Author Topic: I need help please. (Read 6670 times)

Ghaleon · « **on:** April 29, 2011, 08:11:29 PM »

Ok, here's the deal. This morning I woke up and I had errors on my screen about bad sectors on my HDD, that it cant be read and such. I closed out of them and then my PC restarted on its on. I magically had a program called Windows Repair or some crap like that. I know I never installed it, I know better. Anyway I cant see my documents, my desktop, files on my C: drive nothing at all. I click start and nothings listed. I did some searching around and saw a post with the same problem and he was getting help from SuperDave. I followed the steps he listed and did everything to the T. He was looking for the txt files in his next post, BUT tazzicus next post said all he had to do was show hidden files. Ok great, that shows everything in my documents, C: drive. What its not doing is my desktop (I cons and folders I had) when I click start, theres nothing there still. So here are the logs generated from the list I followed.

SUPERAntiSpyware

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/29/2011 at 09:17 PM

Application Version : 4.51.1000

Core Rules Database Version : 6959
Trace Rules Database Version: 4771

Scan type : Complete Scan
Total Scan Time : 00:52:32

Memory items scanned : 605
Memory threats detected : 0
Registry items scanned : 12926
Registry threats detected : 2
File items scanned : 140624
File threats detected : 81

Adware.Tracking Cookie
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@chitika[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@statcounter[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@mediabrandsww[2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][4].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@mediaplex[3].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@adinterax[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@legolas-media[2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@adxpose[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@clickbank[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@casalemedia[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@eyewonder[2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@fastclick[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@doubleclick[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@zedo[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@interclick[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@revsci[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@invitemedia[2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@hitbox[2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@collective-media[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@media6degrees[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@imrworldwide[2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@yieldmanager[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@questionmarket[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@advertising[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@specificclick[2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@apmebf[3].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@atdmt[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@adbrite[4].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@invitemedia[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   badassteens.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   classic.pornpros.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   crackle.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   media.mtvnservices.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   objects.tremormedia.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   players.biemedia.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   secure-us.imrworldwide.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   sftrack.searchforce.net [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   teenmodels.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   track.webgains.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   www.lettherebeporn.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   www.naiadsystems.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   www.pornhub.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   www.sexypattycake.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   www.teenmodels.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   www.watchgfporn.com [ C:\Users\Ghaleon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QKYLRNEF ]
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][3].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@adbrite[2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@adbrite[3].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@apmebf[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\[email protected][1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@media6degrees[2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@mediabrandsww[1].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@mediaplex[2].txt
   C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Cookies\ghaleon@ru4[1].txt

Disabled.TaskManager
   (x86) HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
   (x86) HKU\S-1-5-21-111940604-2834491754-2609676545-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR

Trojan.Agent/Gen-FakeAntiSpy
   C:\USERS\GHALEON\APPDATA\LOCAL\TEMP\ADOBE_FLASH_PLAYER.EXE
   C:\USERS\GHALEON\APPDATA\LOCAL\TEMP\LDR5B52.TMP
   C:\Windows\Prefetch\ADOBE_FLASH_PLAYER.EXE-BCBDAE8B.pf

Malwarebytes

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6476

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

4/29/2011 9:48:27 PM
mbam-log-2011-04-29 (21-48-27).txt

Scan type: Full scan (C:\|)
Objects scanned: 298440
Time elapsed: 21 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\Users\Ghaleon\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Ghaleon\Desktop\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Ghaleon\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\Users\Ghaleon\AppData\Roaming\microsoft\Windows\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

