Author Topic: Need of Fake Antivirus Removal (Read 19718 times)

binkow · « **on:** June 24, 2010, 08:02:08 PM »

I've got that fake antivirus thing again and it's really pissing me off. I've got malwarebytes anti-malware and I've got super antispyware and avira. I did scans with the malwarebytes and the super antispyware and they've picked up things and removed them and what not but they keep coming back it's like. I've used hijack this and created a log

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:46:00 PM, on 6/24/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\NETGEAR\WN111v2\WN111V2.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577 O1 - Hosts: ::1 localhost O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHot1.dll O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [BoM2zLAfOV] C:\Documents and Settings\Owner\Application Data\svchost.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Odegetabejuyoku] rundll32.exe "C:\WINDOWS\ijugirifad.dll",Startup O4 - Startup: scandisk.lnk = ? O4 - Global Startup: NETGEAR WN111v2 Smart Wizard.lnk = C:\Program Files\NETGEAR\WN111v2\WN111V2.exe O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{694EA325-AD70-4673-B043-F53866BD15A3}: NameServer = 93.188.162.52,93.188.161.182 O17 - HKLM\System\CCS\Services\Tcpip\..\{96DEE84C-7E1F-4615-8995-E734F4F70135}: NameServer = 93.188.162.52,93.188.161.182 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.162.52,93.188.161.182 O17 - HKLM\System\CS2\Services\Tcpip\..\{694EA325-AD70-4673-B043-F53866BD15A3}: NameServer = 93.188.162.52,93.188.161.182 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.52,93.188.161.182 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1c9a9d8168cc888) (gupdate1c9a9d8168cc888) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 12242 bytes

Now, I know everything in 017 can't be good and I've tried to fix them numeral times but they keep coming back. Also R1 can't be right? I never use proxies. I'm using firefox right now and this is the computer with the virus of course. I just ran the task manager right when I logged in before all the programs started up and ended all the virus related ones. (the ones with all the spam names: ex: egrerog3jt.exe and it worked)

binkow · « **Reply #1 on:** June 24, 2010, 08:24:21 PM »

Whoops, I thought I posted this in "Virus and spyware removal." Can a mod move it there for me?

SuperDave · « **Reply #2 on:** June 25, 2010, 12:35:57 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

==============================

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

=================================
Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5577
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Odegetabejuyoku] rundll32.exe "C:\WINDOWS\ijugirifad.dll",Startup
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

===============================

Quote

Now, I know everything in 017 can't be good and

They point to this domain. Does it look familiar to you? Is this your Internet Service Provider?

RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

If the answer to the above questions are No, place a check mark and have them fixed.
=================================

Please run these again and post the logs. I need to see them.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.

===================================

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

====================================

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

binkow · « **Reply #3 on:** June 29, 2010, 09:24:23 AM »

Here's the check up one:

