One Tough Virus Infection will not allow any application to launch

[Atech]

Hello,  This is a tough one.  Early stage of this infection would not allow any exe to launch, nor could I change a

name and extension (to com) and get the application to launch.  I could not boot to safe mode, windows explorer

tools "folder options" missing, policies changed that restricted windows installer from installing any new

applications.  Then the popups, first the system32/cmd.exe, whata cluster *&%$ that was, command windows opening up

5 at-a-time.  Then once you got past that, and launched IE,  it redirects links to different sites,  If I managed

to launch a search and used any of these tags; antivirus, antispyware, HJT, the system would reboot. If I open

Control Panel I am unable to open "Add or Remove Programs" I receive this message error "system32/rundll32.exe" application not found.

[attachment deleted by admin]

[evilfantasy]

This looks like a Virut infection but we will have a closer look.

Disable Spybot's TeaTimer

While TeaTimer is an excellent tool for the prevention of spyware, it can also interfere with the fixes we need to make. Please disable TeaTimer for now until you are clean.

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D Resident
2. Run Spybot S&D
3. Go to the Mode menu, and make sure Advanced Mode is selected.
4. On the left hand side, choose Tools > Resident
uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

If TeaTimer will not turn off then uninstall Spybot until we are done cleaning.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
 
Double click combofix.exe & follow the prompts.
Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

[Atech]

OK got it.  Also FYI, I'm unable to use the infected computer on-line, so everything has to be done via USB drive bewteen the infected computer and non-infected computer.... Very touch, the infected computer has twice tried to pass a hidden file on the usb drive, I have it in virus vault. 



[attachment deleted by admin]

[evilfantasy]

Use this on your flash drive to protect it during and after this process.

Flash Drive Cleanup

Insert your flash drive before we begin. Hold down the Shift key when inserting the flash drive until Windows detects it to bypass the autorun feature. This will keep the autorun.inf from executing automatically.

Please have all your removable storage devices ready for disinfection.

Download Flash Disinfector by sUBs and save it to your Desktop.
 
* Double-click Flash_Disinfector.exe to run it.
* Your desktop and icons may disappear. This is normal.
* It will do a cleanup of removable storage devices, and write a protected Autorun.inf file to help prevent re-infection.
* Follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* There will be no GUI interface or log file produced.
* Reboot your computer when done.[/list]

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.

----------

Go to Add or Remove Programs and uninstall:

• ParetoLogic\DriverCure

.
----------

Copy this into Notepad and then transfer over the Notepad file to the infected computer.

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Driver::
fc98e6536a9f048e41a65f73efc2525e
cvjser5usjfyigsfhjhswybn4wgss80
26d261c5
c1fd68c2
f609df78
Viewpoint Manager Service

Folder::
c:\program files\Viewpoint
c:\documents and settings\All Users\Application Data\ParetoLogic
c:\program files\Common Files\ParetoLogic

File::
c:\winnt\system32\drivers\f609df78.sys
c:\winnt\Tasks\ParetoLogic Registration.job
c:\winnt\Tasks\ParetoLogic Update Version2.job

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18B0E5C2-99CB-11CF-AYX5-00401C648513}]

[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Application Data^Microsoft^Shortcuts^icwsetup.exe]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{746ae4e8-aedd-4a3b-9ea8-c9373c1dac12}\progid]

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B2C7B2A1-00F3-42BD-F434-00AABA2C8952}\InProcServer32]

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\Contains]

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\DownloadInformation]

[HKEY_LOCAL_MACHINE\software\Microsoft\Code Store Database\Distribution Units\{205FF73B-CA67-11D5-99DD-444553540000}\InstalledVersion]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

If the Internet connection is still not back try resetting it with this tool.

Download and run WinSockFix.
This is a two step process that will Back up the Registry and Reset the Winsock Stack.

• Double click on WinsockXPFix.exe to open.
  
• On the Winsock and TCP Repair Utility  screen, click "ReG-Backup"
  
• On the ERDNT Welcome screen, click "OK".
  
• On the Backup to: screen, click "OK".
  