DDS

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Ghaleon at 21:52:18.64 on Fri 04/29/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2641 [GMT -4:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: AVG Anti-Virus 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\wmi64.exe
C:\Program Files (x86)\AVG\AVG10\avgam.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe
C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe
C:\Users\Ghaleon\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mWinlogon: Userinit=userinit.exe,
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
uRun: [EasyTether] "C:\Program Files (x86)\Mobile Stream\EasyTether\easytthr.exe"
uRun: [CreativeTaskScheduler] "C:\Program Files (x86)\Creative\Shared Files\CTSched.exe" /logon
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
StartupFolder: C:\Users\Ghaleon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\Ghaleon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun-x64: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll,C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ghaleon\AppData\Roaming\Mozilla\Firefox\Profiles\r1twoiy8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\kavlinkfilter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: *Blocked Russian URL* - C:\Program Files (x86)\Mozilla *Blocked Russian URL*
FF - Ext: Kaspersky URL Advisor: *Blocked Russian URL* - C:\Program Files (x86)\Mozilla *Blocked Russian URL*
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - C:\Program Files (x86)\AVG\AVG10\Firefox4
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2011-2-22 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2011-1-19 37456]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2011-1-7 304720]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-3-1 41552]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2011-2-10 376400]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-2-15 7421280]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe [2010-10-5 365336]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2011-3-30 118352]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2011-2-10 29264]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2011-2-26 21072]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 WRfiltv;WRfiltv;C:\Windows\System32\drivers\WRfiltv.sys [2011-2-26 25600]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-2-26 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-2-26 79360]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
.
=============== Created Last 30 ================
.
2011-04-30 01:25:04   --------   d-----w-   C:\Users\Ghaleon\AppData\Roaming\Malwarebytes
2011-04-30 01:24:56   38224   ----a-w-   C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-30 01:24:56   --------   d-----w-   C:\PROGRA~3\Malwarebytes
2011-04-30 01:24:52   24152   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2011-04-30 01:24:52   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-04-30 00:20:28   --------   d-----w-   C:\Users\Ghaleon\AppData\Roaming\SUPERAntiSpyware.com
2011-04-30 00:20:28   --------   d-----w-   C:\PROGRA~3\SUPERAntiSpyware.com
2011-04-30 00:20:23   --------   d-----w-   C:\PROGRA~3\!SASCORE
2011-04-30 00:20:22   --------   d-----w-   C:\Program Files\SUPERAntiSpyware
2011-04-29 13:54:44   109240   ----a-w-   C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\abhelperxpcom.dll
2011-04-29 13:54:42   150200   ----a-w-   C:\Program Files (x86)\Mozilla *Blocked Russian URL*\components\kavlinkfilter.dll
2011-04-29 12:02:17   --------   d-----w-   C:\Program Files (x86)\Kaspersky Lab
2011-04-29 12:02:17   --------   d-----w-   C:\PROGRA~3\Kaspersky Lab
2011-04-29 11:58:13   --------   d-----w-   C:\PROGRA~3\Kaspersky Lab Setup Files
2011-04-29 11:40:26   --------   d--h--w-   C:\$AVG
2011-04-29 11:34:18   --------   d--h--w-   C:\Users\Ghaleon\AppData\Roaming\AVG10