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner (remove only)
Java DB 10.5.3.0
Java(TM) 6 Update 20
Java(TM) 6 Update 6
Java(TM) SE Development Kit 6 Update 18
Java(TM) SE Development Kit 6 Update 20
Out of date Java installed!
Adobe Flash Player 10.0.32.18
Adobe Reader 7.0
Out of date Adobe Reader installed!
Mozilla Firefox (3.5.10) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:

``````````End of Log````````````

[/code]

Here's the super antispyware

[code]SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/19/2010 at 10:03 PM

Application Version : 4.26.1006

Core Rules Database Version : 4058
Trace Rules Database Version: 1972

Scan type : Complete Scan
Total Scan Time : 00:09:51

Memory items scanned : 399
Memory threats detected : 0
Registry items scanned : 7200
Registry threats detected : 26
File items scanned : 6234
File threats detected : 0

Adware.Vundo Variant/Rel
   HKLM\SOFTWARE\Microsoft\MS Optimization
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL#LU
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL#CT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL#LT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+get+rid+of+the+xanga+virus
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+get+rid+of+the+xenga+virus
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+get+rid+of+the+xenga+virus#LU
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+get+rid+of+the+xenga+virus#CT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+get+rid+of+the+xenga+virus#LT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+make+programs+not+run+on+startup
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+make+programs+not+run+on+startup#LU
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+make+programs+not+run+on+startup#CT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+make+programs+not+run+on+startup#LT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+remove+xenga+virus
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+remove+xenga+virus#LU
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+remove+xenga+virus#CT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\how+to+remove+xenga+virus#LT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus#LU
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus#CT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus#LT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus+remove
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus+remove#LU
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus+remove#CT
   HKLM\SOFTWARE\Microsoft\MS Optimization\JKWL\xanga+virus+remove#LT

I'll get you the malwarebytes one soon

binkow · « **Reply #4 on:** June 29, 2010, 09:26:08 AM »

Oh, and I can't do the messenger disable thing because I've got that "server not found" virus thing and there are a bunch of websites I can't go on

I did everything else except the malwarebytes thing

SuperDave · « **Reply #5 on:** June 29, 2010, 11:08:31 AM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

=============================

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

==================================

Quote

Oh, and I can't do the messenger disable thing because I've got that "server not found" virus thing and there are a bunch of websites I can't go on

Ok, just skip the WinMessenger thing until later. Please get me the MBAM log and also do the above afterward.

binkow · « **Reply #6 on:** June 29, 2010, 07:56:44 PM »

have to use a proxy to avoid the "server not found" thing

Code: [Select]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/29/2010 9:51:33 PM
mbam-log-2010-06-29 (21-51-33).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 393743
Time elapsed: 1 hour(s), 43 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.52,93.188.161.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{694ea325-ad70-4673-b043-f53866bd15a3}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.52,93.188.161.182 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{96dee84c-7e1f-4615-8995-e734f4f70135}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.52,93.188.161.182 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

binkow · « **Reply #7 on:** June 29, 2010, 08:08:46 PM »

The virus thing I have doesn't let me go on most websites. It says "server not found." When I try to search on google when it doesn't show that all the links lead to some googleads.com/blahblah and bring me to ads. I can't update the Java thing and I can hardly do anything. This proxy isn't working, my browser is hijacked, and I got a usb thing to transfer files from laptop to pc which I can do.

SuperDave · « **Reply #8 on:** June 30, 2010, 12:50:39 PM »

Quote

The virus thing I have doesn't let me go on most websites. It says "server not found."

Which browser are you using? On a lot of these tools you will need to use Internet Explorer.

Quote

This proxy isn't working, my browser is hijacked, and I got a usb thing to transfer files from laptop to pc which I can do.

If your laptop is infected, you will infect your pc as well.

Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console[/list]

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

binkow · « **Reply #9 on:** June 30, 2010, 01:06:21 PM »

Quote

If your laptop is infected, you will infect your pc as well.

No, my pc is infected. I can't connect to the internet at all now ( server not found ) on my pc so I use my labtop to download/transfer the files on one of those usb storage devices. I'll get you that log ASAP

binkow · « **Reply #10 on:** June 30, 2010, 01:09:29 PM »

How will I be able to update using it when I don't have an internet connection? Is there a file that I can download so that I can transfer it to my pc then install it??

edit:

hang on I think it may actually be able to connect... ill get back to you in a sec

edit 2:

wow it actually installed it -- the windows recovery console thing installed successfully

binkow · « **Reply #11 on:** June 30, 2010, 01:50:43 PM »

okay same old server not found when I try to browse

ComboFix 10-06-29.04 - Owner 06/30/2010 15:28:15.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1483 [GMT -4:00]
Running from: G:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\{CE8B155C-5441-4B09-8D8C-48E0F645D3CC}
c:\documents and settings\Owner\Local Settings\Application Data\{CE8B155C-5441-4B09-8D8C-48E0F645D3CC}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{CE8B155C-5441-4B09-8D8C-48E0F645D3CC}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{CE8B155C-5441-4B09-8D8C-48E0F645D3CC}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{CE8B155C-5441-4B09-8D8C-48E0F645D3CC}\install.rdf
c:\windows\system32\spool\prtprocs\w32x86\E5a55.dll
c:\windows\system32\spool\prtprocs\w32x86\M3179o1o9.dll
c:\windows\system32\spool\prtprocs\w32x86\MYWSKUOC.dll
.
---- Previous Run -------
.
c:\documents and settings\Owner\Local Settings\Application Data\mjrifhuyc\vynthhatssd.exe
c:\documents and settings\Owner\Local Settings\Application Data\ndqicbwed\hxcvmnctssd.exe
c:\documents and settings\Owner\Recent\randominess.pif
c:\program files\Cheat Engine\dbk32.sys
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\ijugirifad.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\BReWErS.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\ernel32.dll
c:\windows\system32\GQsvvyxx.ini
c:\windows\system32\GQsvvyxx.ini2
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\spool\prtprocs\w32x86\C1s9e179.dll
c:\windows\system32\spool\prtprocs\w32x86\C93u79i.dll
c:\windows\system32\spool\prtprocs\w32x86\G7iQG7.dll
c:\windows\system32\spool\prtprocs\w32x86\K93g79a.dll
c:\windows\system32\spool\prtprocs\w32x86\O3oC9s17s.dll
c:\windows\system32\spool\prtprocs\w32x86\OC9sK7.dll
c:\windows\system32\spool\prtprocs\w32x86\UO555.dll
c:\windows\system32\spool\prtprocs\w32x86\W5u5m.dll
c:\windows\system32\spool\prtprocs\w32x86\Y1cE3a79.dll
c:\windows\system32\spool\prtprocs\w32x86\Y31oC317y.dll
c:\windows\system32\spool\prtprocs\w32x86\Y5cE5.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\wpe pro.INI
D:\Autorun.inf
H:\Autorun.inf

-- Previous Run --

Infected copy of c:\windows\system32\drivers\compbatt.sys was found and disinfected
Restored copy from - Kitty had a snack :p
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DBKDRVR54
-------\Service_DBKDRVR54

((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-29 23:56 . 2010-02-28 00:46   3691384   ----a-w-   c:\documents and settings\Owner\Application Data\Simply Super Software\Trojan Remover\oubA7.exe
2010-06-29 23:40 . 2006-06-19 16:01   69632   ----a-w-   c:\windows\system32\ztvcabinet.dll
2010-06-29 23:40 . 2006-05-25 18:52   162304   ----a-w-   c:\windows\system32\ztvunrar36.dll
2010-06-29 23:40 . 2005-08-26 04:50   77312   ----a-w-   c:\windows\system32\ztvunace26.dll
2010-06-29 23:40 . 2003-02-02 23:06   153088   ----a-w-   c:\windows\system32\UNRAR3.dll
2010-06-29 23:40 . 2002-03-06 04:00   75264   ----a-w-   c:\windows\system32\unacev2.dll
2010-06-29 23:40 . 2010-06-29 23:55   --------   d-----w-   c:\program files\Trojan Remover
2010-06-29 23:40 . 2010-06-29 23:40   --------   d-----w-   c:\documents and settings\Owner\Application Data\Simply Super Software
2010-06-29 23:40 . 2010-06-29 23:40   --------   d-----w-   c:\documents and settings\All Users\Application Data\Simply Super Software
2010-06-29 02:22 . 2008-04-14 00:12   50176   -c--a-w-   c:\windows\system32\dllcache\proquota.exe
2010-06-29 02:22 . 2008-04-14 00:12   50176   ----a-w-   c:\windows\system32\proquota.exe
2010-06-25 21:18 . 2010-06-27 21:56   664   ----a-w-   c:\windows\system32\d3d9caps.dat
2010-06-25 18:14 . 2010-06-25 18:16   --------   d-----w-   c:\documents and settings\LocalService\Application Data\PriceGong
2010-06-25 18:14 . 2010-06-25 18:14   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2010-06-25 18:14 . 2010-06-25 18:14   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Hotspot_Shield
2010-06-25 18:14 . 2010-06-25 18:14   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\DVDVideoSoftTB
2010-06-25 02:51 . 2010-06-25 02:51   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-06-24 18:58 . 2010-06-24 18:58   --------   d-----w-   C:\spoolerlogs
2010-06-24 18:46 . 2010-06-24 18:46   203968   ----a-w-   c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-24 14:29 . 2010-06-24 15:56   --------   d-----w-   c:\documents and settings\Owner\Application Data\Command and Conquer 4
2010-06-24 14:12 . 2010-06-24 14:12   49664   ----a-w-   c:\documents and settings\Owner\Application Data\dbd85940.exe
2010-06-24 13:49 . 2010-06-29 23:08   --------   d-----w-   c:\documents and settings\Owner\Application Data\PriceGong
2010-06-23 09:47 . 2010-06-23 09:47   --------   d-----w-   c:\documents and settings\Owner\Command & Conquer 3 Tiberium Wars
2010-06-23 03:28 . 2010-06-29 22:43   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\DVDVideoSoftTB
2010-06-23 03:28 . 2010-06-24 13:49   --------   d-----w-   c:\program files\DVDVideoSoftTB
2010-06-23 03:28 . 2010-06-23 03:28   52224   ----a-w-   c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-06-23 03:28 . 2010-06-23 03:28   101376   ----a-w-   c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-06-21 01:35 . 2010-06-21 01:35   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Ironclad Games
2010-06-21 01:35 . 2010-06-21 01:35   --------   d--h--w-   c:\documents and settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2010-06-21 01:35 . 2008-01-18 20:26   2763784   ----a-w-   c:\documents and settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}\setup.exe
2010-06-21 01:29 . 2010-06-21 01:29   --------   d-----w-   c:\program files\Stardock Games
2010-06-21 01:22 . 2010-06-21 01:22   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Stardock
2010-06-20 17:53 . 2010-06-20 17:53   --------   d-----w-   c:\program files\Daniusoft
2010-06-20 17:47 . 2003-03-19 02:20   1060864   ----a-w-   c:\windows\system32\MFC71.DLL
2010-06-20 17:47 . 2010-06-20 17:47   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Cucusoft
2010-06-20 17:47 . 2009-07-01 19:16   94854   ----a-w-   c:\windows\system32\HKCU_GNU.reg
2010-06-20 17:47 . 2009-02-26 20:34   2004   ----a-w-   c:\windows\system32\HKLM_GNU.reg
2010-06-20 17:47 . 2008-12-18 05:22   57344   ----a-w-   c:\windows\system32\ff_vfw.dll
2010-06-20 17:47 . 2008-06-15 14:01   60273   ----a-w-   c:\windows\system32\pthreadGC2.dll
2010-06-20 17:47 . 2009-08-12 20:48   270336   ----a-w-   c:\windows\system32\cdg.dll
2010-06-20 17:47 . 2006-09-27 21:46   348160   ----a-w-   c:\windows\system32\cdga.dll
2010-06-20 17:47 . 2006-07-18 01:42   14909   ----a-w-   c:\windows\system32\A_reg.reg
