Author Topic: Need help with Virus..."Cannot execute file....Please run Spyware" (Read 9067 times)

dkamis · « **on:** February 14, 2010, 04:23:59 PM »

I see there are others that are having issues with spyware and everyone was directed to start a new thread. I cannot open my taskmanager and when I open some programs its says it is a virus and cannot continue. I also have a red x on the bottom right of my screen that keeps prompting me to buy anit-spyware programs.

Any help would be much appreciated...

evilfantasy · « **Reply #1 on:** February 14, 2010, 05:19:04 PM »

Welcome to CH.

Please post the two logs that these scanners will create.

Try not to restart the computer until one of the tools we use does it for you or tells you to.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the next one.

Vista and Windows 7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* When finished it will create a log. Please post the rkill.log in the next reply.

* If Rkill does not run from the first link, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Download and run exeHelper

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Add the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

dkamis · « **Reply #2 on:** February 14, 2010, 05:36:21 PM »

Here are the logs. This did get rid of some of the pop up windows right away.

Thanks already, but is there anything else?

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Dan on 02/14/2010 at 17:32:59.

Processes terminated by Rkill or while it was running:

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Documents and Settings\Dan\Desktop\rkill.exe

Rkill completed on 02/14/2010 at 17:33:01.

exeHelper by Raktor
Build 20091220
Run at 17:34:53 on 02/14/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Deleting file C:\WINDOWS\system32\41.exe
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

evilfantasy · « **Reply #3 on:** February 14, 2010, 05:42:13 PM »

Quote from: dkamis on February 14, 2010, 05:36:21 PM

Thanks already, but is there anything else?

Yes. That just got it to where we can do what is needed to actually remove the malware.

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

dkamis · « **Reply #4 on:** February 14, 2010, 07:47:59 PM »

My background is back to normal and i'm not getting the error anymore. What should i do now?

I can't thank you enough. I spent a good 3 hours trying to troubleshoot this problem.

ComboFix 10-02-12.01 - Dan 02/14/2010 19:17:25.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1202 [GMT -7:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dan\Local Settings\Application Data\{A367E2B0-92DA-41DF-8217-2979DC43F88A}
c:\documents and settings\Dan\Local Settings\Application Data\{A367E2B0-92DA-41DF-8217-2979DC43F88A}\chrome.manifest
c:\documents and settings\Dan\Local Settings\Application Data\{A367E2B0-92DA-41DF-8217-2979DC43F88A}\chrome\content\_cfg.js
c:\documents and settings\Dan\Local Settings\Application Data\{A367E2B0-92DA-41DF-8217-2979DC43F88A}\chrome\content\overlay.xul
c:\documents and settings\Dan\Local Settings\Application Data\{A367E2B0-92DA-41DF-8217-2979DC43F88A}\install.rdf
c:\windows\azepevog.dll
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\41.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\helper32.dll
c:\windows\system32\IS15.exe
c:\windows\system32\kekiyala.dll
c:\windows\system32\libupune.dll
c:\windows\system32\namavahe.dll
c:\windows\system32\remebeyi.dll
c:\windows\system32\smss32.exe
c:\windows\system32\twain_32.dll
c:\windows\system32\vegorohi.dll
c:\windows\system32\warning.html
c:\windows\system32\winlogon32.exe
c:\windows\Sysvxd.exe
c:\windows\Tasks\hgvedarf.job
c:\windows\TEMP\logishrd\LVPrcInj02.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-15 to 2010-02-15 )))))))))))))))))))))))))))))))
.