2011-04-29 11:33:27   --------   d--h--w-   C:\PROGRA~3\Common Files
2011-04-29 11:33:20   --------   d--h--w-   C:\Windows\SysWow64\drivers\AVG
2011-04-29 11:32:56   --------   d--h--w-   C:\PROGRA~3\AVG10
2011-04-29 11:32:56   --------   d-----w-   C:\Windows\System32\drivers\AVG
2011-04-29 11:21:13   --------   d--h--w-   C:\PROGRA~3\MFAData
2011-04-29 11:12:18   7947600   ---ha-w-   C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-04-29 11:12:16   8802128   ---ha-w-   C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3260B530-FCFD-4BF9-82FE-48317C7DC5F4}\mpengine.dll
2011-04-26 19:50:51   --------   d--h--w-   C:\Program Files (x86)\TuneUpMedia
2011-04-22 02:14:57   --------   d--h--w-   C:\Users\Ghaleon\AppData\Local\ElevatedDiagnostics
2011-04-20 14:21:45   --------   d--h--w-   C:\Users\Ghaleon\AppData\Roaming\LimeWire
2011-04-20 14:19:57   411368   ---ha-w-   C:\Windows\SysWow64\deploytk.dll
2011-04-20 14:19:57   411368   ---ha-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
2011-04-20 14:19:09   --------   d--h--w-   C:\Program Files (x86)\LimeWire
2011-04-20 00:29:18   3767504   ----a-w-   C:\Windows\System32\d3dx9_26.dll
2011-04-20 00:29:18   2297552   ---ha-w-   C:\Windows\SysWow64\d3dx9_26.dll
2011-04-20 00:29:06   --------   d--h--w-   C:\Temp
2011-04-20 00:27:39   --------   d--h--w-   C:\Users\Ghaleon\AppData\Roaming\Wizards of the Coast
2011-04-20 00:27:10   --------   d--h--w-   C:\Program Files (x86)\Wizards of the Coast
2011-04-19 21:30:28   --------   d--h--w-   C:\Program Files\iTunes
2011-04-19 21:30:28   --------   d--h--w-   C:\Program Files\iPod
2011-04-19 21:27:45   --------   d--h--w-   C:\Program Files\Bonjour
2011-04-19 21:27:45   --------   d--h--w-   C:\Program Files (x86)\Bonjour
2011-04-06 20:26:58   96544   ----a-w-   C:\Windows\System32\dnssd.dll
2011-04-06 20:26:58   69408   ----a-w-   C:\Windows\System32\jdns_sd.dll
2011-04-06 20:26:58   237856   ----a-w-   C:\Windows\System32\dnssdX.dll
2011-04-06 20:26:58   119584   ----a-w-   C:\Windows\System32\dns-sd.exe
2011-04-06 20:20:16   91424   ---ha-w-   C:\Windows\SysWow64\dnssd.dll
2011-04-06 20:20:16   75040   ---ha-w-   C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 20:20:16   197920   ---ha-w-   C:\Windows\SysWow64\dnssdX.dll
2011-04-06 20:20:16   107808   ---ha-w-   C:\Windows\SysWow64\dns-sd.exe
2011-04-05 04:15:14   --------   d--h--w-   C:\Program Files (x86)\CamStudio
2011-04-04 14:00:10   --------   d--h--w-   C:\Users\Ghaleon\AppData\Roaming\TuneUpMedia
2011-04-04 13:59:59   --------   d--h--w-   C:\PROGRA~3\TuneUpMedia
2011-03-31 02:40:15   --------   d--h--r-   C:\Program Files (x86)\Skype
.
==================== Find3M ====================
.
2011-03-30 21:17:00   118352   ----a-w-   C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-03-15 04:30:42   86016   ---ha-w-   C:\Windows\SysWow64\frapsvid.dll
2011-03-15 04:30:38   84992   ----a-w-   C:\Windows\System32\frapsv64.dll
2011-03-01 18:25:18   41552   ----a-w-   C:\Windows\System32\drivers\avgmfx64.sys
2011-02-26 05:51:32   466456   ----a-w-   C:\Windows\System32\wrap_oal.dll
2011-02-26 05:51:32   444952   ---ha-w-   C:\Windows\SysWow64\wrap_oal.dll
2011-02-26 05:51:32   122904   ----a-w-   C:\Windows\System32\OpenAL32.dll
2011-02-26 05:51:32   109080   ---ha-w-   C:\Windows\SysWow64\OpenAL32.dll
2011-02-22 12:12:46   26704   ----a-w-   C:\Windows\System32\drivers\AVGIDSEH.sys
2011-02-18 20:36:58   51712   ----a-w-   C:\Windows\System32\drivers\usbaapl64.sys
2011-02-18 20:36:58   4184352   ----a-w-   C:\Windows\System32\usbaaplrc.dll
2011-02-10 11:53:58   376400   ----a-w-   C:\Windows\System32\drivers\avgtdia.sys
2011-02-10 11:53:34   29264   ----a-w-   C:\Windows\System32\drivers\AVGIDSFilter.sys
2011-02-02 22:11:20   270720   ------w-   C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 21:53:05.86 ===============