2010-06-20 17:47 . 2010-06-20 17:47   --------   d-----w-   c:\program files\Cucusoft
2010-06-20 17:46 . 2010-06-20 17:47   --------   d-----w-   c:\documents and settings\Owner\Application Data\GetRightToGo
2010-06-20 17:14 . 2010-06-20 17:51   --------   d-----w-   c:\documents and settings\Owner\Application Data\Apple Computer
2010-06-20 17:14 . 2009-05-18 17:17   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-19 19:54 . 2010-06-19 19:54   4710   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_7fdf717c.exe
2010-06-19 19:54 . 2010-06-19 19:54   4710   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_3f947574.exe
2010-06-19 19:54 . 2010-06-19 19:54   4710   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_188e3184.exe
2010-06-19 19:54 . 2010-06-19 19:54   1078   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_2e8633c1.exe
2010-06-19 19:54 . 2010-06-19 19:54   --------   d-----w-   c:\program files\PAK Explorer
2010-06-19 00:33 . 2010-06-30 19:34   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-06-19 00:33 . 2010-06-30 19:19   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn Hamachi
2010-06-19 00:33 . 2010-06-19 00:33   --------   d-----w-   c:\program files\LogMeIn Hamachi
2010-06-18 14:02 . 2010-06-19 04:27   --------   d-----w-   c:\program files\SpeedFan
2010-06-18 13:49 . 2010-06-18 13:54   --------   d-----w-   c:\program files\CPU Thermometer
2010-06-16 00:01 . 2010-06-16 00:01   72504   ----a-w-   c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-15 01:36 . 2010-06-15 01:41   --------   d-----w-   c:\documents and settings\Owner\wurm
2010-06-15 01:35 . 2010-06-15 01:35   61952   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-3122e20d-2.4.2--n\jinput-dx8.dll
2010-06-15 01:35 . 2010-06-15 01:35   59392   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-3122e20d-2.4.2--n\jinput-raw.dll
2010-06-15 01:35 . 2010-06-15 01:35   20480   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\30\3ab3ff1e-5d215454-1.1.1--n\jogl_awt.dll
2010-06-15 01:35 . 2010-06-15 01:35   315392   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\30\3ab3ff1e-5d215454-1.1.1--n\jogl.dll
2010-06-15 01:35 . 2010-06-15 01:35   20480   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\20\68ca514-35036d87-1.0b06--n\gluegen-rt.dll
2010-06-15 01:35 . 2010-06-15 01:35   193024   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-3122e20d-2.4.2--n\lwjgl.dll
2010-06-15 01:35 . 2010-06-15 01:35   114688   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\30\3ab3ff1e-5d215454-1.1.1--n\jogl_cg.dll
2010-06-15 01:35 . 2010-06-15 01:35   108032   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\f83d062-3122e20d-2.4.2--n\OpenAL32.dll
2010-06-13 00:53 . 2010-06-13 00:57   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Oblivion
2010-06-09 09:37 . 2010-06-09 09:37   --------   d-----w-   c:\program files\Ubisoft
2010-06-08 02:18 . 2010-06-08 02:18   --------   d-----w-   c:\program files\MegaDev
2010-06-08 02:16 . 2010-06-29 01:19   120   ----a-w-   c:\windows\Ivedetilarejuco.dat
2010-06-08 02:16 . 2010-06-28 12:11   0   ----a-w-   c:\windows\Xsuyo.bin
2010-06-08 02:15 . 2010-06-08 02:15   --------   d-----w-   c:\windows\system32\msapps
2010-06-06 12:30 . 2010-06-06 12:30   --------   d-----w-   c:\documents and settings\All Users\Application Data\Solidshield
2010-06-06 11:32 . 2010-06-06 11:32   --------   d-----w-   c:\program files\GameSpy
2010-06-06 04:35 . 2010-06-06 04:35   503808   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7514f039-n\msvcp71.dll
2010-06-06 04:35 . 2010-06-06 04:35   499712   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7514f039-n\jmc.dll
2010-06-06 04:35 . 2010-06-06 04:35   348160   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7514f039-n\msvcr71.dll
2010-06-06 04:35 . 2010-06-06 04:35   12800   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-404cc129-n\decora-d3d.dll
2010-06-06 04:35 . 2010-06-06 04:35   61440   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-404cc129-n\decora-sse.dll
2010-06-06 01:57 . 2010-06-06 12:30   --------   d-----w-   c:\documents and settings\Owner\Application Data\Ubisoft
2010-06-06 01:55 . 2010-06-06 01:55   --------   d-----w-   c:\documents and settings\Owner\Application Data\SeriousBit
2010-06-06 01:54 . 2010-06-06 01:54   --------   d-----w-   C:\SeriousBit
2010-06-06 01:54 . 2010-06-06 01:55   --------   d-----w-   c:\program files\NetBalancer
2010-06-06 01:51 . 2010-05-15 04:04   28776   ----a-w-   c:\windows\system32\drivers\nbdrv.sys
2010-06-06 00:32 . 2010-06-06 00:32   --------   d-----w-   c:\documents and settings\Owner\Application Data\Roaming
2010-06-05 17:48 . 2010-06-05 17:48   --------   d-----w-   c:\documents and settings\All Users\Application Data\hsswpr
2010-06-05 17:38 . 2010-06-24 13:49   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Conduit
2010-06-05 17:38 . 2010-06-05 17:49   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Hotspot_Shield
2010-06-05 17:38 . 2010-06-05 17:38   --------   d-----w-   c:\program files\Conduit
2010-06-05 17:38 . 2010-06-05 17:49   --------   d-----w-   c:\program files\Hotspot_Shield
2010-06-05 17:36 . 2010-06-05 17:48   --------   d-----w-   C:\Hotspot Shield
2010-06-05 01:09 . 2010-06-05 01:09   411368   ----a-w-   c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 02:02 . 2006-09-26 18:28   --------   d-----w-   c:\program files\Java
2010-06-30 01:52 . 2009-03-19 11:33   --------   d-----w-   c:\documents and settings\Owner\Application Data\BitTorrent
2010-06-29 23:58 . 2009-01-25 04:49   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2010-06-29 13:43 . 2010-03-20 05:05   52224   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-29 13:43 . 2009-05-31 18:44   117760   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-29 13:38 . 2006-09-26 18:35   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-29 02:21 . 2008-11-16 04:07   --------   d-----w-   c:\program files\Cheat Engine
2010-06-28 00:29 . 2006-09-26 18:27   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-06-24 22:28 . 2009-06-03 01:14   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-06-24 13:28 . 2008-01-13 16:48   --------   d-----w-   c:\program files\Electronic Arts
2010-06-23 03:23 . 2010-05-01 02:03   --------   d-----w-   c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers
2010-06-23 03:22 . 2008-12-19 15:19   --------   d-----w-   c:\program files\Common Files\DVDVideoSoft
2010-06-20 17:14 . 2010-06-20 17:13   --------   d-----w-   c:\program files\iTunes
2010-06-20 17:14 . 2010-06-20 17:13   --------   d-----w-   c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-20 17:13 . 2010-06-20 17:13   --------   d-----w-   c:\program files\iPod
2010-06-20 17:13 . 2010-06-20 17:10   --------   d-----w-   c:\program files\Common Files\Apple
2010-06-20 17:13 . 2010-06-20 17:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-20 17:12 . 2006-09-26 18:36   --------   d-----w-   c:\program files\QuickTime
2010-06-20 17:11 . 2010-06-20 17:11   --------   d-----w-   c:\program files\Apple Software Update
2010-06-20 17:10 . 2010-06-20 17:10   --------   d-----w-   c:\program files\Bonjour
2010-06-20 17:10 . 2010-06-20 17:10   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2010-06-11 19:00 . 2008-05-08 00:02   --------   d-----w-   c:\program files\Post Nuke 2 D Game
2010-06-10 17:07 . 2008-11-04 21:43   42   ----a-w-   c:\documents and settings\Owner\jagex_runescape_preferences.dat
2010-06-07 19:49 . 2009-09-13 20:08   87   ----a-w-   c:\documents and settings\Owner\jagex_runescape_preferences2.dat
2010-06-06 18:17 . 2007-12-26 00:59   101984   ----a-w-   c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-06 11:33 . 2008-01-02 21:31   107888   ----a-w-   c:\windows\system32\CmdLineExt.dll
2010-06-06 11:31 . 2010-03-27 12:42   22328   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2010-06-06 11:31 . 2009-07-13 20:08   22328   ----a-w-   c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2010-06-06 11:31 . 2009-07-13 20:08   22328   ----a-w-   c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2010-06-06 11:31 . 2008-02-09 20:00   103736   ----a-w-   c:\windows\system32\PnkBstrB.exe
2010-06-06 11:31 . 2008-02-09 20:00   66872   ----a-w-   c:\windows\system32\PnkBstrA.exe
2010-06-06 11:31 . 2009-07-13 20:07   669184   ----a-w-   c:\windows\system32\pbsvc.exe
2010-06-05 01:10 . 2006-09-26 18:28   --------   d-----w-   c:\program files\Common Files\Java
2010-06-05 01:01 . 2010-01-23 05:53   --------   d-----w-   c:\program files\RS2Botv2
2010-05-31 20:19 . 2009-10-19 12:15   0   ----a-w-   c:\documents and settings\Owner\ntuser.tmp
2010-05-30 20:16 . 2008-04-26 15:13   --------   d-----w-   c:\program files\EA GAMES
2010-05-29 15:25 . 2010-01-08 21:51   --------   d-----w-   c:\documents and settings\Owner\Application Data\Tropico 3
2010-05-21 01:07 . 2010-05-21 01:07   --------   d-----w-   c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2010-05-18 20:35 . 2010-05-18 20:35   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
2010-05-18 20:35 . 2010-05-18 20:35   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-05-13 22:05 . 2010-05-13 22:05   32768   ----a-w-   c:\windows\system32\drivers\taphss.sys
2010-05-13 10:11 . 2009-05-14 13:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-12 10:22 . 2006-09-26 18:23   --------   d-----w-   c:\program files\Google
2010-05-09 19:12 . 2009-03-19 11:32   --------   d-----w-   c:\documents and settings\Owner\Application Data\DNA
2010-05-06 20:34 . 2009-03-19 11:32   --------   d-----w-   c:\program files\DNA
2010-05-06 01:22 . 2009-03-19 21:19   --------   d-----w-   c:\program files\AV Vcs 6.0 DIAMOND
2010-05-06 00:06 . 2010-05-06 00:06   --------   d-----w-   c:\program files\CPUID
2010-05-04 21:48 . 2008-10-14 02:25   --------   d-----w-   c:\program files\GameSpy Arcade
2010-05-01 15:56 . 2010-05-01 15:56   0   ----a-w-   c:\documents and settings\Owner\jagex__preferences3.dat
2010-04-29 19:39 . 2009-06-03 01:14   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-06-03 01:14   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-04-20 00:47 . 2010-06-20 17:11   3062048   ----a-w-   c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2010-06-20 17:11   41984   ----a-w-   c:\windows\system32\drivers\usbaapl.sys
2010-04-14 23:56 . 2009-09-04 19:32   25   ----a-w-   c:\windows\popcinfot.dat
2008-10-25 16:38 . 2008-10-25 16:38   13065   ----a-w-   c:\program files\Common Files\ferowe.db
2008-03-20 02:34 . 2008-03-19 23:41   414944   ----a-w-   c:\program files\COMCT332.OCX
2009-05-01 21:02 . 2009-05-01 21:02   1044480   ----a-w-   c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02   200704   ----a-w-   c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2009-05-01 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-05-01 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-14 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-26 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-26 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-06-24 13:49   2736736   ----a-w-   c:\program files\DVDVideoSoftTB\tbDVD1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2010-06-05 17:49   2515552   ----a-w-   c:\program files\Hotspot_Shield\tbHot1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-06-05 2515552]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-06-24 2736736]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-06-05 2515552]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-06-24 2736736]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-28 1165192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 07:43   67488   ----a-w-   c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-07-09 20:07   49968   ----a-w-   c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43   69632   ----a-w-   c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-10-19 00:42   79448   ----a-w-   c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-04-17 22:14   98616   ----a-w-   c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-14 04:05   344064   ----a-w-   c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-05-06 20:34   323392   ----a-w-   c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12   15360   ----a-w-   c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11   3325952   ----a-w-   c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-09-26 18:23   169984   ----a-w-   c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44   31072   ----a-w-   c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2005-08-17 19:41   749568   ----a-w-   c:\program files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-07-13 20:00   28739   ----a-w-   c:\program files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 19:54   5674352   ----a-w-   c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 15:29   1657376   ----a-w-   c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16   421888   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42   212992   -c--a-w-   c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24   966656   ----a-w-   c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 10:01   32768   ----a-w-   c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-17 07:34   16143872   ----a-w-   c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-30 01:11   61440   ----a-w-   c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-30 23:45   68856   ----a-w-   c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