2010-02-14 19:59 . 2009-12-02 13:19   15880   ----a-w-   c:\windows\system32\lsdelete.exe
2010-02-14 19:43 . 2010-02-14 19:43   --------   d-----w-   c:\documents and settings\HelpAssistant\UserData
2010-02-14 19:43 . 2010-02-14 19:43   --------   d-----w-   c:\documents and settings\HelpAssistant\PrivacIE
2010-02-14 19:37 . 2010-02-14 23:25   --------   d-----w-   c:\documents and settings\HelpAssistant\IETldCache
2010-02-14 18:36 . 2010-02-14 18:36   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-14 18:35 . 2010-02-14 18:39   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-14 18:35 . 2010-02-14 18:35   --------   d-----w-   c:\program files\Lavasoft
2010-02-14 17:26 . 2010-02-14 17:26   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2010-02-13 23:14 . 2010-02-15 01:56   120   ----a-w-   c:\windows\Psazabul.dat
2010-02-13 23:14 . 2010-02-14 17:24   0   ----a-w-   c:\windows\Uxivarowijehulal.bin
2010-02-10 14:00 . 2010-02-10 14:00   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2010-02-02 08:09 . 2010-02-02 08:09   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-20 01:07 . 2010-01-20 01:07   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 02:34 . 2008-02-24 01:47   --------   d-----w-   c:\documents and settings\Dan\Application Data\uTorrent
2010-02-15 02:32 . 2008-02-23 22:17   0   ----a-w-   c:\windows\system32\drivers\lvuvc.hs
2010-02-15 02:32 . 2008-10-26 13:12   0   ----a-w-   c:\windows\system32\drivers\logiflt.iad
2010-02-10 13:36 . 2008-02-23 22:09   --------   d-----w-   c:\documents and settings\Dan\Application Data\Skype
2010-02-10 07:07 . 2008-02-23 22:10   --------   d-----w-   c:\documents and settings\Dan\Application Data\skypePM
2010-02-09 02:52 . 2009-11-14 20:56   --------   d-----w-   c:\program files\Microsoft Windows OneCare Live
2010-02-02 08:04 . 2008-02-21 14:05   --------   d-----w-   c:\program files\Google
2010-01-22 10:16 . 2009-01-21 05:08   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-01-14 10:01 . 2008-10-26 20:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-04 05:31 . 2010-01-04 05:31   --------   d-----w-   c:\documents and settings\LocalService\Application Data\DivX
2010-01-03 20:27 . 2010-01-03 20:13   --------   d-----w-   c:\program files\TVersity Codec Pack
2010-01-03 20:27 . 2010-01-03 20:27   --------   d-----w-   c:\program files\ffdshow
2010-01-03 20:13 . 2010-01-03 20:13   --------   d-----w-   c:\program files\TVersity
2010-01-03 20:00 . 2010-01-03 20:00   --------   d-----w-   c:\documents and settings\NetworkService\Application Data\DivX
2009-12-30 22:09 . 2008-02-24 00:55   86512   ----a-w-   c:\documents and settings\Danielle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 22:07 . 2008-07-19 16:26   86512   ----a-w-   c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 19:14 . 2004-08-10 18:51   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-12-14 19:15 . 2009-12-14 19:15   2146304   ----a-w-   c:\windows\system32\GPhotos.scr
2009-11-21 16:36 . 2004-08-10 18:50   470528   ----a-w-   c:\windows\AppPatch\aclayers.dll
2009-12-30 22:09 . 2009-12-30 22:09   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-02-24 19:34 . 2009-02-24 19:34   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
1601-01-01 00:03 . 1601-01-01 00:03   53760   --sha-w-   c:\windows\system32\bejevopu.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\dejegima.dll
1601-01-01 00:03 . 1601-01-01 00:03   93696   --sha-w-   c:\windows\system32\dukiteli.dll
1601-01-01 00:03 . 1601-01-01 00:03   53760   --sha-w-   c:\windows\system32\fomuboza.dll
1601-01-01 00:03 . 1601-01-01 00:03   53760   --sha-w-   c:\windows\system32\giremasu.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03   93184   --sha-w-   c:\windows\system32\hulutozu.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\jipiluho.dll
1601-01-01 00:03 . 1601-01-01 00:03   53760   --sha-w-   c:\windows\system32\jobiwaje.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03   93696   --sha-w-   c:\windows\system32\kenajibo.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\mepepora.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\motuzesu.dll
1601-01-01 00:03 . 1601-01-01 00:03   52224   --sha-w-   c:\windows\system32\namogizu.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\ninapega.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\nufejoda.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\pitajayi.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\sudinasu.dll
1601-01-01 00:03 . 1601-01-01 00:03   53760   --sha-w-   c:\windows\system32\tebapema.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03   52224   --sha-w-   c:\windows\system32\vogomiyi.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03   52224   --sha-w-   c:\windows\system32\wamonewe.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03   93184   --sha-w-   c:\windows\system32\yuvodufu.dll
1601-01-01 00:03 . 1601-01-01 00:03   53760   --sha-w-   c:\windows\system32\zowujeba.dll
1601-01-01 00:03 . 1601-01-01 00:03   93184   --sha-w-   c:\windows\system32\zuhiwuji.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1e9788dd-adaa-4254-afe2-a3285f7ae197}]
1601-01-01 00:03   53760   --sha-w-   c:\windows\system32\fomuboza.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-21 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-04-18 2356088]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-29 289584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-30 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-21 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ     scecli mautcfc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"quickcare"=c:\program files\Qwest\Quickcare\bin\sprtcmd.exe /P QuickCare

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 12:15 PM 26104]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 1:04 AM 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/21/2008 7:05 AM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 6:19 AM 1184912]
.
Contents of the 'Scheduled Tasks' folder

2010-02-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]