So I hope to get a faster response since I did all the steps already lol. Thanks in advance. If you have any questions I will respond within 5min of you posting as well.

SuperDave · « **Reply #1 on:** April 30, 2011, 05:28:12 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************
The DDS log shows that you're running two AV programs at once which is a no-no. Kaspersky Internet Security or AVG Anti-Virus 2011 will have to go. I would prefer that you remove AVG because one of the scans I want to run won't work with AVG on the computer.
One of the DDS logs; Attach.txt is missing. It should be on your desktop. Please find it and post it. If you can't find it, run the scan again and post the both logs.

Ghaleon · « **Reply #2 on:** April 30, 2011, 08:28:59 PM »

Ok AVG is gone and here is the Attach file you asked for.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 2/25/2011 11:19:18 PM
System Uptime: 4/29/2011 9:50:01 PM (0 hours ago)
.
Motherboard: EVGA | | 132-YW-E180-FTW
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz | Socket 775 | 3000/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1510.897 GiB free.
D: is CDROM (UDF)
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP20: 4/19/2011 8:27:00 PM - Installed Magic Online
RP21: 4/27/2011 3:38:15 PM - Scheduled Checkpoint
RP23: 4/29/2011 7:09:35 AM - Windows Defender Checkpoint
RP24: 4/29/2011 7:11:33 AM - Windows Update
RP25: 4/29/2011 7:31:58 AM - Installed AVG 2011
RP26: 4/29/2011 7:32:14 AM - Installed AVG 2011
RP27: 4/29/2011 7:59:47 AM - Installed Kaspersky Internet Security 2011.
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Software Update
CamStudio
Creative System Information
Curse Client
erLT
Fraps (remove only)
Java Auto Updater
Java(TM) 6 Update 18
Kaspersky Internet Security 2011
LimeWire 5.5.8
Logitech SetPoint
Magic Online
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
Mozilla Firefox (3.6.16)
Nero 8
neroxml
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
QuickTime
Realtek High Definition Audio Driver
Skype™ 5.2
Sound Blaster World of Warcraft Wireless Headset
TuneUp Companion 2.0.9
uTorrentBar Toolbar
VCRedistSetup
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 0.9.2
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
4/29/2011 9:51:17 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: Access is denied.
4/29/2011 9:51:17 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: Access is denied.
4/29/2011 9:51:17 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80070005.
4/29/2011 9:51:05 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
4/29/2011 6:59:59 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2011 6:59:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/29/2011 6:59:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/29/2011 6:59:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/29/2011 6:59:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/29/2011 6:59:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/29/2011 6:59:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/29/2011 6:59:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
4/29/2011 6:59:32 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2011 6:59:32 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2011 6:59:32 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2011 6:59:32 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2011 6:59:32 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2011 6:59:32 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2011 6:59:32 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2011 6:59:32 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/29/2011 6:59:32 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2011 6:59:32 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/29/2011 6:59:32 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2011 2:32:51 PM, Error: BTHUSB [19] - Windows detected an error while storing the Bluetooth link key for adapter address (00:07:61:a8:4f:57) on the local adapter. The event contains the vendor-specific error code.
4/28/2011 2:32:31 PM, Error: BTHUSB [19] - Windows detected an error while storing the Bluetooth link key for adapter address (00:07:61:a9:e0:6e) on the local adapter. The event contains the vendor-specific error code.
4/28/2011 2:24:10 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer NICOLE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{28669A45-4C78-4AC3-B941-03E27690AABB}. The master browser is stopping or an election is being forced.
4/22/2011 11:26:03 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
.
==== End Of File ===========================

SuperDave · « **Reply #3 on:** May 01, 2011, 12:56:40 PM »

P2P - I see you have P2P software installed on your machine (µTorrent and LimeWire ). We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
***********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*************************************************
Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Ghaleon · « **Reply #4 on:** May 01, 2011, 11:25:40 PM »

After doing this, my desktop icons and short cuts are back. But thats all.

