When i try to use dead keys (for french accents) the key automatically works twice, and thus returns ^^, ¸¸. ¨¨, ``, preventing me from typing accented characters. Based on a former thread (http://www.pcguide.com/vb/showthread.php?t=44487), I think I am infested with a keylogger. Can anyone help me get rid of it?

You could begin by posting the log from a Hijack This (http://free.antivirus.com/hijackthis/) scan into one of your replies in this thread.

debby,

Have you scanned your machine for malware yet? If so, which software application did you use to scan it?

Yes, I did a full scan with Norton 360. Nothing showed up. Other strange things are happening too. I am being asked for permission to run programs I don't recognize. I was information that the file sxysvzxrbsxw couldn't load, and I can't find any such file on my system. I suppose I should try HJT. Do I need to worry about where I download HJT from. I started to download it and got a message telling me that this file can harm my computer. So I didn't download it. Everytime I try to type an apostrophe or a quotation mark, two show up instead of one.

Download HijakThis from here...

http://free.antivirus.com/hijackthis/

You definitely are infected with something...that pattern of (large number of consonants) couldn't load is very indicative of an infection.

It is best to download HJT and others on a known clean machine and burn them onto a CD. While you are at it, you may as well download MBAM (MalwareBytes Anti Malware) (http://www.besttechie.net/mbam/mbam-setup.exe) and ComboFix (http://www.bleepingcomputer.com/download/anti-virus/combofix) and put them on the CD with HJT, too.

If you download the executable version of HJT, you can even run it from the CD

I don't have access to a clean computer. Can I use the links you gave me and download to my computer even though it clearly isn't clean? Latest messages, by the way, are like this:

Szysvzxrbsxw has stopped working
A problem caused the program to stop working correctly. Windows will close the progarm and notify you if a solution is available.

Then:
Destination Folder Access Denied
You’ll need to provide administrator permission to copy to this folder
System32
Date created: 2006-11-02 07:18

Though I have't asked to copy to any folder.

debby,

I agree with mjc; there's definitely live malware on your machine. I would recommend you download and use Hitman Pro (http://www.surfright.nl/en/hitmanpro). Although you have to pay after 30 days, it will work on rooting out that infection now.

After you've downloaded and installed the program, reboot your PC, tap the F8 button until the options come up, and then choose Safe Mode with networking. Scan your entire PC and see what the software finds.

Thanks everyone for the suggestions. I am currently doing a Norton 360 scan on a laptop without any known problems. I will then burn HJT and the other software MJC suggests to a CD, run the programs on post the logs. Will get back to you all with the logs as soon as possible.

Thanks so much everyone. I burned HJT, ComboFix and MBAM to a CD, as suggested. Decided to run ComboFix first. The problem with the double keying (no accents as a result) was solved after ComboFix ended. I have kept a copy of the ComboFix log. I am hoping this solves all the other problems as well. We will see. Will keep you all posted. Will certainly run MBAM and HJT if the problem recurs or the other issues are not yet solved. Thanks again.

I'm glad to see things appear to be resolved, debby. Thanks for getting back to us, since it's always good to have feedback and know how any resolutions turned out :)

debbydee: I'm glad you solved your problem. However, what you did was dangerous. You ran tools that could have rendered your machine dead. MJC never told you to run those tools, he told you to post a Hijackthis log and have the tools ready when needed. Additionally, since you did not post the logs as requested, your system may not be clean as the infection may be suppressed, but not eliminated. In the future when you think you have an infection, it is better to wait for and then follow instructions. This is sort of like crossing the expressway blindfolded at rush hour. Just because you did not get hit by a truck this time, does not mean you will be so lucky next time.

LochLomonder: It is our policy to not allow members who have not been trained to remove these infections. Running the wrong tool can be far worse than doing nothing. If you would like to be trained, send me a PM and I will speak to the training moderator at SpywareInfo so you can begin your training. If you have been trained elsewhere, let me know and we can speak. Until then, please refrain from posting in Malware threads.

classic,

Understood. I assumed the advice was of a more laissez faire nature, but I understand and respect where you're coming from when maintaining the integrity of your forum. I'll PM you later on and we can discuss things. Until then, I'll cease and desist within this area of the forum.

classic,

Understood. I assumed the advice was of a more laissez faire nature, but I understand and respect where you're coming from when maintaining the integrity of your forum. I'll PM you later on and we can discuss things. Until then, I'll cease and desist within this area of the forum.

I hate the wording cease and desist. You seem to be very knowledgeable. It would help greatly if you were trained and there was another expert to serve these members. Send me a PM and then you can start helping with Malware threads.

Thanks classicsoftware for explaining my mistake to me. As you said, I did not understand MJC's instructions. What should I do now? Should I continue behaving as if the problem is solved or run HJT and post the log?

Post the Combofix log

Thanks. Here's the first part of the log (too long for one post).

ComboFix 10-10-12.03 - ccc 2010-10-14 16:18:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium

6.0.6002.2.1252.1.1033.18.2038.1049 [GMT -4:00]
Running from: E:\ComboFix.exe
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Smart-Shopper
c:\program files\Smart-Shopper\Bin\2.5.1\Smrt-Shpr.dll
c:\program files\Smart-Shopper\cs\antiphishing\antiphishing.html
c:\program files\Smart-Shopper\cs\antiphishing\phishAlert.gif
c:\program files\Smart-Shopper\cs\antiphishing\x.gif
c:\program files\Smart-Shopper\cs\antiphishing\xActive.gif
c:\program files\Smart-Shopper\Uninst.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0. dat
c:\programdata\Microsoft\Network\Downloader\qmgr1. dat
c:\users\ccc\AppData\Roaming\Iduc
c:\users\ccc\AppData\Roaming\Iduc\hauki.exe
c:\users\ccc\SIA - 10637 Parc George (2009) .pdf
c:\windows\system32\AutoRun.inf

----- BITS: Possible infected sites -----

hxxp://buy-download.norton.com
.
((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
.