2010-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:04]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://qwest.live.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080221
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: turbotax.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
DPF: {3BF72F68-72D8-461D-A884-329D936C5581} - hxxp://www.totsites.com/admin2/includes/imageuploader5_5_6/ImageUploader5.cab
DPF: {BBF89515-EDB6-4236-8FBB-B6045290076D} - hxxp://www.totsites.com/admin2/includes/imageuploader2/ImageUploader4.cab
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\htcibwlm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ufck.org/forums/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\htcibwlm.default\extensions\[email protected]\plugins\npdevalvr.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-smss32.exe - c:\windows\system32\smss32.exe
HKLM-Run-Vmafoyohovojamaz - c:\windows\azepevog.dll
HKLM-Run-pitotuduf - c:\windows\system32\kekiyala.dll
HKLM-Run-sesuhiyupu - namavahe.dll
SharedTaskScheduler-{6bcd5124-841e-4944-b780-726f8df5a22d} - c:\windows\system32\libupune.dll
SharedTaskScheduler-{04911ed9-e11b-4c9f-a6b9-4abf32464b74} - c:\windows\system32\libupune.dll
SharedTaskScheduler-{216493bc-aa17-44ee-aea7-0c08d17f446d} - c:\windows\system32\libupune.dll
SharedTaskScheduler-{a70d5985-a487-4cb3-a3fb-2cb374e259c0} - c:\windows\system32\libupune.dll
SharedTaskScheduler-{979b9cc0-6b2d-4b68-a537-473c449c22c9} - c:\windows\system32\libupune.dll
SharedTaskScheduler-{d11e4d95-f67b-45a6-a43a-27ef75d1fe4c} - c:\windows\system32\kekiyala.dll
SSODL-bibolurej-{6bcd5124-841e-4944-b780-726f8df5a22d} - c:\windows\system32\libupune.dll
SSODL-kiyefefem-{04911ed9-e11b-4c9f-a6b9-4abf32464b74} - c:\windows\system32\libupune.dll
SSODL-yikebosop-{216493bc-aa17-44ee-aea7-0c08d17f446d} - c:\windows\system32\libupune.dll
SSODL-higakekil-{a70d5985-a487-4cb3-a3fb-2cb374e259c0} - c:\windows\system32\libupune.dll
SSODL-rutepivim-{979b9cc0-6b2d-4b68-a537-473c449c22c9} - c:\windows\system32\libupune.dll
SSODL-behehuzef-{d11e4d95-f67b-45a6-a43a-27ef75d1fe4c} - c:\windows\system32\kekiyala.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 19:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x891A28A0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\iaStor -> 0x891a28a0
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Intel(R) 82562V 10/100 Network Connection -> SendCompleteHandler -> 0x88935330
PacketIndicateHandler -> NDIS.sys @ 0xb9d9bb21
SendHandler -> NDIS.sys @ 0xb9d7987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(800)
c:\windows\mautcfc.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(9940)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\mautcfc.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
c:\windows\system32\msiexec.exe
.
**************************************************************************
.
Completion time: 2010-02-14 19:44:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-15 02:44

Pre-Run: 209,102,614,528 bytes free
Post-Run: 211,878,346,752 bytes free

- - End Of File - - 09D9A1ED619EC56725E7AA1332F515FC

evilfantasy · « **Reply #5 on:** February 14, 2010, 07:59:33 PM »

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: turbotax.com
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com

File::
c:\windows\Psazabul.dat
c:\windows\Uxivarowijehulal.bin

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1e9788dd-adaa-4254-afe2-a3285f7ae197}]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

If you already have Malwarebytes be sure to update it before running the scan!

Download Malwarebytes' Anti-Malware (MBAM)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to the following:

* Update Malwarebytes' Anti-Malware
* Launch Malwarebytes' Anti-Malware

* Then click Finish
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

Quote

AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

I suggest uninstalling OneCare and getting something that has better protection (and also free). Onecare is soon to be unsupported by Microsoft.

I use these.

Microsoft Security Essentials for Windows XP
Online Armor

dkamis · « **Reply #6 on:** February 14, 2010, 08:58:30 PM »

I honestly don't know what I would have done without your help.

Malwarebytes' Anti-Malware 1.44
Database version: 3740
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2/14/2010 8:52:11 PM
mbam-log-2010-02-14 (20-52-11).txt

Scan type: Quick Scan
Objects scanned: 182188
Time elapsed: 12 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\mautcfc.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: mautcfc.dll -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\bejevopu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dejegima.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dukiteli.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fomuboza.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hulutozu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jipiluho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kenajibo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mepepora.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\motuzesu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ninapega.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nufejoda.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pitajayi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sudinasu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yuvodufu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zowujeba.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zuhiwuji.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\mautcfc.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jobiwaje.dll.tmp (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\giremasu.dll.tmp (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\namogizu.dll.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tebapema.dll.tmp (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vogomiyi.dll.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wamonewe.dll.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\10E.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\113.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\293.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\294.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\297.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\bqgsht.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\dfopoi.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\n.exn (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temp\shkttc.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HelpAssistant\Local Settings\Temporary Internet Files\Content.IE5\O98P1GCS\load[1].php (Rootkit.TDSS) -> Quarantined and deleted successfully.

---------------------------------------------------------------------
ComboFix 10-02-12.01 - Dan 02/14/2010 20:04:39.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1208 [GMT -7:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dan\Desktop\CFScript.txt
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

FILE ::
"c:\windows\Psazabul.dat"
"c:\windows\Uxivarowijehulal.bin"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Psazabul.dat
c:\windows\system32\_000005_.tmp.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\Uxivarowijehulal.bin

.
((((((((((((((((((((((((( Files Created from 2010-01-15 to 2010-02-15 )))))))))))))))))))))))))))))))
.