• On the Folder does not exist question screen click "Yes".
  
• You will see a status screen as your registry is being backed up.
• On the Registry backup is complete! screen, click "OK" and you will go back to the main window.
  
• On the Winsock and TCP Repair Utility screen, click "Fix".
  
• On the Apply the VB_Winsock fix? screen click "Yes".
  
• The screen will display a status message "repair completed please reboot."
  
• On the Repair Completed screen click "OK" to reboot your computer.
  
• If your computer was not using DHCP, you will need to reconfigure TCP/IP.
• Hopefully you should have connectivity restored.

.
Note: Resetting  the Winsock in SP2 might remove third-party LSPs and restores Winsock to factory default setting. Existing programs that uses their own LSPs may need to be reinstalled. Example: Google Desktop Search.

[Atech]

This is ComboFix log 2

ComboFix 09-07-08.04 - Administrator 07/09/2009 21:40.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.383.241 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: f:\scanlogs\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\winnt\system32\drivers\f609df78.sys"
"c:\winnt\Tasks\ParetoLogic Registration.job"
"c:\winnt\Tasks\ParetoLogic Update Version2.job"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\ParetoLogic
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\DriverCure\Master.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\DriverCure\Patch.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\DriverCure\Temp\Update.exe
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\DriverCure\Update.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Master.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Patch.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Update.xml
c:\program files\Common Files\ParetoLogic
c:\program files\Common Files\ParetoLogic\UUS2\Images\Logo.png
c:\program files\Common Files\ParetoLogic\UUS2\LiteUnzip.dll
c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
c:\program files\Common Files\ParetoLogic\UUS2\ParetoLogicUpdate.chm
c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Viewpoint\Common\VistaBoot.sdll
c:\program files\Viewpoint\Viewpoint Manager\CPtask.xml
c:\program files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewCP.cpl
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\s.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_av.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_cp.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_header_up.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_inner_bottom.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab_bg.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab1_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_off.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vm_tab2_on.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\images\vwpt_logo.gif
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\options.ini
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\viewpoint.ico
c:\program files\Viewpoint\Viewpoint Manager\ViewCPData\vmctrl.html
c:\program files\Viewpoint\Viewpoint Manager\ViewCPexe.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_.dll
c:\program files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
c:\program files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305001C.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\DataTracking.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\MTS3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMgr.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
c:\program files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\Cursors.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\MTS3Reader.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\SWFView.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\VMPVideo2.dll
c:\program files\Viewpoint\Viewpoint Media Player\NewComponents\WaveletReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01\-1159435808.mtx
c:\program files\Viewpoint\Viewpoint Media Player\Resources\UpdateVersionList_v2.mtx
c:\program files\Viewpoint\Viewpoint Toolbar\3.9.0\eula.txt
c:\program files\Viewpoint\Viewpoint Toolbar\3.9.0\Uninstaller.exe
c:\program files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
c:\program files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarSystemInfo.dll
c:\program files\Viewpoint\Viewpoint Toolbar\delB5.tmp\delB6.tmp
c:\program files\Viewpoint\Viewpoint Toolbar\delB5.tmp\delB7.tmp
c:\winnt\system32\drivers\f609df78.sys
c:\winnt\Tasks\ParetoLogic Registration.job
c:\winnt\Tasks\ParetoLogic Update Version2.job

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_fc98e6536a9f048e41a65f73efc2525e
-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_26d261c5
-------\Service_c1fd68c2
-------\Service_f609df78
-------\Service_fc98e6536a9f048e41a65f73efc2525e
-------\Service_Viewpoint Manager Service


(((((((((((((((((((((((((   Files Created from 2009-06-10 to 2009-07-10  )))))))))))))))))))))))))))))))
.

