+ Reply to Thread
Results 1 to 2 of 2
  1. #1
    Member
    Join Date
    Jan 2010
    Posts
    1
    Points
    0

    Default Help needed Wiadebug found & can't remove!

    HI
    YESTERDAY WHILST SURFING THE NET I PRESSED AN WINDOWS SECURITY ALERT HOWEVER IT TURNED OUT TO BE ANTIVIRUS 2009, WHICH THEN TOOK OVER MY PC AFTER. aFTER RESTORING THE SYSTEM I DOWNLOADED MALWARE BYTES & SUPER ANTI SPYWARE, & RAN THEM PLUS AVG THEY FOUND MALWARE.PACKER.MORPHINE, & PASSWORD LOGGER & PC IS NOW WORKING. THEN I FOUND WIADEBUG, WIASERV IN MY C DRIVE. WHEN I TRY TO DELETE IT SAYS CAN'T DELETE AS BEING USED BY ANOTHER PROGRAM OR PERSON. COULD YOU PLEASE HELP ME TO REMOVE AS I'M SCARED MY PC IS STILL AT RISK OF CORRUPTION. I'M ATTACHING MY LOG REPORTS FROM MALWARE, SUPER ANTI SPYWARE, & TREND MICRO HIJACK ANY HELP GRATEFULLY APPRECIATED

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 01/12/2010 at 10:35 PM

    Application Version : 4.33.1000

    Core Rules Database Version : 4465
    Trace Rules Database Version: 2284

    Scan type : Complete Scan
    Total Scan Time : 01:13:01

    Memory items scanned : 519
    Memory threats detected : 0
    Registry items scanned : 6218
    Registry threats detected : 0
    File items scanned : 24641
    File threats detected : 54

    Adware.Tracking Cookie
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@cdn5.specificclick[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@atdmt[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@www.burstnet[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@mediaplex[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@ad.yieldmanager[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@bluestreak[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@xiti[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@premiumtv.122.2o7[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@burstnet[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@dynamic.media.adrevolver[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@content.yieldmanager[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@adviva[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@imrworldwide[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@serving-sys[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@dmtracker[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@tribalfusion[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@zedo[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@adbrite[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@247realmedia[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@fr.sitestat[3].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@bs.serving-sys[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@uk.at.atwola[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@tacoda[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@smartadserver[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@specificclick[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@www.burstbeacon[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@advertising[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@questionmarket[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@kontera[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@content.yieldmanager[3].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@insightexpressai[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@uk.sitestat[7].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@eas.apm.emediate[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@apmebf[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@ads.audience2media[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@revsci[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@statse.webtrendslive[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@adrevolver[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@media.adrevolver[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@fastclick[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@doubleclick[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@adtech[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@media6degrees[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@2o7[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@fr.sitestat[4].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@server.lon.liveperson[3].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@tsleducation.112.2o7[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@statcounter[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@tradedoubler[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@112.2o7[2].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@burstbeacon[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@collective-media[1].txt
    C:\Documents and Settings\Louise Davies\Cookies\louise_davies@server.lon.liveperson[2].txt

    Malwarebytes' Anti-Malware 1.44
    Database version: 3540
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/01/2010 21:15:16
    mbam-log-2010-01-12 (21-15-16).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 212093
    Time elapsed: 58 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:42:59, on 12/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Generic\Power4 Gear\BatteryLife.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Generic\Generic ChkMail\ChkMail.exe
    C:\Program Files\iPod\bin\iPodService.exe
    c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Sign In
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: txthlpBHO Class - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\PROGRA~1\TEXTHE~1\READAN~1\TE3219~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\Generic\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
    O4 - Global Startup: Generic ChkMail.lnk = C:\Program Files\Generic\Generic ChkMail\ChkMail.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?ca0ed8ae50e54271a51b6af41a17c3d4
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?ca0ed8ae50e54271a51b6af41a17c3d4
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.ergo.co.uk
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupda...31/CTSUEng.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1163582952468
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupda...5034/CTPID.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
    O23 - Service: DM1Service - OLYMPUS Corporation - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

    --
    End of file - 11030 bytes

    ALSO I'VE FOUND NUMEROUS SVCEXE PROCESSES AND NOT SURE WHICH ONES TO REMOVE!

    THANKS IN ADVANCE IT'S MY GIRFRIENDS PC & I'M IN THE DOGHOUSE

  2. #2
    Administrator Help2Go Administrator Canuck's Avatar
    Join Date
    May 2003
    Location
    Edmonton, Alberta, Canada
    Posts
    9,255
    Points
    1832

    Default

    Hi Babybear, our spyware fighters are fairly busy at the moment and so could be awhile before they get to you. In the meantime, arraknid pointed out that
    yours jumped out because the OP is trying to delete 2 system files that are present on all Windows installations. There are malware versions of both files, but as multiple scans came up with nothing, I'm wondering if he's wrongly identifying them.

    It might be worth asking the question. This discusses both files.

    And this final comment...

    Quote:
    ALSO I'VE FOUND NUMEROUS SVCEXE PROCESSES AND NOT SURE WHICH ONES TO REMOVE!
    Perfectly normal. This explains what they are.
    Thank arraknid

    I might also mention that looking at the HJT log, you have way too many background processes (04) working and using up your RAM. You can safely delete most (except for AVG9_TRAY, Windows Defender, SynTPEnh (touchpad), ZoneAlarm Client, SUPERAntiSpyware, DWQueuedReporting) .. the keep list was shorter than the stop list .. All the others can be safely stopped as they are available either through All Programs or desktop shortcuts (not the icons in the time toolbar ..bottom right). If you're unsure of any of this you can copy the .exe (eg HControl.exe) paste it in the box SystemLookup - Global Search and search. I've gone through all of yours, none of them are bad .. red X , the ones with N are definatly not needed, the Us are User's choice .. which for the most part are not needed, especially at the expense of the laptops speed. So, in HJT, check the others that are not needed and click the 'Fixed Checked' button, Note, they can always be reactivated if needed.

    Hope this helps, if you feel that this does not answer your questions, you can wait for a spyware expert, but as said, this may take some time.