2010-02-14 19:59 . 2009-12-02 13:19   15880   ----a-w-   c:\windows\system32\lsdelete.exe
2010-02-14 19:43 . 2010-02-14 19:43   --------   d-----w-   c:\documents and settings\HelpAssistant\UserData
2010-02-10 14:00 . 2010-02-10 14:00   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2010-02-02 08:09 . 2010-02-02 08:09   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-01-20 01:07 . 2010-01-20 01:07   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\SupportSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-15 03:14 . 2008-02-24 01:47   --------   d-----w-   c:\documents and settings\Dan\Application Data\uTorrent
2010-02-15 03:12 . 2008-02-23 22:17   0   ----a-w-   c:\windows\system32\drivers\lvuvc.hs
2010-02-15 03:12 . 2008-10-26 13:12   0   ----a-w-   c:\windows\system32\drivers\logiflt.iad
2010-02-15 03:07 . 2009-11-14 20:56   --------   d-----w-   c:\program files\Microsoft Windows OneCare Live
2010-02-15 02:42 . 2008-10-26 20:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-14 18:39 . 2010-02-14 18:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-14 18:36 . 2010-02-14 18:36   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-14 18:35 . 2010-02-14 18:35   --------   d-----w-   c:\program files\Lavasoft
2010-02-10 13:36 . 2008-02-23 22:09   --------   d-----w-   c:\documents and settings\Dan\Application Data\Skype
2010-02-10 07:07 . 2008-02-23 22:10   --------   d-----w-   c:\documents and settings\Dan\Application Data\skypePM
2010-02-02 08:04 . 2008-02-21 14:05   --------   d-----w-   c:\program files\Google
2010-01-22 10:16 . 2009-01-21 05:08   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-01-04 05:31 . 2010-01-04 05:31   --------   d-----w-   c:\documents and settings\LocalService\Application Data\DivX
2010-01-03 20:27 . 2010-01-03 20:13   --------   d-----w-   c:\program files\TVersity Codec Pack
2010-01-03 20:27 . 2010-01-03 20:27   --------   d-----w-   c:\program files\ffdshow
2010-01-03 20:13 . 2010-01-03 20:13   --------   d-----w-   c:\program files\TVersity
2010-01-03 20:00 . 2010-01-03 20:00   --------   d-----w-   c:\documents and settings\NetworkService\Application Data\DivX
2009-12-31 16:14 . 2004-08-10 18:51   352640   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-30 22:09 . 2008-02-24 00:55   86512   ----a-w-   c:\documents and settings\Danielle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 22:07 . 2008-07-19 16:26   86512   ----a-w-   c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 19:14 . 2004-08-10 18:51   916480   ------w-   c:\windows\system32\wininet.dll
2009-12-16 12:58 . 2004-08-10 19:01   343040   ----a-w-   c:\windows\system32\mspaint.exe
2009-12-14 19:15 . 2009-12-14 19:15   2146304   ----a-w-   c:\windows\system32\GPhotos.scr
2009-12-14 07:35 . 2004-08-10 18:50   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2009-12-08 18:11 . 2004-08-10 18:51   2142720   ------w-   c:\windows\system32\ntoskrnl.exe
2009-12-08 17:35 . 2004-08-04 04:59   2020864   ------w-   c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-10 18:51   453760   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:33 . 2004-08-10 18:51   1291264   ----a-w-   c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 06:56   17920   ----a-w-   c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2004-08-10 18:51   28672   ----a-w-   c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2004-08-10 18:51   11264   ----a-w-   c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-10 18:50   84992   ----a-w-   c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2004-08-04 06:56   48128   ----a-w-   c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-18 04:36   8704   ----a-w-   c:\windows\system32\tsbyuv.dll
2009-11-21 16:36 . 2004-08-10 18:50   470528   ----a-w-   c:\windows\AppPatch\aclayers.dll
2009-12-30 22:09 . 2009-12-30 22:09   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-02-24 19:34 . 2009-02-24 19:34   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
1601-01-01 00:03 . 1601-01-01 00:03   53760   --sha-w-   c:\windows\system32\bejevopu.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\dejegima.dll
1601-01-01 00:03 . 1601-01-01 00:03   93696   --sha-w-   c:\windows\system32\dukiteli.dll
1601-01-01 00:03 . 1601-01-01 00:03   53760   --sha-w-   c:\windows\system32\fomuboza.dll
1601-01-01 00:03 . 1601-01-01 00:03   53760   --sha-w-   c:\windows\system32\giremasu.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03   93184   --sha-w-   c:\windows\system32\hulutozu.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\jipiluho.dll
1601-01-01 00:03 . 1601-01-01 00:03   53760   --sha-w-   c:\windows\system32\jobiwaje.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03   93696   --sha-w-   c:\windows\system32\kenajibo.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\mepepora.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\motuzesu.dll
1601-01-01 00:03 . 1601-01-01 00:03   52224   --sha-w-   c:\windows\system32\namogizu.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\ninapega.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\nufejoda.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\pitajayi.dll
1601-01-01 00:03 . 1601-01-01 00:03   39424   --sha-w-   c:\windows\system32\sudinasu.dll
1601-01-01 00:03 . 1601-01-01 00:03   53760   --sha-w-   c:\windows\system32\tebapema.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03   52224   --sha-w-   c:\windows\system32\vogomiyi.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03   52224   --sha-w-   c:\windows\system32\wamonewe.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03   93184   --sha-w-   c:\windows\system32\yuvodufu.dll
1601-01-01 00:03 . 1601-01-01 00:03   53760   --sha-w-   c:\windows\system32\zowujeba.dll
1601-01-01 00:03 . 1601-01-01 00:03   93184   --sha-w-   c:\windows\system32\zuhiwuji.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-21 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-04-18 2356088]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-29 289584]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-30 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-2-21 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages   REG_MULTI_SZ     scecli mautcfc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"quickcare"=c:\program files\Qwest\Quickcare\bin\sprtcmd.exe /P QuickCare