2009-07-09 19:35 . 2009-07-09 19:35   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Sprint
2009-07-09 19:15 . 2009-07-09 19:15   --------   d-----w-   c:\documents and settings\Bill\Application Data\Sprint
2009-07-09 19:04 . 2008-10-15 18:58   27072   ----a-w-   c:\winnt\system32\drivers\PCASp50.sys
2009-07-09 19:03 . 2005-03-15 18:11   17920   ----a-w-   c:\winnt\system32\apintfnt.dll
2009-07-09 19:03 . 2008-04-13 17:45   17152   ----a-w-   c:\winnt\system32\drivers\usbohci.sys
2009-07-09 19:03 . 2008-04-13 17:45   17152   ----a-w-   c:\winnt\system32\dllcache\usbohci.sys
2009-07-09 19:01 . 2007-01-18 17:24   26496   ----a-r-   c:\winnt\system32\drivers\RimSerial.sys
2009-07-09 18:55 . 2009-07-09 18:55   --------   d-----w-   c:\program files\Common Files\Research in Motion
2009-07-09 18:55 . 2009-07-09 19:03   --------   d-----w-   c:\program files\Sierra Wireless
2009-07-09 18:54 . 2009-07-09 19:02   --------   d-----w-   c:\program files\Common Files\Motorola Shared
2009-07-09 18:54 . 2009-07-09 18:54   --------   d-----w-   c:\program files\Novatel Wireless
2009-07-09 18:54 . 2009-07-09 18:54   --------   d-----w-   c:\program files\Sprint
2009-07-09 18:54 . 2009-07-09 18:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\Sprint
2009-07-09 18:45 . 2009-07-09 18:45   --------   d-----w-   c:\documents and settings\Bill\Application Data\Sierra Wireless
2009-07-09 17:43 . 2009-07-09 17:48   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-07-09 17:35 . 2009-07-09 17:35   --------   d-----w-   c:\program files\Sierra Wireless Inc
2009-07-09 17:35 . 2009-07-09 17:35   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Sierra Wireless
2009-07-08 19:56 . 2009-07-08 19:56   --------   d-----w-   c:\documents and settings\Administrator\Application Data\DriverCure
2009-07-08 19:55 . 2009-07-10 01:06   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-08 19:53 . 2009-07-08 19:53   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-07-08 18:45 . 2009-07-09 19:23   117760   ----a-w-   c:\documents and settings\Bill\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-08 18:42 . 2009-07-08 18:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-08 18:41 . 2009-07-08 22:30   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-07-08 18:41 . 2009-07-08 18:41   --------   d-----w-   c:\documents and settings\Bill\Application Data\SUPERAntiSpyware.com
2009-07-08 07:38 . 2009-07-08 07:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Safer Networking
2009-07-08 07:37 . 2009-07-08 07:37   --------   d-----w-   c:\program files\Safer Networking
2009-07-08 07:37 . 2009-07-08 07:37   --------   d-----w-   C:\!KillBox
2009-07-08 07:34 . 2009-07-08 07:34   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-07-07 23:04 . 2009-07-07 23:04   94104   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 21:39 . 2009-07-07 21:39   --------   d-----w-   c:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-07 21:39 . 2009-07-07 21:39   --------   d-----w-   c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-07 21:39 . 2009-07-07 21:39   --------   d-----w-   c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-07 21:39 . 2009-07-07 21:39   --------   d-----w-   c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-07 21:33 . 2009-07-07 22:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-07 21:33 . 2009-07-07 21:48   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-06-20 04:07 . 2009-06-20 04:07   --------   d-s---w-   c:\winnt\system32\%USERPROFILE%
2009-06-17 05:12 . 2009-06-17 05:12   --------   d-----w-   c:\winnt\system32\Mozilla Shared

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 23:59 . 2009-06-08 23:32   95436   ----a-w-   c:\winnt\system32\drivers\26d261c5.sys
2009-07-08 19:57 . 2009-01-30 19:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\DriverCure
2009-07-08 19:31 . 2009-07-08 19:31   312847   ------w-   c:\winnt\system32\647abd38a58580908918e8a3395fb887.TMP
2009-07-08 19:02 . 2009-07-08 19:02   312847   ------w-   c:\winnt\system32\f1864ab73dbdccf734bbec48fddfe5cf.TMP
2009-07-07 21:24 . 2009-07-07 21:24   312847   ------w-   c:\winnt\system32\8aab370f9a360b00da9c3c7d5e63494e.TMP
2009-07-07 21:05 . 2008-12-27 02:46   --------   d-----w-   c:\program files\CleanUp!
2009-06-24 01:52 . 2004-08-30 21:40   --------   d-----w-   c:\documents and settings\Pat\Application Data\WeatherBug
2009-06-18 02:17 . 2007-11-03 23:20   --------   d-----w-   c:\program files\Windows Live Toolbar
2009-06-09 13:54 . 2009-06-08 20:13   0   ----a-w-   c:\winnt\system32\drivers\c1fd68c2.sys
.