2010-10-14 20:29 . 2010-10-14 20:30 -------- d-----w- c:\users\ccc\AppData\Local\temp
2010-10-14 20:29 . 2010-10-14 20:29 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-10-14 20:29 . 2010-10-14 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-14 20:29 . 2010-10-14 20:29 -------- d-----w- c:\users\Debbydee\AppData\Local\temp
2010-10-14 18:29 . 2009-05-18 21:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-14 18:29 . 2008-04-17 20:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-10-14 18:29 . 2010-10-14 18:27 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-14 18:26 . 2010-10-14 18:26 -------- d-----w- c:\windows\system32\drivers\N360
2010-10-14 18:26 . 2010-10-14 18:26 -------- d-----w- c:\program files\Norton 360
2010-10-13 20:53 . 2010-10-13 21:00 -------- d-----w- c:\users\ccc\windows
2010-10-13 05:00 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 05:00 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 04:58 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 04:58 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 04:58 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 04:58 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-13 04:58 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 04:58 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-02 21:02 . 2010-10-02 21:02 -------- d-----w- c:\program files\Xvid
2010-10-02 21:02 . 2008-12-14 00:01 77824 ----a-w- c:\windows\system32\xvid.ax
2010-10-02 21:02 . 2008-12-05 01:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2010-10-02 21:02 . 2008-12-05 01:42 815104 ----a-w- c:\windows\system32\xvidcore.dll
2010-09-29 08:07 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 08:06 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-22 22:10 . 2010-09-22 22:10 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2010-09-15 11:25 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 11:25 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 11:25 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 11:25 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-09-15 11:25 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"Google Update"="c:\users\ccc\AppData\Local\Google\Update\GoogleUpd ate.exe" [2009-05-19 133104]
"BitTorrent DNA"="c:\users\ccc\Program Files\DNA\btdna.exe" [2009-11-07 323392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce]
"<NO NAME>"="c:\program files\Internet Explorer\iexplore.exe" [2010-09-08 638232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-25 133656]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALuNotify.exe" [2008-08-01 152952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-20 151552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-25 141848]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2007-10-31 16200]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-15 185896]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-25 44136]

c:\users\ccc\AppData\Roaming\Microsoft\Windows\Sta rt Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^HP Connections.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Connections.lnk
backup=c:\windows\pss\HP Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 13:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2010-10-13 21:09 65536 ----a-w- c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-15 15:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2007-03-13 01:30 517768 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2007-12-26 288768]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30 319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020 \SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\040100 0.020\SYMEFA.SYS [2010-02-04 172592]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\2 0101001.001\BHDrvx86.sys [2010-10-02 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000. 020\ccHPx86.sys [2010-02-25 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20 101012.001\IDSvix86.sys [2010-09-15 353840]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.02 0\Ironx86.SYS [2010-02-27 116784]
S1 SYMTDIV;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\N360\0401000.02 0\SYMTDIV.SYS [2010-02-04 340016]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.e xe [2006-09-03 208896]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe [2010-02-25 126392]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - BHDRVX86
*NewlyCreated* - CCHP
*NewlyCreated* - SRTSP
*NewlyCreated* - SRTSPX
*NewlyCreated* - SYMDS
*NewlyCreated* - SYMIRON
*NewlyCreated* - SYMTDIV
*Deregistered* - EraserUtilDrv11010

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:36]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 02:36]

2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4117232789-3124411155-924469766-1001Core.job
- c:\users\ccc\AppData\Local\Google\Update\GoogleUpd ate.exe [2009-05-19 21:59]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4117232789-3124411155-924469766-1001UA.job
- c:\users\ccc\AppData\Local\Google\Update\GoogleUpd ate.exe [2009-05-19 21:59]

2010-10-14 c:\windows\Tasks\User_Feed_Synchronization-{268F7905-AB61-4E7D-B9BB-FA17A5FBF268}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]

2010-10-14 c:\windows\Tasks\User_Feed_Synchronization-{D5F10D8F-BFB7-43E3-8283-69C0BAFC7551}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/
uInternet Settings,ProxyOverride = *.local
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{7FC8C5A8-15ED-82F3-CD07-7F6A13DF0E26} - c:\users\ccc\AppData\Roaming\Iduc\hauki.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe
AddRemove-Smart-Shopper - c:\program files\Smart-Shopper\Uninst.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N 360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000020
.
Completion time: 2010-10-14 16:33:22
ComboFix-quarantined-files.txt 2010-10-14 20:33

Pre-Run: 203 089 494 016 bytes free
Post-Run: 203 431 755 776 bytes free

- - End Of File - - FCA64F9E3A05622B884468B99780BB0D

lol at porn..
anyways, this is proably a fix to most keyloggers and malware:
type msconfig in "run.."
startup -> find anything that seems harmful...
a.k.a szzszszxzxdszx.exe or haeku.dll et cetera,
fixed alot of stuff this way

lol at porn..
anyways, this is proably a fix to most keyloggers and malware:
type msconfig in "run.."
startup -> find anything that seems harmful...
a.k.a szzszszxzxdszx.exe or haeku.dll et cetera,
fixed alot of stuff this way

Welcome to http://www.pcguide.com/ubb/pcgubb.gif forums.

I hate to chastise new members, but your advice was not helpful. Anything that appears in MSCONFIG will show in Hijackthis. Additionally, your solution does not remove it from the system So all in all, your advice was incorrect.

Finally, we do not let untrained people post in malware threads and you are clearly not trained.

Deb:

How is your system running?

Hi Classicsoftware,

Everything seems fine, so far.

Debby