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Qwest\\QuickConnect\\QuickConnect.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Roxio\\Drag-to-Disc\\DrgToDsc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 12:15 PM 26104]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [1/8/2008 12:02 PM 1213728]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 1:04 AM 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2/21/2008 7:05 AM 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 6:19 AM 1184912]
.
Contents of the 'Scheduled Tasks' folder

2010-02-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 13:19]

2010-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:04]

2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://qwest.live.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080221
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: {3BF72F68-72D8-461D-A884-329D936C5581} - hxxp://www.totsites.com/admin2/includes/imageuploader5_5_6/ImageUploader5.cab
DPF: {BBF89515-EDB6-4236-8FBB-B6045290076D} - hxxp://www.totsites.com/admin2/includes/imageuploader2/ImageUploader4.cab
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\htcibwlm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ufck.org/forums/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\htcibwlm.default\extensions\[email protected]\plugins\npdevalvr.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 20:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8982F670]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecfc3
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\iaStor -> 0x8982f670
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80581684
NDIS: Intel(R) 82562V 10/100 Network Connection -> SendCompleteHandler -> 0x88ee5330
PacketIndicateHandler -> NDIS.sys @ 0xb9d9bb21
SendHandler -> NDIS.sys @ 0xb9d7987b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(800)
c:\windows\mautcfc.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(7916)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\mautcfc.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\TVersity\Media Server\MediaServer.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\stsystra.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-02-14 20:24:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-15 03:24
ComboFix2.txt 2010-02-15 02:44

Pre-Run: 211,883,958,272 bytes free
Post-Run: 211,833,806,848 bytes free

- - End Of File - - 84A5D4AB25726BA1B4F4F48262E4195B

evilfantasy · « **Reply #7 on:** February 14, 2010, 09:02:46 PM »

The Malwarebytes scan turned up more than I thought it would so we need to have a closer look at a few files.

Download GMER Rootkit Detector and save it your desktop.

* Extract it to your desktop and double-click GMER.exe
* Make sure all of the boxes on the right of the screen are checked, EXCEPT for "Show All".
* Click the Rootkit tab and then Scan.
* Don't check the Show All box while scanning in progress!
* When scanning is finished click Copy.
* This copies the log to clipboard
* Post the log in your reply.

evilfantasy · « **Reply #8 on:** February 14, 2010, 09:05:10 PM »

On second thought run this also and post the two logs it will create.

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

dkamis · « **Reply #9 on:** February 14, 2010, 09:36:04 PM »

The first one froze. Should i try and re-run it?

DDS (Ver_09-12-01.01) - NTFSx86
Run by Dan at 21:34:33.21 on Sun 02/14/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1278 [GMT -7:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://qwest.live.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080221
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/vwhpro/EN/install/gtdownlr.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {3BF72F68-72D8-461D-A884-329D936C5581} - hxxp://www.totsites.com/admin2/includes/imageuploader5_5_6/ImageUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {BBF89515-EDB6-4236-8FBB-B6045290076D} - hxxp://www.totsites.com/admin2/includes/imageuploader2/ImageUploader4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dan\applic~1\mozilla\firefox\profiles\htcibwlm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ufck.org/forums/
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\dan\application data\mozilla\firefox\profiles\htcibwlm.default\extensions\[email protected]\plugins\npdevalvr.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-2-21 30192]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1184912]