(((((((((((((((((((((((((((((   SnapShot@2009-07-10_00.02.19   )))))))))))))))))))))))))))))))))))))))))
.
- 1980-01-01 06:00 . 2009-07-09 19:02   58012              c:\winnt\system32\perfc009.dat
+ 1980-01-01 06:00 . 2009-07-10 05:11   58012              c:\winnt\system32\perfc009.dat
+ 1980-01-01 06:00 . 2009-07-10 05:11   391894              c:\winnt\system32\perfh009.dat
- 1980-01-01 06:00 . 2009-07-09 19:02   391894              c:\winnt\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-10-15 17664]

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"SQLAgent$ALAMODE"=3 (0x3)
"sopidkc"=2 (0x2)
"ose"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$ALAMODE"=2 (0x2)
"dhcpsrv"=2 (0x2)
"dfgdjhse5rjfmkfsderhkldtd576ogd80"=2 (0x2)
"cvjser5usjfyigsfhjhswybn4wgss80"=2 (0x2)
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=

S1 sasdifsv;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
S1 saskutil;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
S3 ati2mpaa;ati2mpaa;c:\winnt\system32\drivers\ati2mpaa.sys [10/3/2001 8:23 AM 281856]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\atf\Qctest\PCDoc\PCDRDRV.sys --> c:\atf\Qctest\PCDoc\PCDRDRV.sys [?]
S3 sasenum;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S4 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [5/4/2005 1:04 AM 9158656]
S4 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [5/3/2005 10:42 PM 323584]
.
Contents of the 'Scheduled Tasks' folder

2009-07-09 c:\winnt\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 22:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-07-10 22:17 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-10 05:17
ComboFix2.txt  2009-07-10 00:12

Pre-Run: 7,628,197,888 bytes free
Post-Run: 7,593,283,584 bytes free

237   --- E O F ---   2009-05-17 15:02

[Atech]

By the way Thanks for that Tip and utility for the USB flash drive...

Ok here is the first scan log in normal mode, also I am post for the computer this was not allowing any of this type of behavior(logon to a computer virus/spyware forum).\

Here is the combofix scan log for Normal mode

ComboFix 09-07-08.04 - Bill 07/09/2009 23:04.3 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.383.111 [GMT -7:00]
Running from: c:\documents and settings\Bill\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2009-06-10 to 2009-07-10  )))))))))))))))))))))))))))))))
.

