C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\FileZilla Server\FileZilla server.exe C:\Program Files\MozyHome\mozybackup.exe C:\WINDOWS\system32\hpzipm12.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\system32\snmp.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe .

At this point you should do the following:Close all open Windows including this one.Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running

The first thing you should do is print out this guide, as we We want all our members to perform the steps outlined in the link given below, before posting for assistance. This is normal and ComboFix will restore your desktop before it is finished. Stages of the ComboFix AutoScanAt the time of this writing there are a total of 50 stages as shown in the image below, so please be patient.

Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly. MGtools will frequently run even when all other tools will not. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below. ComboFix will now start downloading to your computer.

The biggest thing to look at is the "other deletions" and "files created in the last 30 days" sections.

Companion2010-08-03 18:23 . 2009-05-21 20:39 -------- d-----w- c:\programdata\Yahoo!2010-08-03 18:23 . 2008-08-04 18:37 -------- d-----w- c:\program files\Yahoo!2010-08-03 17:26 . 2010-04-29 07:16 -------- d-----w- c:\programdata\Norton2010-08-02 17:37 . 2010-08-02 17:37 27591840 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe2010-07-29 17:19

C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\4KYLD8J9\bin.clearspring.com C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\4KYLD8J9\bin.clearspring.com\clearspring.sol C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\Owner\Cookies\[emailprotected][2].txt C:\WINDOWS\system32\gjjlm.ini2 C:\WINDOWS\system32\lnnmp.ini2 C:\WINDOWS\system32\lnnmp.tmp C:\WINDOWS\system32\mdm.exe C:\WINDOWS\system32\opqss.ini2 C:\WINDOWS\system32\opqss.tmp D:\Autorun.inf . When it finishes, a log will be produced named c:\combofix.txt I will ask for this log below Note: Do not mouseclick combofix's window while it is running.

The amount of stages will go up as time goes on, so if the amount of stages is different when you run it, please do not be concerned. 34th Stage of

If at any time during the Recovery Console installation you receive a message stating that it failed to install, please allow ComboFix to continue with the scan of your computer.

You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.

Please note that ComboFix is not a commercial malware removal tool.

analyzing ComboFix log

Now use your mouse to drag CFscript.txt on top of ComboFix.exe Follow the prompts. scan completed successfullyhidden files: 0**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.---------------------

When ComboFix has finished downloading you will now see an icon on your desktop similar to the one below. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.