=============== Created Last 30 ================

2010-02-15 04:07:53   0   d-----w-   c:\program files\Microsoft Security Essentials
2010-02-15 03:36:34   0   d-----w-   c:\docume~1\dan\applic~1\Malwarebytes
2010-02-15 03:36:28   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 03:36:26   0   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-15 03:36:25   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-02-15 03:36:25   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-02-15 02:10:59   0   d-sha-r-   C:\cmdcons
2010-02-15 02:09:41   98816   ----a-w-   c:\windows\sed.exe
2010-02-15 02:09:41   77312   ----a-w-   c:\windows\MBR.exe
2010-02-15 02:09:41   261632   ----a-w-   c:\windows\PEV.exe
2010-02-15 02:09:41   161792   ----a-w-   c:\windows\SWREG.exe
2010-02-14 19:59:55   15880   ----a-w-   c:\windows\system32\lsdelete.exe
2010-02-14 18:36:17   0   dc-h--w-   c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-02-14 18:35:57   0   d-----w-   c:\program files\Lavasoft

==================== Find3M ====================

2010-02-15 04:27:32   0   ----a-w-   c:\windows\system32\drivers\lvuvc.hs
2010-02-15 04:27:28   0   ----a-w-   c:\windows\system32\drivers\logiflt.iad
2010-01-14 18:12:06   181120   ------w-   c:\windows\system32\MpSigStub.exe
2009-12-31 16:14:12   352640   ----a-w-   c:\windows\system32\drivers\srv.sys
2009-12-31 16:14:12   352640   ------w-   c:\windows\system32\dllcache\srv.sys
2009-12-21 13:19:18   173056   ----a-w-   c:\windows\system32\dllcache\ie4uinit.exe
2009-12-16 12:58:04   343040   ----a-w-   c:\windows\system32\mspaint.exe
2009-12-16 12:58:04   343040   ------w-   c:\windows\system32\dllcache\mspaint.exe
2009-12-14 19:15:14   2146304   ----a-w-   c:\windows\system32\GPhotos.scr
2009-12-14 07:35:35   33280   ----a-w-   c:\windows\system32\csrsrv.dll
2009-12-14 07:35:35   33280   ------w-   c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 18:14:02   2185984   ------w-   c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-08 18:11:44   2142720   ------w-   c:\windows\system32\ntoskrnl.exe
2009-12-08 18:11:44   2142720   ------w-   c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-08 17:35:25   2020864   ------w-   c:\windows\system32\ntkrnlpa.exe
2009-12-08 17:35:25   2020864   ------w-   c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 17:35:22   2063104   ------w-   c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-08 08:59:48   474112   ------w-   c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 14:41:55   453760   ------w-   c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:33:35   17920   ----a-w-   c:\windows\system32\msyuv.dll
2009-11-27 17:33:35   17920   ----a-w-   c:\windows\system32\dllcache\msyuv.dll
2009-11-27 17:33:35   1291264   ----a-w-   c:\windows\system32\quartz.dll
2009-11-27 17:33:35   1291264   ------w-   c:\windows\system32\dllcache\quartz.dll
2009-11-27 16:37:27   8704   ----a-w-   c:\windows\system32\tsbyuv.dll
2009-11-27 16:37:27   8704   ----a-w-   c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:37:27   84992   ----a-w-   c:\windows\system32\avifil32.dll
2009-11-27 16:37:27   84992   ------w-   c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:37:27   48128   ----a-w-   c:\windows\system32\iyuv_32.dll
2009-11-27 16:37:27   48128   ----a-w-   c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:37:27   28672   ----a-w-   c:\windows\system32\msvidc32.dll
2009-11-27 16:37:27   28672   ------w-   c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:37:27   11264   ----a-w-   c:\windows\system32\msrle32.dll
2009-11-27 16:37:27   11264   ------w-   c:\windows\system32\dllcache\msrle32.dll
2009-11-21 16:36:13   470528   ------w-   c:\windows\system32\dllcache\aclayers.dll

============= FINISH: 21:35:36.73 ===============

dkamis · « **Reply #10 on:** February 14, 2010, 09:39:54 PM »

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/23/2008 1:38:41 PM
System Uptime: 2/14/2010 9:26:52 PM (0 hours ago)