2009-07-09 19:35 . 2009-07-09 19:35   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Sprint
2009-07-09 19:15 . 2009-07-09 19:15   --------   d-----w-   c:\documents and settings\Bill\Application Data\Sprint
2009-07-09 19:04 . 2008-10-15 18:58   27072   ----a-w-   c:\winnt\system32\drivers\PCASp50.sys
2009-07-09 19:03 . 2005-03-15 18:11   17920   ----a-w-   c:\winnt\system32\apintfnt.dll
2009-07-09 19:03 . 2008-04-13 17:45   17152   ----a-w-   c:\winnt\system32\drivers\usbohci.sys
2009-07-09 19:03 . 2008-04-13 17:45   17152   ----a-w-   c:\winnt\system32\dllcache\usbohci.sys
2009-07-09 19:01 . 2007-01-18 17:24   26496   ----a-r-   c:\winnt\system32\drivers\RimSerial.sys
2009-07-09 18:55 . 2009-07-09 18:55   --------   d-----w-   c:\program files\Common Files\Research in Motion
2009-07-09 18:55 . 2009-07-09 19:03   --------   d-----w-   c:\program files\Sierra Wireless
2009-07-09 18:54 . 2009-07-09 19:02   --------   d-----w-   c:\program files\Common Files\Motorola Shared
2009-07-09 18:54 . 2009-07-09 18:54   --------   d-----w-   c:\program files\Novatel Wireless
2009-07-09 18:54 . 2009-07-09 18:54   --------   d-----w-   c:\program files\Sprint
2009-07-09 18:54 . 2009-07-09 18:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\Sprint
2009-07-09 18:45 . 2009-07-09 18:45   --------   d-----w-   c:\documents and settings\Bill\Application Data\Sierra Wireless
2009-07-09 17:43 . 2009-07-09 17:48   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-07-09 17:35 . 2009-07-09 17:35   --------   d-----w-   c:\program files\Sierra Wireless Inc
2009-07-09 17:35 . 2009-07-09 17:35   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Sierra Wireless
2009-07-08 19:56 . 2009-07-08 19:56   --------   d-----w-   c:\documents and settings\Administrator\Application Data\DriverCure
2009-07-08 19:55 . 2009-07-10 01:06   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-08 19:53 . 2009-07-08 19:53   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-07-08 18:45 . 2009-07-09 19:23   117760   ----a-w-   c:\documents and settings\Bill\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-08 18:42 . 2009-07-08 18:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-08 18:41 . 2009-07-08 22:30   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-07-08 18:41 . 2009-07-08 18:41   --------   d-----w-   c:\documents and settings\Bill\Application Data\SUPERAntiSpyware.com
2009-07-08 07:38 . 2009-07-08 07:38   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Safer Networking
2009-07-08 07:37 . 2009-07-08 07:37   --------   d-----w-   c:\program files\Safer Networking
2009-07-08 07:37 . 2009-07-08 07:37   --------   d-----w-   C:\!KillBox
2009-07-08 07:34 . 2009-07-08 07:34   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-07-07 23:04 . 2009-07-07 23:04   94104   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 21:39 . 2009-07-07 21:39   --------   d-----w-   c:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-07 21:39 . 2009-07-07 21:39   --------   d-----w-   c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-07 21:39 . 2009-07-07 21:39   --------   d-----w-   c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-07 21:39 . 2009-07-07 21:39   --------   d-----w-   c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-07 21:33 . 2009-07-07 22:56   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-07 21:33 . 2009-07-07 21:48   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-06-20 04:07 . 2009-06-20 04:07   --------   d-s---w-   c:\winnt\system32\%USERPROFILE%
2009-06-17 05:12 . 2009-06-17 05:12   --------   d-----w-   c:\winnt\system32\Mozilla Shared

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 23:59 . 2009-06-08 23:32   95436   ----a-w-   c:\winnt\system32\drivers\26d261c5.sys
2009-07-08 19:57 . 2009-01-30 19:53   --------   d-----w-   c:\documents and settings\All Users\Application Data\DriverCure
2009-07-08 19:31 . 2009-07-08 19:31   312847   ------w-   c:\winnt\system32\647abd38a58580908918e8a3395fb887.TMP
2009-07-08 19:02 . 2009-07-08 19:02   312847   ------w-   c:\winnt\system32\f1864ab73dbdccf734bbec48fddfe5cf.TMP
2009-07-07 21:24 . 2009-07-07 21:24   312847   ------w-   c:\winnt\system32\8aab370f9a360b00da9c3c7d5e63494e.TMP
2009-07-07 21:05 . 2008-12-27 02:46   --------   d-----w-   c:\program files\CleanUp!
2009-06-24 01:52 . 2004-08-30 21:40   --------   d-----w-   c:\documents and settings\Pat\Application Data\WeatherBug
2009-06-18 02:17 . 2007-11-03 23:20   --------   d-----w-   c:\program files\Windows Live Toolbar
2009-06-09 13:54 . 2009-06-08 20:13   0   ----a-w-   c:\winnt\system32\drivers\c1fd68c2.sys
.