2008-08-26 16:48   2019624   ----a-w-   c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-07-13 20:00   24576   ----a-w-   c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"h:\\Files\\Steam\\Steam.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\half-life\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\dedicated server\\hlds.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\counter-strike\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\team fortress classic\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\day of defeat\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud\\FamilyFeud.exe"=
"h:\\Files\\Steam\\steamapps\\common\\cabela's trophy bucks\\Bin\\Ctb.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud 2\\FamilyFeud.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\opposing force\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud 3\\FamilyFeud3.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\ricochet\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud 4\\FamilyFeud4.exe"=
"h:\\Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"h:\\Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"h:\\Files\\Steam\\steamapps\\common\\world in conflict\\wic.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"h:\\Files\\Steam\\steamapps\\common\\tropico 3\\tropico3.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\dawn of discovery\\tools\\AddonWeb.exe"=
"h:\\Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\zombie panic! source\\hl2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\oblivion\\OblivionLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\counter-strike source\\hl2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\crysis\\Bin32\\Crysis.exe"=
"h:\\Files\\Games\\Settlers7\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"h:\\Files\\Steam\\steamapps\\common\\men of war\\mow.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"h:\\Files\\Steam\\steamapps\\common\\arma 2\\ArmA2Server.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\garrysmod\\hl2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\arma 2\\arma2.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Downloads

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 5:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 5:22 PM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/12/2009 6:42 PM 135336]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [5/5/2010 8:06 PM 20968]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
R2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [6/5/2010 9:54 PM 10752]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 7:45 PM 57440]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [6/5/2010 9:51 PM 28776]
S2 gupdate1c9a9d8168cc888;Google Update Service (gupdate1c9a9d8168cc888);c:\program files\Google\Update\GoogleUpdate.exe [3/20/2009 11:49 PM 133104]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 3:10 PM 17149]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 12:44 AM 69692]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 2:54 PM 360547]
S3 Mnmderywwcd;Mnmderywwcd;

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 5:22 PM 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [3/27/2009 5:23 PM 23064]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 6:24 AM 453120]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/19/2009 6:35 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-06-30 c:\windows\Tasks\dbd85940.job
- c:\documents and settings\Owner\Application Data\dbd85940.exe [2010-06-24 14:12]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 03:49]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 03:49]

2007-12-26 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-05-07 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
ShellExecuteHooks-{3ccae3b2-9dc3-4f1f-998d-6f9e21bdaef9} - (no file)
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\McUpdate.exe
MSConfigStartUp-MPFEXE - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
MSConfigStartUp-MSKDetectorExe - c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe
MSConfigStartUp-OASClnt - c:\program files\McAfee.com\VSO\oasclnt.exe
MSConfigStartUp-Odegetabejuyoku - c:\windows\ijugirifad.dll
MSConfigStartUp-Steam - c:\documents and settings\owner\desktop\steam\steam.exe
MSConfigStartUp-VirusScan Online - c:\progra~1\mcafee.com\vso\mcvsshld.exe
MSConfigStartUp-VSOCheckTask - c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe
AddRemove-ArmA 2 - h:\files\Games\Bohemia Interactive\UnInstall.exe
AddRemove-CrosuS - c:\program files\CrosuS\uninstall.exe
AddRemove-Logon Loader - c:\program files\Logon Loader\uninst.exe
AddRemove-NSSSetupTemp.{3FADAA19-E595-44CA-A072-58B6B0851768} - c:\program files\Common Files\Symantec Shared\NSSSetup\{3FADAA19-E595-44CA-A072-58B6B0851768}_2_0_0\NSSSetup.exe
AddRemove-SSIII Solo Ultratus - c:\program files\SSIII Solo Ultratus\uninst.exe
AddRemove-Steam - c:\docume~1\Owner\Desktop\steam\UNWISE.EXE
AddRemove-Steam App 17500 - c:\documents and settings\owner\desktop\steam\steam.exe
AddRemove-Steam App 205 - c:\documents and settings\Owner\Desktop\steam\steam.exe
AddRemove-Steam App 218 - c:\documents and settings\owner\desktop\steam\steam.exe
AddRemove-Steam App 33900 - c:\documents and settings\Owner\Desktop\steam\steam.exe
AddRemove-Steam App 4000 - c:\documents and settings\Owner\Desktop\steam\steam.exe
AddRemove-Steam App 5 - c:\documents and settings\owner\desktop\steam\steam.exe
AddRemove-Steam App 550 - c:\documents and settings\Owner\Desktop\steam\steam.exe
AddRemove-Steam App 70 - c:\documents and settings\owner\desktop\steam\steam.exe
AddRemove-Wyvern Client - c:\progra~1\Java\JRE15~1.0_0\bin\javaw.exe
AddRemove-Wyvern Map Editor - c:\progra~1\Java\JRE15~1.0_0\bin\javaw.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-30 15:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3622105252-4212685542-302905379-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ee,51,dc,78,11,1e,2d,6e,32,46,b3,96,8a,47,b1,23,24,da,51,8c,e6,d8,a6,
43,44,8d,09,e2,25,b1,e1,2b,09,e2,91,16,b3,16,83,ed,aa,e1,7a,cd,35,e4,a2,fd,\
"??"=hex:d2,8a,3d,7f,d6,ee,ff,ab,38,51,7b,8c,dc,d7,d2,0c

[HKEY_USERS\S-1-5-21-3622105252-4212685542-302905379-1003\Software\SecuROM\License information*]
"datasecu"=hex:79,50,6f,67,d0,1b,76,a1,5c,00,75,9c,a3,1a,39,64,45,51,4b,4e,86,
48,5a,7e,d4,ec,62,74,5f,97,b7,e1,34,15,2e,99,21,b2,24,7a,ae,dd,e0,f1,ed,08,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c

[HKEY_LOCAL_MACHINE\software\Microsoft\MS Optimization\JKWL]
@DACL=(02 0000)
"LU"="http://www.google.com/search?hl=en&q=&rlz=1R2GWYE_en&aq=f&oq="
"CT"=dword:00000001
"LT"=hex:59,35,4e,0e,31,d6,c9,01
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1568)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-06-30 15:42:44
ComboFix-quarantined-files.txt 2010-06-30 19:42

Pre-Run: 24,838,205,440 bytes free
Post-Run: 24,280,346,624 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 3A96BF718C1CFC8BF4B59B073C75F974
]

SuperDave · « **Reply #12 on:** June 30, 2010, 04:39:58 PM »

What browser are you using?

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

* ViewMgr.exe - Useless
* Viewpoint to Plunge Into Adware

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
* Viewpoint Experience Technology

==========================

P2P - I see you have P2P software installed on your machine. (BitTorrent) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

==================================

Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners
If you agree, please uninstall RegistryBooster

=================================

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\windows\Ivedetilarejuco.dat
c:\windows\Xsuyo.bin
c:\windows\popcinfot.dat
c:\windows\Alcmtr.exe

DDS::
uInternet Settings,ProxyOverride = <local>

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

binkow · « **Reply #13 on:** July 01, 2010, 08:10:26 AM »

I use firefox

There is no viewpoint anything anymore under add/remove programs since I did uninstall it before like you said. I uninstalled registry booster too.

Not to worry, the only reason I even use bit torrent is to be able to download a couple files that could even be opened with that. It was just some photos though and another time it was just some junk.

Here's the log:

Code: [Select]

ComboFix 10-06-29.04 - Owner 07/01/2010   9:37.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2046.1567 [GMT -4:00]
Running from: J:\ComboFix.exe
Command switches used :: J:\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\Alcmtr.exe"
"c:\windows\Ivedetilarejuco.dat"
"c:\windows\popcinfot.dat"
"c:\windows\Xsuyo.bin"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Alcmtr.exe
c:\windows\Ivedetilarejuco.dat
c:\windows\popcinfot.dat
c:\windows\Xsuyo.bin

.
(((((((((((((((((((((((((   Files Created from 2010-06-01 to 2010-07-01  )))))))))))))))))))))))))))))))
.

2010-07-01 13:46 . 2010-07-01 13:46 49664 ----a-w- c:\windows\system32\ernel32.dll
2010-07-01 13:46 . 2010-06-24 14:12 49664 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\C3sK93gM9.dll
2010-06-29 23:40 . 2006-06-19 16:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-06-29 23:40 . 2006-05-25 18:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-06-29 23:40 . 2005-08-26 04:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-06-29 23:40 . 2003-02-02 23:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-06-29 23:40 . 2002-03-06 04:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-06-29 23:40 . 2010-06-29 23:55 -------- d-----w- c:\program files\Trojan Remover
2010-06-29 23:40 . 2010-06-29 23:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Simply Super Software
2010-06-29 23:40 . 2010-06-29 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-06-29 02:22 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2010-06-29 02:22 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2010-06-25 21:18 . 2010-06-27 21:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-25 18:14 . 2010-06-25 18:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\PriceGong
2010-06-25 18:14 . 2010-06-25 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
2010-06-25 18:14 . 2010-06-25 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Hotspot_Shield
2010-06-25 18:14 . 2010-06-25 18:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\DVDVideoSoftTB
2010-06-25 02:51 . 2010-06-25 02:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-06-24 18:58 . 2010-06-24 18:58 -------- d-----w- C:\spoolerlogs
2010-06-24 18:46 . 2010-06-24 18:46 203968 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-24 14:29 . 2010-06-24 15:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Command and Conquer 4
2010-06-24 13:49 . 2010-06-29 23:08 -------- d-----w- c:\documents and settings\Owner\Application Data\PriceGong
2010-06-23 09:47 . 2010-06-23 09:47 -------- d-----w- c:\documents and settings\Owner\Command & Conquer 3 Tiberium Wars
2010-06-23 03:28 . 2010-06-29 22:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DVDVideoSoftTB
2010-06-23 03:28 . 2010-06-24 13:49 -------- d-----w- c:\program files\DVDVideoSoftTB
2010-06-21 01:35 . 2010-06-21 01:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ironclad Games
2010-06-21 01:35 . 2010-06-21 01:35 -------- d--h--w- c:\documents and settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}
2010-06-21 01:29 . 2010-06-21 01:29 -------- d-----w- c:\program files\Stardock Games
2010-06-21 01:22 . 2010-06-21 01:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Stardock
2010-06-20 17:53 . 2010-06-20 17:53 -------- d-----w- c:\program files\Daniusoft
2010-06-20 17:47 . 2003-03-19 02:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-06-20 17:47 . 2010-06-20 17:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Cucusoft
2010-06-20 17:47 . 2009-07-01 19:16 94854 ----a-w- c:\windows\system32\HKCU_GNU.reg