Motherboard: Dell Inc. | | 0WG860
Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz | Microprocessor | 2127/1066mhz
Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz | Microprocessor | 2128/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 295 GiB total, 244.78 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP626: 11/17/2009 5:02:03 AM - System Checkpoint
RP627: 11/18/2009 7:30:44 AM - System Checkpoint
RP628: 11/19/2009 8:50:00 AM - System Checkpoint
RP629: 11/20/2009 9:21:27 PM - System Checkpoint
RP630: 11/22/2009 8:56:27 AM - System Checkpoint
RP631: 11/23/2009 8:27:46 PM - System Checkpoint
RP632: 11/24/2009 8:30:54 PM - System Checkpoint
RP633: 11/26/2009 9:27:40 AM - System Checkpoint
RP634: 11/27/2009 7:06:23 AM - Software Distribution Service 3.0
RP635: 11/27/2009 7:14:26 AM - Removed Qwest Personal Digital Vault™.
RP636: 11/28/2009 7:54:10 AM - System Checkpoint
RP637: 11/29/2009 8:54:49 AM - System Checkpoint
RP638: 11/30/2009 9:06:49 AM - System Checkpoint
RP639: 12/1/2009 11:06:09 AM - System Checkpoint
RP640: 12/2/2009 12:54:52 PM - System Checkpoint
RP641: 12/3/2009 2:54:49 PM - System Checkpoint
RP642: 12/4/2009 4:53:09 PM - System Checkpoint
RP643: 12/5/2009 5:00:09 PM - System Checkpoint
RP644: 12/6/2009 8:13:30 PM - System Checkpoint
RP645: 12/7/2009 9:01:46 PM - System Checkpoint
RP646: 12/8/2009 10:54:26 PM - System Checkpoint
RP647: 12/9/2009 3:00:15 AM - Software Distribution Service 3.0
RP648: 12/10/2009 4:23:57 AM - System Checkpoint
RP649: 12/11/2009 6:24:55 AM - System Checkpoint
RP650: 12/12/2009 8:21:55 AM - System Checkpoint
RP651: 12/13/2009 8:23:56 AM - System Checkpoint
RP652: 12/14/2009 8:35:02 AM - System Checkpoint
RP653: 12/15/2009 10:35:56 AM - System Checkpoint
RP654: 12/16/2009 10:58:59 AM - System Checkpoint
RP655: 12/17/2009 12:59:56 PM - System Checkpoint
RP656: 12/18/2009 2:55:56 PM - System Checkpoint
RP657: 12/19/2009 3:08:56 PM - System Checkpoint
RP658: 12/20/2009 4:58:30 PM - System Checkpoint
RP659: 12/21/2009 6:58:30 PM - System Checkpoint
RP660: 12/22/2009 8:21:13 PM - System Checkpoint
RP661: 12/23/2009 10:09:09 PM - System Checkpoint
RP662: 12/25/2009 12:18:21 AM - System Checkpoint
RP663: 12/26/2009 2:08:13 AM - System Checkpoint
RP664: 12/27/2009 2:23:39 AM - System Checkpoint
RP665: 12/28/2009 4:09:12 AM - System Checkpoint
RP666: 12/29/2009 6:09:09 AM - System Checkpoint
RP667: 12/30/2009 6:19:25 AM - System Checkpoint
RP668: 12/31/2009 9:46:53 AM - System Checkpoint
RP669: 1/1/2010 9:55:46 AM - System Checkpoint
RP670: 1/2/2010 9:58:42 AM - System Checkpoint
RP671: 1/3/2010 10:01:42 AM - System Checkpoint
RP672: 1/4/2010 11:37:01 AM - System Checkpoint
RP673: 1/5/2010 1:49:29 PM - System Checkpoint
RP674: 1/6/2010 3:36:59 PM - System Checkpoint
RP675: 1/7/2010 5:43:43 PM - System Checkpoint
RP676: 1/8/2010 8:12:26 PM - System Checkpoint
RP677: 1/9/2010 9:04:41 PM - System Checkpoint
RP678: 1/10/2010 9:05:04 PM - System Checkpoint
RP679: 1/11/2010 10:41:43 PM - System Checkpoint
RP680: 1/12/2010 10:42:48 PM - System Checkpoint
RP681: 1/13/2010 3:00:13 AM - Software Distribution Service 3.0
RP682: 1/14/2010 3:00:16 AM - Software Distribution Service 3.0
RP683: 1/15/2010 7:33:52 AM - System Checkpoint
RP684: 1/16/2010 9:17:43 AM - System Checkpoint
RP685: 1/18/2010 6:20:32 PM - System Checkpoint
RP686: 1/19/2010 8:37:47 PM - System Checkpoint
RP687: 1/20/2010 3:00:14 AM - Software Distribution Service 3.0
RP688: 1/21/2010 4:09:53 AM - System Checkpoint
RP689: 1/22/2010 3:00:13 AM - Software Distribution Service 3.0
RP690: 1/23/2010 3:41:20 AM - System Checkpoint
RP691: 1/24/2010 5:32:01 AM - System Checkpoint
RP692: 1/25/2010 5:32:20 AM - System Checkpoint
RP693: 1/26/2010 5:36:18 AM - System Checkpoint
RP694: 1/27/2010 8:03:59 PM - System Checkpoint
RP695: 1/28/2010 9:28:00 PM - System Checkpoint
RP696: 1/29/2010 11:28:00 PM - System Checkpoint
RP697: 1/30/2010 11:31:12 PM - System Checkpoint
RP698: 1/31/2010 10:17:40 AM - Installed Windows XP -- Software Updates KB952011.
RP699: 2/1/2010 8:28:31 PM - System Checkpoint
RP700: 2/3/2010 7:10:41 AM - System Checkpoint
RP701: 2/4/2010 8:00:26 PM - System Checkpoint
RP702: 2/8/2010 8:26:48 PM - System Checkpoint
RP703: 2/9/2010 8:47:15 PM - System Checkpoint
RP704: 2/10/2010 10:59:14 PM - System Checkpoint
RP705: 2/12/2010 12:59:14 AM - System Checkpoint
RP706: 2/13/2010 4:18:01 PM - Microsoft OneCare Protection Checkpoint
RP707: 2/13/2010 4:25:47 PM - Microsoft OneCare Protection Checkpoint
RP708: 2/14/2010 10:26:02 AM - Microsoft OneCare Protection Checkpoint
RP709: 2/14/2010 7:36:32 PM - Software Distribution Service 3.0
RP710: 2/14/2010 9:10:45 PM - Software Distribution Service 3.0

