
Validation Diagnostic: 025D1FF3-230-1

Means that it is NOT genuine.

Probably a reason for this, is the person who once had it, attempted to reinstall or installed a version of XP Pro over top of an XP Home install.

Do you have the XP disc (Home)?

no i do not have any kind of windows disks. the main problem is the internet is extremly slow and those windows genuine pop ups. Is there anyway to fix this without the disk?

No, it is illegal to patch a system that is not genuine.

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=9cc1461eed077e419f4ccab626890524
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-14 04:07:58
# local_time=2010-01-13 10:07:58 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=3586 16764889 100 88 0 266654036 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=52164
# found=1
# cleaned=1
# scan_time=4574
C:\Qoobox\Quarantine\C\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL.vir Win32/Adware.Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Please download DragonFix by DragonMaster Jay, and save it to your Desktop. Right click and Extract All, and save the files to your Desktop.

• Please disable realtime protection. The only realtime protection that gets in the way and need to be disabled: Windows Defender, Microsoft Security Essentials, Spybot TeaTimer, WinPatrol, and Ad-Aware AdWatch. If you have anyone of those, please disable them.
  
• Double-click DragonFix.reg, and follow the prompt(s).
  
• Please reboot your computer.

==

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky.fr and save it to your Desktop.

• Please close all other applications running on your system.
  
• Please double click GetSystemInfo.exe to open it.
  
• Click the Settings button.
  
• Set it to Maximum
  
• IMPORTANT! Then please click Customize - choose Driver / Ports tab and
• Uncheck Scan Ports.
  
• Click Create Report to run it.
  
• It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to Kaspersky GSI Parser and click the Submit button.
  

Please copy and paste the url of the GSI Parser report (not the log) in your next reply.

http://www.getsysteminfo.com/read.php?file=62695b163fa8acea56960765500fe077


This is the URL for that website. I hope we can fix this huge disaster!

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

• Need2Find Bar
  

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\program files\need2find bar

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

C:\WINDOWS\system32\2ADB922766.sys
C:\WINDOWS\system32\MMAVILNG.exe


Please reboot your computer again, and tell me how it is running.

well i tried to remove the need2find out of add/remove programs, it was there i clicked the change remove and an error poped up that said module not found it had a file name C:\PROGRA~1\NEE2F~1\bar\1.bin\NdfnBar.dll i belive..and it would not remove it from the list. I searched for the other two files and could not find them.

These are probably hȋdden:C:\WINDOWS\system32\2ADB922766.sys
C:\WINDOWS\system32\MMAVILNG.exe

===

Enable the viewing of hȋdden files

• Click Start.
  
• Open My Computer.
  
• Select the Tools menu and click Folder Options.
  
• Select the View tab.
  
• Select the Show hȋdden files and folders option.
  
• Deselect the Hide file extensions for known types option.
  
• Deselect the Hide protected operating system files option.
  
• Click Yes to confirm.
  
• Click OK.
  

Then try to delete those again.

still cant find these in there when i went to the explorer an tried to select an deselct those files it was allready done...so im not sure what else to do

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Norton AntiVirus 2006
Norton AntiVirus Parent MSI
Antivirus out of date!
``````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 5
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Norton SystemWorks Norton AntiVirus navapsvc.exe
Norton SystemWorks Norton AntiVirus IWP NPFMntor.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please upgrade to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: http://www.geekpolice.net/operating-systems-f20/windows-xp-service-pack-3-information-t16956.htm

==

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Firewall

• Tallemu Online Armor: the free version is just as good as the premium. I have linked you to the free version.
  
• Comodo Firewall: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  
• PC Tools Firewall Plus: free and excellent firewall.

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

See this page for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?