(((((((((((((((((((((((((((((   SnapShot@2009-07-10_00.02.19   )))))))))))))))))))))))))))))))))))))))))
.
- 1980-01-01 06:00 . 2009-07-09 19:02   58012              c:\winnt\system32\perfc009.dat
+ 1980-01-01 06:00 . 2009-07-10 05:55   58012              c:\winnt\system32\perfc009.dat
+ 1980-01-01 06:00 . 2009-07-10 05:55   391894              c:\winnt\system32\perfh009.dat
- 1980-01-01 06:00 . 2009-07-09 19:02   391894              c:\winnt\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2008-10-15 17664]

[HKLM\~\startupfolder\C:^DOCUME~1^ALLUSE~1^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\docume~1\ALLUSE~1\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\winnt\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSIServer"=3 (0x3)
"wuauserv"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"usnjsvc"=3 (0x3)
"SQLAgent$ALAMODE"=3 (0x3)
"sopidkc"=2 (0x2)
"ose"=3 (0x3)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$ALAMODE"=2 (0x2)
"dhcpsrv"=2 (0x2)
"dfgdjhse5rjfmkfsderhkldtd576ogd80"=2 (0x2)
"cvjser5usjfyigsfhjhswybn4wgss80"=2 (0x2)
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Sprint\\Sprint SmartView\\SwiApiMux.exe"=

R3 ati2mpaa;ati2mpaa;c:\winnt\system32\DRIVERS\ati2mpaa.sys [2001-08-17 281856]
R3 PCDRDRV;Pcdr Helper Driver;c:\atf\Qctest\PCDoc\PCDRDRV.sys

R3 sasenum;sasenum;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
R4 MSSQL$ALAMODE;MSSQL$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlservr.exe [2008-12-18 9158656]
R4 SQLAgent$ALAMODE;SQLAgent$ALAMODE;c:\program files\Microsoft SQL Server\MSSQL$ALAMODE\Binn\sqlagent.EXE [2005-05-04 323584]
S1 sasdifsv;sasdifsv;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
S1 saskutil;saskutil;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]

.
Contents of the 'Scheduled Tasks' folder

2009-07-09 c:\winnt\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
IE: &Define - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Look Up in &Encyclopedia - c:\program files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
Trusted Zone: aol.com\free
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 23:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3563514748-1417066420-3376078148-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\iexplore]
@DACL=(02 0000)
"Type"=dword:00000003
"Count"=dword:000005c9
"Time"=hex:d8,07,0c,00,06,00,1b,00,00,00,28,00,05,00,1f,02

[HKEY_USERS\S-1-5-21-3563514748-1417066420-3376078148-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\iexplore]
@DACL=(02 0000)
"Type"=dword:00000002
"Count"=dword:00000809
"Time"=hex:d8,07,0c,00,06,00,1b,00,02,00,2e,00,09,00,e5,00

[HKEY_USERS\S-1-5-21-3563514748-1417066420-3376078148-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952}\iexplore]
@DACL=(02 0000)
"Type"=dword:00000003
"Flags"=dword:00000000
"Count"=dword:000000c7
"Time"=hex:d9,07,07,00,03,00,08,00,13,00,07,00,02,00,f4,00

[HKEY_USERS\S-1-5-21-3563514748-1417066420-3376078148-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD}\iexplore]
@DACL=(02 0000)
"Type"=dword:00000001
"Count"=dword:00000002
"Time"=hex:d5,07,0a,00,04,00,14,00,03,00,29,00,11,00,0b,03
"Blocked"=dword:00000002
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1604)
c:\winnt\system32\WPDShServiceObj.dll
c:\winnt\system32\PortableDeviceTypes.dll
c:\winnt\system32\PortableDeviceApi.dll
.
Completion time: 2009-07-10 23:29
ComboFix-quarantined-files.txt  2009-07-10 06:29
ComboFix2.txt  2009-07-10 05:17
ComboFix3.txt  2009-07-10 00:12

Pre-Run: 7,173,222,400 bytes free
Post-Run: 7,164,768,256 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

179   --- E O F ---   2009-05-17 15:02

[evilfantasy]

Have you been able to get the computer back online yet?