==== Installed Programs ======================

µTorrent
Actiontec Gateway
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AnswerWorks 4.0 Runtime - English
AnswerWorks 5.0 English Runtime
AP Tuner 3.08
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AutoUpdate
Bonjour
Canon MP460
Choice Guard
Conexant HDA D110 MDC V.92 Modem
Connect
Cool Edit Pro 2.0
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell DataSafe Online
Dell Driver Reset Tool
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Version Checker
DivX Web Player
Documentation & Support Launcher
FLAC 1.2.1b (remove only)
Games, Music, & Photos Launcher
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB908673)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB921411)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB934428-v2)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
ieSpell
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections 11.2.1.69
Internet Service Offers Launcher
iTunes
J2SE Runtime Environment 5.0 Update 6
kuler
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.17)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
NetWaiting
PC Inspector smart recovery
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
QuickConnect
QuickTime
Qwest QuickAssist Desktop Tools
Qwest Quickcare 2.6
Qwest Windows Live Toolbar Buttons
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
SearchAssist
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Skype web features
Skype™ 4.1
Snood 4
Sonic Activation Module
Suite Shared Configuration CS4
TurboTax 2008
TurboTax 2008 wcoiper
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax Deluxe 2007
TVersity Codec Pack 1.2
TVersity Media Server 1.7.2.1 Beta
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977719)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB896256)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB914882)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB923845)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WD Diagnostics
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip 12.1

==== Event Viewer Messages From Past Week ========

2/9/2010 6:21:18 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/14/2010 8:53:52 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
2/14/2010 8:04:37 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 8:04:37 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 8:04:37 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 8:04:37 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/14/2010 8:04:36 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (dellsupportcenter) service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 8:04:36 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 8:04:36 PM, error: Service Control Manager [7034] - The LVCOMSer service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 8:04:36 PM, error: Service Control Manager [7031] - The Windows Live OneCare service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
2/14/2010 8:04:35 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 8:04:35 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 7:10:56 PM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
2/14/2010 3:59:55 PM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 3:59:44 PM, error: Service Control Manager [7031] - The OneCare Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/14/2010 3:59:09 PM, error: Service Control Manager [7034] - The Roxio Hard Drive Watcher 9 service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 12:44:23 PM, error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 3 time(s).
2/14/2010 12:43:49 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/14/2010 12:43:31 PM, error: Service Control Manager [7034] - The SupportSoft Listener Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 12:43:22 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 12:43:03 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/14/2010 12:43:01 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
2/14/2010 12:42:27 PM, error: Service Control Manager [7034] - The OneCare AntiSpyware and AntiVirus service terminated unexpectedly. It has done this 3 time(s).
2/14/2010 12:42:03 PM, error: Service Control Manager [7031] - The OneCare AntiSpyware and AntiVirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
2/14/2010 12:41:41 PM, error: Service Control Manager [7034] - The Windows Live OneCare Health Monitor service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 12:40:27 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
2/14/2010 12:39:46 PM, error: Service Control Manager [7031] - The OneCare AntiSpyware and AntiVirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
2/12/2010 7:18:33 AM, error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
2/12/2010 7:02:48 AM, error: Service Control Manager [7034] - The {8EF6A10D-6D85-4258-81165FF5D849208D} service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

evilfantasy · « **Reply #11 on:** February 14, 2010, 09:41:58 PM »

GMER froze?

Try this one.

* Download the following tool: RootRepeal - Rootkit Detector
* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

Computer Hope Forum

News:

Author Topic: Need help with Virus..."Cannot execute file....Please run Spyware" (Read 9067 times)

dkamis

Need help with Virus..."Cannot execute file....Please run Spyware"

evilfantasy

Re: Need help with Virus..."Cannot execute file....Please run Spyware"

dkamis

Re: Need help with Virus..."Cannot execute file....Please run Spyware"

evilfantasy

Re: Need help with Virus..."Cannot execute file....Please run Spyware"

dkamis

Re: Need help with Virus..."Cannot execute file....Please run Spyware"

evilfantasy

Re: Need help with Virus..."Cannot execute file....Please run Spyware"

dkamis

Re: Need help with Virus..."Cannot execute file....Please run Spyware"

evilfantasy

Re: Need help with Virus..."Cannot execute file....Please run Spyware"

evilfantasy

Re: Need help with Virus..."Cannot execute file....Please run Spyware"

dkamis

Re: Need help with Virus..."Cannot execute file....Please run Spyware"

dkamis

Re: Need help with Virus..."Cannot execute file....Please run Spyware"

evilfantasy

Re: Need help with Virus..."Cannot execute file....Please run Spyware"