2010-06-20 17:47 . 2009-02-26 20:34 2004 ----a-w- c:\windows\system32\HKLM_GNU.reg
2010-06-20 17:47 . 2008-12-18 05:22 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-20 17:47 . 2008-06-15 14:01 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-06-20 17:47 . 2009-08-12 20:48 270336 ----a-w- c:\windows\system32\cdg.dll
2010-06-20 17:47 . 2006-09-27 21:46 348160 ----a-w- c:\windows\system32\cdga.dll
2010-06-20 17:47 . 2006-07-18 01:42 14909 ----a-w- c:\windows\system32\A_reg.reg
2010-06-20 17:47 . 2010-06-20 17:47 -------- d-----w- c:\program files\Cucusoft
2010-06-20 17:46 . 2010-06-20 17:47 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo
2010-06-20 17:14 . 2010-06-20 17:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-06-20 17:14 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-06-19 19:54 . 2010-06-19 19:54 -------- d-----w- c:\program files\PAK Explorer
2010-06-19 00:33 . 2010-07-01 13:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\LogMeIn Hamachi
2010-06-19 00:33 . 2010-07-01 13:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2010-06-19 00:33 . 2010-06-19 00:33 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-18 14:02 . 2010-06-19 04:27 -------- d-----w- c:\program files\SpeedFan
2010-06-18 13:49 . 2010-06-18 13:54 -------- d-----w- c:\program files\CPU Thermometer
2010-06-15 01:36 . 2010-06-15 01:41 -------- d-----w- c:\documents and settings\Owner\wurm
2010-06-13 00:53 . 2010-06-13 00:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Oblivion
2010-06-09 09:37 . 2010-06-09 09:37 -------- d-----w- c:\program files\Ubisoft
2010-06-08 02:18 . 2010-06-08 02:18 -------- d-----w- c:\program files\MegaDev
2010-06-08 02:15 . 2010-06-08 02:15 -------- d-----w- c:\windows\system32\msapps
2010-06-06 12:30 . 2010-06-06 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield
2010-06-06 11:32 . 2010-06-06 11:32 -------- d-----w- c:\program files\GameSpy
2010-06-06 01:57 . 2010-06-06 12:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Ubisoft
2010-06-06 01:55 . 2010-06-06 01:55 -------- d-----w- c:\documents and settings\Owner\Application Data\SeriousBit
2010-06-06 01:54 . 2010-06-06 01:54 -------- d-----w- C:\SeriousBit
2010-06-06 01:54 . 2010-06-06 01:55 -------- d-----w- c:\program files\NetBalancer
2010-06-06 01:51 . 2010-05-15 04:04 28776 ----a-w- c:\windows\system32\drivers\nbdrv.sys
2010-06-06 00:32 . 2010-06-06 00:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Roaming
2010-06-05 17:48 . 2010-06-05 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\hsswpr
2010-06-05 17:38 . 2010-06-24 13:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit
2010-06-05 17:38 . 2010-06-05 17:49 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Hotspot_Shield
2010-06-05 17:38 . 2010-06-05 17:38 -------- d-----w- c:\program files\Conduit
2010-06-05 17:38 . 2010-06-05 17:49 -------- d-----w- c:\program files\Hotspot_Shield
2010-06-05 17:36 . 2010-06-05 17:48 -------- d-----w- C:\Hotspot Shield
2010-06-05 01:09 . 2010-06-05 01:09 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 02:02 . 2006-09-26 18:28 -------- d-----w- c:\program files\Java
2010-06-30 01:52 . 2009-03-19 11:33 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2010-06-29 23:58 . 2009-01-25 04:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-29 13:38 . 2006-09-26 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-06-29 02:21 . 2008-11-16 04:07 -------- d-----w- c:\program files\Cheat Engine
2010-06-28 00:29 . 2006-09-26 18:27 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-24 22:28 . 2009-06-03 01:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-24 14:12 . 2010-06-24 14:12 49664 ----a-w- c:\documents and settings\Owner\Application Data\dbd85940.exe
2010-06-24 13:28 . 2008-01-13 16:48 -------- d-----w- c:\program files\Electronic Arts
2010-06-23 03:23 . 2010-05-01 02:03 -------- d-----w- c:\documents and settings\Owner\Application Data\DVDVideoSoftIEHelpers
2010-06-23 03:22 . 2008-12-19 15:19 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-20 17:14 . 2010-06-20 17:13 -------- d-----w- c:\program files\iTunes
2010-06-20 17:14 . 2010-06-20 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-20 17:13 . 2010-06-20 17:13 -------- d-----w- c:\program files\iPod
2010-06-20 17:13 . 2010-06-20 17:10 -------- d-----w- c:\program files\Common Files\Apple
2010-06-20 17:13 . 2010-06-20 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-06-20 17:12 . 2006-09-26 18:36 -------- d-----w- c:\program files\QuickTime
2010-06-20 17:11 . 2010-06-20 17:11 -------- d-----w- c:\program files\Apple Software Update
2010-06-20 17:10 . 2010-06-20 17:10 -------- d-----w- c:\program files\Bonjour
2010-06-20 17:10 . 2010-06-20 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-06-11 19:00 . 2008-05-08 00:02 -------- d-----w- c:\program files\Post Nuke 2 D Game
2010-06-10 17:07 . 2008-11-04 21:43 42 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences.dat
2010-06-07 19:49 . 2009-09-13 20:08 87 ----a-w- c:\documents and settings\Owner\jagex_runescape_preferences2.dat
2010-06-06 18:17 . 2007-12-26 00:59 101984 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-06 11:33 . 2008-01-02 21:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-06-06 11:31 . 2010-03-27 12:42 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-06-06 11:31 . 2009-07-13 20:08 22328 ----a-w- c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2010-06-06 11:31 . 2008-02-09 20:00 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-06-06 11:31 . 2008-02-09 20:00 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-06-06 11:31 . 2009-07-13 20:07 669184 ----a-w- c:\windows\system32\pbsvc.exe
2010-06-05 01:10 . 2006-09-26 18:28 -------- d-----w- c:\program files\Common Files\Java
2010-06-05 01:01 . 2010-01-23 05:53 -------- d-----w- c:\program files\RS2Botv2
2010-05-31 20:19 . 2009-10-19 12:15 0 ----a-w- c:\documents and settings\Owner\ntuser.tmp
2010-05-30 20:16 . 2008-04-26 15:13 -------- d-----w- c:\program files\EA GAMES
2010-05-29 15:25 . 2010-01-08 21:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Tropico 3
2010-05-21 01:07 . 2010-05-21 01:07 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2010-05-18 20:35 . 2010-05-18 20:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:35 . 2010-05-18 20:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 20:35 . 2010-05-18 20:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:35 . 2010-05-18 20:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-13 22:05 . 2010-05-13 22:05 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-05-13 10:11 . 2009-05-14 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-12 10:22 . 2006-09-26 18:23 -------- d-----w- c:\program files\Google
2010-05-09 19:12 . 2009-03-19 11:32 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2010-05-06 20:34 . 2009-03-19 11:32 -------- d-----w- c:\program files\DNA
2010-05-06 01:22 . 2009-03-19 21:19 -------- d-----w- c:\program files\AV Vcs 6.0 DIAMOND
2010-05-06 00:06 . 2010-05-06 00:06 -------- d-----w- c:\program files\CPUID
2010-05-04 21:48 . 2008-10-14 02:25 -------- d-----w- c:\program files\GameSpy Arcade
2010-05-01 15:56 . 2010-05-01 15:56 0 ----a-w- c:\documents and settings\Owner\jagex__preferences3.dat
2010-04-29 19:39 . 2009-06-03 01:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-06-03 01:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 00:47 . 2010-06-20 17:11 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-20 00:47 . 2010-06-20 17:11 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2008-10-25 16:38 . 2008-10-25 16:38 13065 ----a-w- c:\program files\Common Files\ferowe.db
2008-03-20 02:34 . 2008-03-19 23:41 414944 ----a-w- c:\program files\COMCT332.OCX
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2009-05-01 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-05-01 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-14 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-26 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-26 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-06-24 13:49 2736736 ----a-w- c:\program files\DVDVideoSoftTB\tbDVD1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2010-06-05 17:49 2515552 ----a-w- c:\program files\Hotspot_Shield\tbHot1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-06-05 2515552]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-06-24 2736736]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-06-05 2515552]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVD1.dll" [2010-06-24 2736736]

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-07-18 257440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-28 1165192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-12-2 1503306]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 07:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-07-09 20:07 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
2004-10-19 00:42 79448 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2008-04-17 22:14 98616 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-14 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-05-06 20:34 323392 ----a-w- c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-09-26 18:23 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
2005-08-17 19:41 749568 ----a-w- c:\program files\Microsoft Works\WksSb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2000-07-13 20:00 28739 ----a-w- c:\program files\Microsoft Works\WkDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 19:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2009-06-10 15:29 1657376 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 06:42 212992 -c--a-w- c:\windows\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2005-02-26 01:24 966656 ----a-w- c:\windows\creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 10:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-04-17 07:34 16143872 ----a-w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-08-30 01:11 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-30 23:45 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
2008-08-26 16:48 2019624 ----a-w- c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
2000-07-13 20:00 24576 ----a-w- c:\program files\Microsoft Works\wkfud.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"h:\\Files\\Steam\\Steam.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\half-life\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\dedicated server\\hlds.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\counter-strike\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\team fortress classic\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\borderlands\\Binaries\\Borderlands.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\day of defeat\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud\\FamilyFeud.exe"=
"h:\\Files\\Steam\\steamapps\\common\\cabela's trophy bucks\\Bin\\Ctb.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud 2\\FamilyFeud.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\opposing force\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud 3\\FamilyFeud3.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\ricochet\\hl.exe"=
"h:\\Files\\Steam\\steamapps\\common\\family feud 4\\FamilyFeud4.exe"=
"h:\\Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"h:\\Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"h:\\Files\\Steam\\steamapps\\common\\world in conflict\\wic.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\defensegridtheawakening\\DefenseGrid.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"h:\\Files\\Steam\\steamapps\\common\\tropico 3\\tropico3.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\dawn of discovery\\tools\\AddonWeb.exe"=
"h:\\Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\zombie panic! source\\hl2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\oblivion\\OblivionLauncher.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"=
"h:\\Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"h:\\Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\counter-strike source\\hl2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\crysis\\Bin32\\Crysis.exe"=
"h:\\Files\\Games\\Settlers7\\Data\\Base\\_Dbg\\Bin\\Release\\Settlers7R.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"h:\\Files\\Steam\\steamapps\\common\\men of war\\mow.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\nations.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"h:\\Files\\Steam\\steamapps\\common\\arma 2\\ArmA2Server.exe"=
"h:\\Files\\Steam\\steamapps\\binkow195\\garrysmod\\hl2.exe"=
"h:\\Files\\Steam\\steamapps\\common\\arma 2\\arma2.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Downloads