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=-
"sopidkc"=-
"dfgdjhse5rjfmkfsderhkldtd576ogd80"=-
"cvjser5usjfyigsfhjhswybn4wgss80"=-

RegLock::
[HKEY_USERS\S-1-5-21-3563514748-1417066420-3376078148-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\iexplore]

[HKEY_USERS\S-1-5-21-3563514748-1417066420-3376078148-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\iexplore]

[HKEY_USERS\S-1-5-21-3563514748-1417066420-3376078148-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2c7b2a1-00f3-42bd-f434-00aaba2c8952}\iexplore]

[HKEY_USERS\S-1-5-21-3563514748-1417066420-3376078148-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD}\iexplore]


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[Atech]

Yes I was, Please see post #6

Ok here's how thing went through the night!

I was able to load AVG, It was able to scan the system.  if found 22 infections and they are in the Virus Fault.  The first log is from that scan.  the second log is from Combofix.  Also I disable the AVG resident shield before running Combofix.



[attachment deleted by admin]

[evilfantasy]

AVG only found two new infections. The others were already quarantined by HijackThis and ComboFix.

It looks like we got everything. How is the computer running now?

[evilfantasy]

Also have a look at this. I'm fairly sure we got everything but you might consider some of the information here. Since the virus took away your internet connection then I'm not sure how much information might or might not have been available to any attacker.

The computer was infected by a trojan, which has Backdoor Functionality. This can give intruders complete control of the computer, logging key strokes, stealing information, etc.

You are strongly advised to do the following immediately!

• Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
  
• Change [color=redall[/color] of your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.

• Because of its backdoor functionality, your PC was very likely compromised and there is no way to be sure it can ever again be trusted.
  
• Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall.

.
To help you make a more informed decision, please read the following articles:

• Danger: Remote Access Trojans.
  
• When should I re-format? How should I reinstall?
  
• How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud?

.
Should you have any questions, please feel free to ask

[Atech]

The computer is running fine... I'm the one that's skeptical Is it really fixed??!!! After all of this!! I'm sure it is...  I now have a new respect for computer forums... I'd like to become a removal specialist!!

thanks much ComputerHope

Thank You Evilfantasy.

Atech 2 B!!!

Oh NO!!! As I was typing you added another post! I had the disk "D Ban" on the table ready to wipe, but decided to give it a try

[evilfantasy]

We should do another scan just to be sure. Better safe then sorry...

A little cleanup first.

* Click START then RUN
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

BitDefender Online Scanner is available only works with Internet Explorer! Click here for the latest version of Internet Explorer

* Scan with the BitDefender Online Scanner
* Click Start Scanner to begin.
* Place a check mark next to I agree with the Terms and Conditions then click Start Here
* Agree to the license and then Install the ActiveX control.
* Please DO NOT change any of the Scanning Options!
* Click Start Scan to begin updating the BitDefender Online Scanner. The scan will start once the definitions are up-to-date.

* This scan can take a while so please be patient and let it complete.

* Once BitDefender completes the scan:
* Click-on the Detected Problems tab.
* Then select Click here to export the scan report



This will save a file named bdscan.html I would suggest saving it to the desktop so you can easily find it. (take notice of where you save it so you can find it later)
 
You will have to upload the file online. The forums will not accept HTML.

Go to File Dropper

* Click Upload
* Locate the file and double click it.
* Copy the link below Share This Link: and post it back here.

[Atech]

Virus signatures were not able to load.  I did not do the scan because BitDefender could vouch for the accuracy of the scan

[evilfantasy]

Try this one.

Use the ESET Online Antivirus Scanner

This scanner requires Internet Explorer

1. Check the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the activex control to install
4. Click Start
5. Make sure that the option Remove found threats and the option Scan unwanted applications is check marked.
6. Click Scan
7. Wait for the scan to finish
8. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
9. Add the C:\Program Files\EsetOnlineScanner\log.txt log into your next reply.

[Atech]

No go!  My suspicions are on the rise.  I was a USB broadband connection to connect to internet, it just did something unusual. 

Also system is slowing down after attemp to do on-line scanning??!!

Time for another scan log?