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/14/2009 5:22 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/14/2009 5:22 PM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/12/2009 6:42 PM 135336]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [5/5/2010 8:06 PM 20968]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
R2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [6/5/2010 9:54 PM 10752]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [10/1/2008 7:45 PM 57440]
R3 Nbdrv;NetBalancer Service;c:\windows\system32\drivers\nbdrv.sys [6/5/2010 9:51 PM 28776]
S2 gupdate1c9a9d8168cc888;Google Update Service (gupdate1c9a9d8168cc888);c:\program files\Google\Update\GoogleUpdate.exe [3/20/2009 11:49 PM 133104]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [7/24/2003 3:10 PM 17149]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [7/1/2006 12:44 AM 69692]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [2/27/2008 2:54 PM 360547]
S3 Mnmderywwcd;Mnmderywwcd; [x]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/14/2009 5:22 PM 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [3/27/2009 5:23 PM 23064]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [9/30/2008 6:24 AM 453120]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/19/2009 6:35 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-07-01 c:\windows\Tasks\dbd85940.job
- c:\documents and settings\Owner\Application Data\dbd85940.exe [2010-06-24 14:12]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 03:49]

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 03:49]

2007-12-26 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-05-07 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\xxruvh3u.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Alcmtr - ALCMTR.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-01 09:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3622105252-4212685542-302905379-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ee,51,dc,78,11,1e,2d,6e,32,46,b3,96,8a,47,b1,23,24,da,51,8c,e6,d8,a6,
   43,44,8d,09,e2,25,b1,e1,2b,09,e2,91,16,b3,16,83,ed,aa,e1,7a,cd,35,e4,a2,fd,\
"??"=hex:d2,8a,3d,7f,d6,ee,ff,ab,38,51,7b,8c,dc,d7,d2,0c

[HKEY_USERS\S-1-5-21-3622105252-4212685542-302905379-1003\Software\SecuROM\License information*]
"datasecu"=hex:79,50,6f,67,d0,1b,76,a1,5c,00,75,9c,a3,1a,39,64,45,51,4b,4e,86,
   48,5a,7e,d4,ec,62,74,5f,97,b7,e1,34,15,2e,99,21,b2,24,7a,ae,dd,e0,f1,ed,08,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c

[HKEY_LOCAL_MACHINE\software\Microsoft\MS Optimization\JKWL]
@DACL=(02 0000)
"LU"="http://www.google.com/search?hl=en&q=&rlz=1R2GWYE_en&aq=f&oq="
"CT"=dword:00000001
"LT"=hex:59,35,4e,0e,31,d6,c9,01
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1568)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2384)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2010-07-01  09:59:13 - machine was rebooted
ComboFix-quarantined-files.txt  2010-07-01 13:59
ComboFix2.txt  2010-06-30 19:42

Pre-Run: 24,252,903,424 bytes free
Post-Run: 24,214,573,056 bytes free

Current=2 Default=2 Failed=3 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 695228987AE4B43CF792DC4EC5409686

Also please note, ever since I started removing some of the files I get this error on boot up now

Whenever I'd hit no I'd get the server not found thing but if I hit yes it works fine now

binkow · « **Reply #14 on:** July 01, 2010, 04:29:21 PM »

Never mind, the server not found thing continues

SuperDave · « **Reply #15 on:** July 01, 2010, 05:45:06 PM »

Here's some information about script errors in IE

* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.

binkow · « **Reply #16 on:** July 02, 2010, 08:41:58 AM »

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:      2010/07/02 10:19
Program Version:      Version 1.3.5.0
Windows Version:      Windows XP SP3
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\ComboFix\catchme.sys
Address: 0xB48AD000   Size: 31744   File Visible: No   Signed: -
Status: -

Name: Combo-Fix.sys
Image Path: Combo-Fix.sys
Address: 0xB81A8000   Size: 60416   File Visible: No   Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB487D000   Size: 98304   File Visible: No   Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xB85E8000   Size: 8192   File Visible: No   Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xB8672000   Size: 1664   File Visible: No   Signed: -
Status: -

Name: mbr.sys
Image Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys
Address: 0xB84A8000   Size: 20864   File Visible: No   Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Address: 0xB862E000   Size: 7872   File Visible: No   Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB00AA000   Size: 49152   File Visible: No   Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xB85BA000   Size: 5248   File Visible: No   Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\RECYCLER\S-1-5-21-3622105252-4212685542-302905379-1007\Dc83\BINKOW~1.LOG
Status: Locked to the Windows API!

Path: c:\documents and settings\owner\application data\mozilla\firefox\profiles\xxruvh3u.default\sessionstore.js
Status: Size mismatch (API: 62906, Raw: 62144)

Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\KNGWJ36R.3YL\8ZJ31MO6.333\manifests\Skin Installer.exe.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 041   Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xb87d0276

#: 053   Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xb87d026c

#: 063   Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xb87d027b

#: 065   Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xb87d0285

#: 098   Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xb87d028a

#: 122   Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xb87d0258

#: 128   Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xb87d025d

#: 193   Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xb87d0294

#: 204   Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xb87d028f

#: 247   Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xb87d0280

Stealth Objects
-------------------
Object: Hidden Module [Name: ernel32.dll]
Process: avgnt.exe (PID: 748)   Address: 0x003d0000   Size: 73728

==EOF==

SuperDave · « **Reply #17 on:** July 02, 2010, 05:12:05 PM »

Download this << file >> & extract TDSSKiller.exe onto your Desktop

Then create this batch file to be placed next to TDSSKiller

=====

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code: [Select]

@ECHO OFF
START /WAIT TDSSKILLER.exe -l Logit.txt -v
START Logit.txt
del %0

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:

Double click on fix.bat & allow it to run

Post back to tell me what it says

binkow · « **Reply #18 on:** July 02, 2010, 07:02:40 PM »

21:04:01:874 2256   TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
21:04:01:874 2256   ================================================================================
21:04:01:874 2256   SystemInfo:

21:04:01:874 2256   OS Version: 5.1.2600 ServicePack: 3.0
21:04:01:874 2256   Product type: Workstation
21:04:01:874 2256   ComputerName: YOUR-76500D519C
21:04:01:874 2256   UserName: Owner
21:04:01:874 2256   Windows directory: C:\WINDOWS
21:04:01:874 2256   System windows directory: C:\WINDOWS
21:04:01:874 2256   Processor architecture: Intel x86
21:04:01:874 2256   Number of processors: 1
21:04:01:874 2256   Page size: 0x1000
21:04:01:874 2256   Boot type: Normal boot
21:04:01:874 2256   ================================================================================
21:04:02:202 2256   Initialize success
21:04:02:202 2256
21:04:02:202 2256   Scanning   Services ...
21:04:02:561 2256   Raw services enum returned 380 services
21:04:02:577 2256
21:04:02:577 2256   Scanning   Drivers ...
21:04:03:296 2256   abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:04:03:327 2256   ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:04:03:358 2256   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:04:03:374 2256   adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:04:03:405 2256   aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:04:03:639 2256   AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
21:04:03:827 2256   AgereSoftModem (b7d2103eb2ecb765b2b7106bad089ab1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
21:04:03:983 2256   agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:04:04:030 2256   agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:04:04:061 2256   Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:04:04:108 2256   aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:04:04:186 2256   aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:04:04:202 2256   AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:04:04:233 2256   alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:04:04:249 2256   amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:04:04:296 2256   amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:04:04:342 2256   Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:04:04:436 2256   asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:04:04:483 2256   asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:04:04:530 2256   asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:04:04:577 2256   ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
21:04:04:671 2256   AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:04:04:717 2256   atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:04:04:858 2256   ati2mtag (1db0e5f78a67307f9c68d777873c1164) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
21:04:05:061 2256   Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:04:05:124 2256   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:04:05:202 2256   avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
21:04:05:327 2256   avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
21:04:05:374 2256   avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
21:04:05:436 2256   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:04:05:483 2256   cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:04:05:577 2256   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:04:05:624 2256   cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:04:05:655 2256   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:04:05:717 2256   Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:04:05:811 2256   Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
21:04:05:858 2256   Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
21:04:05:921 2256   Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:04:06:092 2256   CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:04:06:186 2256   CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:04:06:233 2256   Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:04:06:311 2256   Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:04:06:421 2256   cpuz133 (13a0d3f9d5f39adaca0a8d3bb327eb31) C:\WINDOWS\system32\drivers\cpuz133_x32.sys
21:04:06:483 2256   dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:04:06:546 2256   dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:04:06:608 2256   Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:04:06:702 2256   dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
21:04:06:858 2256   dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
21:04:06:936 2256   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:04:07:014 2256   DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:04:07:092 2256   DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
21:04:07:483 2256   dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:04:07:530 2256   drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:04:07:608 2256   el575nd5 (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys
21:04:07:655 2256   Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:04:07:717 2256   Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:04:07:764 2256   Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
21:04:07:811 2256   Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:04:07:874 2256   FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:04:07:967 2256   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:04:08:046 2256   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:04:08:077 2256   GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
21:04:08:171 2256   giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
21:04:08:249 2256   Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:04:08:296 2256   hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
21:04:08:405 2256   HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:04:08:467 2256   HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:04:08:514 2256   hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:04:08:592 2256   HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:04:08:702 2256   i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:04:08:780 2256   i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:04:08:827 2256   i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:04:08:889 2256   Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:04:08:999 2256   ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:04:09:264 2256   IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:04:09:452 2256   IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:04:09:483 2256   intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:04:09:546 2256   Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:04:09:608 2256   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:04:09:733 2256   IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:04:09:796 2256   IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:04:09:858 2256   IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:04:09:983 2256   IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:04:10:030 2256   isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:04:10:077 2256   JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
21:04:10:139 2256   Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:04:10:264 2256   klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
21:04:10:296 2256   kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:04:10:374 2256   KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:04:10:421 2256   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:04:10:530 2256   Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
21:04:10:639 2256   Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:04:10:686 2256   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:04:10:733 2256   MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:04:10:764 2256   mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:04:10:796 2256   MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:04:10:921 2256   MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:04:10:967 2256   Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:04:11:014 2256   MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:04:11:139 2256   MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:04:11:186 2256   MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:04:11:249 2256   mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:04:11:311 2256   Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
21:04:11:374 2256   Nbdrv (ce450acf87ea92fd3c09873149b4badb) C:\WINDOWS\system32\DRIVERS\nbdrv.sys
21:04:11:452 2256   NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:04:11:483 2256   NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:04:11:592 2256   Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:04:11:655 2256   NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:04:11:717 2256   NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
21:04:11:796 2256   NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:04:11:842 2256   NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:04:11:967 2256   NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:04:12:061 2256   Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:04:12:139 2256   Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:04:12:217 2256   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:04:12:483 2256   nv (f85e109844787668ce8aab54ef14362a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:04:12:764 2256   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:04:12:811 2256   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:04:12:874 2256   ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:04:13:030 2256   Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
21:04:13:155 2256   PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:04:13:202 2256   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
21:04:13:311 2256   PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
21:04:13:358 2256   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:04:13:389 2256   Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:04:13:499 2256   perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:04:13:546 2256   perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:04:13:592 2256   PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:04:13:671 2256   PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:04:13:749 2256   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:04:13:796 2256   PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:04:13:827 2256   ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:04:13:874 2256   Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:04:13:936 2256   ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:04:14:046 2256   ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:04:14:092 2256   ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:04:14:139 2256   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:04:14:202 2256   Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:04:14:249 2256   RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:04:14:342 2256   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:04:14:421 2256   Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:04:14:483 2256   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:04:14:577 2256   rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:04:14:655 2256   RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
21:04:14:717 2256   redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:04:14:811 2256   RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
21:04:14:889 2256   rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
21:04:14:983 2256   SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
21:04:15:014 2256   SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
21:04:15:077 2256   SASKUTIL (81c02ea5f88ca4125e579384dfd75e3a) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
21:04:15:233 2256   SCDEmu (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys
21:04:15:296 2256   SCREAMINGBDRIVER (d3fa9fb502ad62001101f495bbbac42e) C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
21:04:15:374 2256   sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:04:15:499 2256   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:04:15:546 2256   Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:04:15:608 2256   Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
21:04:15:702 2256   Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:04:15:780 2256   sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:04:15:827 2256   Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:04:15:874 2256   speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
21:04:16:014 2256   splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:04:16:139 2256   sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
21:04:16:389 2256   sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
21:04:16:467 2256   Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
21:04:16:499 2256   ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
21:04:16:577 2256   swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:04:16:671 2256   swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:04:16:749 2256   symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:04:16:796 2256   symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:04:16:827 2256   sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:04:16:889 2256   sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:04:16:936 2256   sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:04:17:014 2256   taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
21:04:17:155 2256   Tcpip (d24ea301e2b36c4e975fd216ca85d8e7) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:04:17:264 2256   TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:04:17:327 2256   TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:04:17:436 2256   TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:04:17:483 2256   TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
21:04:17:530 2256   Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:04:17:577 2256   ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:04:17:686 2256   Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:04:17:749 2256   USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
21:04:17:842 2256   usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
21:04:17:967 2256   usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:04:18:046 2256   usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:04:18:108 2256   usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:04:18:202 2256   usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:04:18:249 2256   usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:04:18:311 2256   usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:04:18:374 2256   USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:04:18:467 2256   usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:04:18:530 2256   VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:04:18:592 2256   viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:04:18:624 2256   ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:04:18:671 2256   VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
21:04:18:717 2256   Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:04:18:796 2256   wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
21:04:18:874 2256   wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:04:19:046 2256   WN111v2 (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
21:04:19:155 2256   WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
21:04:19:233 2256   WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
21:04:19:311 2256   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:04:19:358 2256   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:04:19:374 2256
21:04:19:374 2256   Completed
21:04:19:374 2256
21:04:19:374 2256   Results:
21:04:19:374 2256   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
21:04:19:374 2256   File objects infected / cured / cured on reboot:   0 / 0 / 0
21:04:19:374 2256
21:04:19:374 2256   KLMD(ARK) unloaded successfully

SuperDave · « **Reply #19 on:** July 02, 2010, 07:17:51 PM »

I'd like us to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

binkow · « **Reply #20 on:** July 02, 2010, 08:17:21 PM »

It won't let me download the virus database even with different proxies.

SuperDave · « **Reply #21 on:** July 03, 2010, 05:00:54 PM »

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO
In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
Save it where you can easily find it, such as your desktop.

binkow · « **Reply #22 on:** July 05, 2010, 02:26:28 PM »

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-04 00:32:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxxyqfow.sys

---- System - GMER 1.0.15 ----

SSDT B87D0276 ZwCreateKey
SSDT B87D026C ZwCreateThread
SSDT B87D027B ZwDeleteKey
SSDT B87D0285 ZwDeleteValueKey
SSDT B87D028A ZwLoadKey
SSDT B87D0258 ZwOpenProcess
SSDT B87D025D ZwOpenThread
SSDT B87D0294 ZwReplaceKey
SSDT B87D028F ZwRestoreKey
SSDT B87D0280 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7502380, 0x3DEB95, 0xE8000020]
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[748] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 003F000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9F 0x9D 0x99 0x6B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA7 0xA7 0x55 0x1F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x41 0xAA 0x8A 0xDE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x86 0x38 0x1B 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x28 0x9D 0x73 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x44 0xD5 0x01 0xD3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x40 0x43 0x5C 0x23 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9F 0x9D 0x99 0x6B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA7 0xA7 0x55 0x1F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5E 0x7A 0xC4 0xEB ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x86 0x38 0x1B 0xF5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x28 0x9D 0x73 0xBA ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x44 0xD5 0x01 0xD3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x40 0x43 0x5C 0x23 ...

SuperDave · « **Reply #23 on:** July 05, 2010, 05:29:29 PM »

I'm going to need to do a consult on this problem. Please wait until I get back to you.

binkow · « **Reply #24 on:** July 05, 2010, 07:35:01 PM »

Just to let you know, it's like it infected my router because all the computers the router is connected to are getting this redirecting popup virus. Something with results5.google.com and googlesyndication.com

SuperDave · « **Reply #25 on:** July 07, 2010, 12:29:51 PM »

Download Dr.Web CureIt to the desktop:
Dr WebCureIt

Double-click the launch.exe or cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, just let it cure whatever it finds...

o Now, go to Settings >> Change Settings
o Go to Actions tab >> under Objects section, change the settings to below
Infected objects - Cure
Incurable objects - Report
Suspicious objects - Report
o Don't change any other settings

Start the scan again. This time, choose Complete Scan
Click the green arrow button at the right, and the scan will start.
After the scan finished, click Select all
Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
When the scan has finished, in the menu, click File and choose Save report list
Save the report to your Desktop. The report will be called DrWeb.csv
Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

binkow · « **Reply #26 on:** July 07, 2010, 09:25:51 PM »

I don't think something's right... I've been scanning for more than 5 hours and it's not even near 25 15 percent! Here's the log for the part though... there's really no point in scanning my other drives which it would of done

Quote

aoltsmon.dll;c:\program files\common files\aol\topspeed\2.0;Probably DLOADER.Trojan;Deleted.;
4a8bae9d.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8bae9d.qua;Trojan.Packed.682;;
4a8bae9d.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4a8baf5b.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8baf5b.qua;Trojan.Fakealert.4533;;
4a8baf5b.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4a8bafae.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8bafae.qua;Trojan.Packed.682;;
4a8bafae.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4a8bafb0.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8bafb0.qua;Trojan.Fakealert.4533;;
4a8bafb0.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4a8bb254.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8bb254.qua;Trojan.NtRootKit.3206;;
4a8bb254.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4a8dd4dd.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8dd4dd.qua;Trojan.Packed.682;;
4a8dd4dd.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4a8dd4df.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8dd4df.qua;Trojan.Packed.682;;
4a8dd4df.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4a97e6a3.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a97e6a3.qua;Trojan.Juan.88;;
4a97e6a3.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4ab434b7.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ab434b7.qua;BackDoor.Tdss.333;;
4ab434b7.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4ab434bb.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ab434bb.qua;BackDoor.Tdss.333;;
4ab434bb.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4ab434bd.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ab434bd.qua;BackDoor.Tdss.333;;
4ab434bd.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4b0a2f6b.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b0a2f6b.qua;Trojan.Fakealert.4625;;
4b0a2f6b.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4b334324.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b334324.qua;Trojan.Fakealert.5481;;
4b334324.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4e1dfb3c.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4e1dfb3c.qua;Trojan.PWS.IpDiscover.14;;
4e1dfb3c.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4e35d6e3.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4e35d6e3.qua;BackDoor.Tdss.2459;;
4e35d6e3.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4e493f4e.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4e493f4e.qua;Trojan.Packed.20405;;
4e493f4e.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4e86f2b5.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4e86f2b5.qua;Trojan.PWS.IpDiscover.14;;
4e86f2b5.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4e926f38.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4e926f38.qua;Trojan.Fakealert.15215;;
4e926f38.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4eb6bc8d.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4eb6bc8d.qua;Trojan.PWS.IpDiscover.14;;
4eb6bc8d.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4ed83c08.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ed83c08.qua;Trojan.PWS.IpDiscover.14;;
4ed83c08.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4edb3846.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4edb3846.qua;Trojan.PWS.IpDiscover.14;;
4edb3846.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4edbf547.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4edbf547.qua;Trojan.PWS.IpDiscover.14;;
4edbf547.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4efcaf62.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4efcaf62.qua;Trojan.DownLoad1.58938;;
4efcaf62.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4f17c34c.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4f17c34c.qua;BackDoor.Tdss.2459;;
4f17c34c.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4f17c3f8.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4f17c3f8.qua;BackDoor.Tdss.2459;;
4f17c3f8.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
4f5f44fe.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4f5f44fe.qua;Probably Trojan.Packed.Based;;
4f5f44fe.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
56054a47.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\56054a47.qua;Trojan.Fakealert.15215;;
56054a47.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
564c1d39.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\564c1d39.qua;Trojan.PWS.IpDiscover.14;;
564c1d39.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
564cd158.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\564cd158.qua;Trojan.PWS.IpDiscover.14;;
564cd158.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
564f1968.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\564f1968.qua;Trojan.PWS.IpDiscover.14;;
564f1968.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
5780e687.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\5780e687.qua;BackDoor.Tdss.2459;;
5780e687.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
57c86181.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\57c86181.qua;Probably Trojan.Packed.Based;;
57c86181.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
7adbb65d-13f5e785\________vload.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-13f5e785;Exploit.Java.45;;
7adbb65d-13f5e785\vmain.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-13f5e785;Exploit.Java.45;;
7adbb65d-13f5e785;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29;Archive contains infected objects;Deleted.;
30feb821-34c155f5\________vload.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-34c155f5;Exploit.Java.45;;
30feb821-34c155f5\vmain.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-34c155f5;Exploit.Java.45;;
30feb821-34c155f5;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33;Archive contains infected objects;Deleted.;
e649f74-5934e666\________vload.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-5934e666;Exploit.Java.45;;
e649f74-5934e666\vmain.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-5934e666;Exploit.Java.45;;
e649f74-5934e666;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\52;Archive contains infected objects;Deleted.;

binkow · « **Reply #27 on:** July 07, 2010, 10:13:33 PM »

Can you help me restore my internet connection on my pc? It just says "Acquiring network address" and it won't say anything else... I had to reset my router to the default settings since it got infected and ads popped up and all that on other computers too. I had the server not found thing going for my pc and it still happens (firefox). All the other computers have internet except the pc.

SuperDave · « **Reply #28 on:** July 08, 2010, 12:56:59 PM »

As far as I know, routers cannot get infected but they can have their settings altered by malware on any computer connected to that router. You did the correct thing by resetting your settings. No we have to get the computers cleaned and the only way to do that is to run the scans. Afterward, we will deal with any remaining problems.

binkow · « **Reply #29 on:** July 08, 2010, 10:35:59 AM »

I don't think the computers are infected because they're fine now. I need to know how to establish internet connection to my pc though.

SuperDave · « **Reply #30 on:** July 08, 2010, 11:40:39 AM »

Have you tried Network setup Wizard in Control Panel?

binkow · « **Reply #31 on:** July 08, 2010, 01:04:01 PM »

Just did, doesn't work still

SuperDave · « **Reply #32 on:** July 08, 2010, 01:29:49 PM »

I'm afraid I can't help you much in that aspect. Perhaps it would be better to start a new thread in the MicroSoft Windows forum. I'm sure some there could help you. Please post back here to let me know if you were successful.

SuperDave · « **Reply #33 on:** July 09, 2010, 11:32:40 AM »

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode.
]You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.[/color]
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)[/color]

Leave the rest of the settings as they appear as default.
Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all .
If it says it cannot be neutralized then choose the delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
Note: This tool will self uninstall when you close it so please save the log before closing it.

binkow · « **Reply #34 on:** July 13, 2010, 06:43:59 PM »

It's 12% through the scan with 53 minutes and it's using 0 percent of cpu, what the *censored*?

SuperDave · « **Reply #35 on:** July 13, 2010, 07:01:42 PM »

Sorry. I'm checking with the boss to see what he says about this development.

binkow · « **Reply #36 on:** July 13, 2010, 07:30:21 PM »

It speed up later for some reason because it's finished now

Quote

Autoscan: completed 30 minutes ago (events: 7, objects: 1500, time: 01:06:59)
7/13/2010 7:51:37 PM   Task started
7/13/2010 7:55:40 PM   Detected: Trojan.Win32.BHO.adww   C:\Program Files\Image Converter and Editor\icae.dll
7/13/2010 8:05:24 PM   Deleted: Trojan.Win32.BHO.adww   C:\Program Files\Image Converter and Editor\icae.dll
7/13/2010 8:05:24 PM   Deleted: Trojan.Win32.BHO.adww   C:\Program Files\Image Converter and Editor\icae.dll
7/13/2010 8:58:36 PM   Task completed

SuperDave · « **Reply #37 on:** July 14, 2010, 04:30:54 PM »

Ok. Now try to run the ESET scan again.

binkow · « **Reply #38 on:** July 14, 2010, 06:02:08 PM »

I don't have internet on that computer

binkow · « **Reply #39 on:** July 19, 2010, 09:30:34 AM »

So...

SuperDave · « **Reply #40 on:** July 19, 2010, 01:33:41 PM »

Is your PC hard-wired to the router or wireless? You can try this. If it still doesn't work you should start a thread in the software forum.

Download the Fix IE Utility to your desktop.

Before running the utility, make sure that all your Internet Explorer windows are closed!

* Extract the contents of the .zip file to your desktop.
* Double click the Fix IE Utility button to run the tool.
* Click Run Utility
* Click OK when you see 'Re-registered all files'
* Open Internet Explorer and see how it works.

binkow · « **Reply #41 on:** July 22, 2010, 02:27:29 PM »

It's not a browser it says "Trying to acquire ip address" or something like that I've done everything I can and all the things the people in the "windows" section could.

binkow · « **Reply #42 on:** July 22, 2010, 02:43:07 PM »

I release and renewed the address on my router and I got the internet to work.
(I'm on the (hopefully not anymore) infected pc)

SuperDave · « **Reply #43 on:** July 22, 2010, 04:35:16 PM »

Quote

I release and renewed the address on my router and I got the internet to work.
(I'm on the (hopefully not anymore) infected pc)

Well, I'm really glad for you. Please try running ESET now.

Computer Hope Forum

News:

Author Topic: Need of Fake Antivirus Removal (Read 19718 times)

binkow

binkow

SuperDave

binkow

binkow

SuperDave

binkow

binkow

SuperDave

binkow

binkow

binkow

SuperDave

binkow

binkow

SuperDave

binkow

SuperDave

binkow

SuperDave

binkow

SuperDave

binkow

SuperDave

binkow

SuperDave

binkow

binkow

SuperDave

binkow

SuperDave

binkow

SuperDave

SuperDave

binkow

SuperDave

binkow

SuperDave

binkow

binkow

SuperDave

binkow

binkow

SuperDave