Security Check by screen317

Results of screen317's Security Check version 0.99.10
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Kaspersky Internet Security 2011
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
TuneUp Companion 2.0.9
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player    10.2.159.1
Mozilla Firefox (3.6.17) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Kaspersky Lab Kaspersky Internet Security 2011 avp.exe
Kaspersky Lab Kaspersky Internet Security 2011 x64 klwtblfs.exe
Kaspersky Lab Kaspersky Internet Security 2011 avp.exe
``````````End of Log````````````

ComboFix by sUBs

ComboFix 11-05-01.02 - Ghaleon 05/02/2011 1:14.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2939 [GMT -4:00]
Running from: c:\users\Ghaleon\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-02 to 2011-05-02 )))))))))))))))))))))))))))))))
.
.
2011-05-02 05:17 . 2011-05-02 05:17   --------   d-----w-   c:\users\Default\AppData\Local\temp
2011-05-01 16:10 . 2011-05-01 16:10   --------   d-----w-   c:\program files\Microsoft Synchronization Services
2011-05-01 16:10 . 2011-05-01 16:10   --------   d-----w-   c:\windows\PCHEALTH
2011-05-01 16:10 . 2011-05-01 16:10   --------   d-----w-   c:\program files\Microsoft SQL Server Compact Edition
2011-05-01 16:10 . 2011-05-01 16:10   --------   d-----w-   c:\program files (x86)\Microsoft.NET
2011-05-01 16:08 . 2011-05-01 16:08   --------   d-----w-   c:\program files\Microsoft Analysis Services
2011-05-01 16:08 . 2011-05-01 16:08   --------   d-----w-   c:\program files (x86)\Microsoft Analysis Services
2011-05-01 16:08 . 2011-05-01 16:08   --------   d-----w-   c:\users\Ghaleon\AppData\Local\Microsoft Help
2011-05-01 16:07 . 2011-05-01 16:13   --------   d-----w-   c:\programdata\Microsoft Help
2011-05-01 16:07 . 2011-05-01 16:07   --------   d-----r-   C:\MSOCache
2011-04-30 01:25 . 2011-04-30 01:25   --------   d-----w-   c:\users\Ghaleon\AppData\Roaming\Malwarebytes
2011-04-30 01:24 . 2011-04-30 01:24   --------   d-----w-   c:\programdata\Malwarebytes
2011-04-30 01:24 . 2010-12-20 22:09   38224   ----a-w-   c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-30 01:24 . 2011-04-30 01:24   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-30 01:24 . 2010-12-20 22:08   24152   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-04-30 00:20 . 2011-04-30 00:20   --------   d-----w-   c:\users\Ghaleon\AppData\Roaming\SUPERAntiSpyware.com
2011-04-30 00:20 . 2011-04-30 00:20   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2011-04-30 00:20 . 2011-04-30 00:20   --------   d-----w-   c:\programdata\!SASCORE
2011-04-30 00:20 . 2011-04-30 02:06   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-04-29 13:54 . 2010-10-06 01:26   109240   ----a-w-   c:\program files (x86)\Mozilla *Blocked Russian URL*\components\abhelperxpcom.dll
2011-04-29 13:54 . 2010-10-06 01:27   150200   ----a-w-   c:\program files (x86)\Mozilla *Blocked Russian URL*\components\kavlinkfilter.dll
2011-04-29 12:02 . 2011-05-02 04:45   --------   d-----w-   c:\programdata\Kaspersky Lab
2011-04-29 12:02 . 2011-04-29 12:02   --------   d-----w-   c:\program files (x86)\Kaspersky Lab
2011-04-29 11:58 . 2011-04-29 11:58   --------   d-----w-   c:\programdata\Kaspersky Lab Setup Files
2011-04-29 11:34 . 2011-04-29 11:34   --------   d-----w-   c:\users\Ghaleon\AppData\Roaming\AVG10
2011-04-29 11:33 . 2011-04-29 11:33   --------   d--h--w-   c:\programdata\Common Files
2011-04-29 11:32 . 2011-05-02 04:43   --------   d--h--w-   c:\programdata\AVG10
2011-04-29 11:21 . 2011-05-01 16:18   --------   d--h--w-   c:\programdata\MFAData
2011-04-29 11:12 . 2011-04-18 13:15   8802128   ---ha-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3260B530-FCFD-4BF9-82FE-48317C7DC5F4}\mpengine.dll
2011-04-29 10:54 . 2011-04-29 10:54   --------   d-----w-   c:\users\Don
2011-04-27 12:15 . 2011-04-27 12:15   --------   d--h--w-   c:\windows\Sun
2011-04-26 19:50 . 2011-04-26 19:50   --------   d-----w-   c:\program files (x86)\TuneUpMedia
2011-04-22 02:14 . 2011-04-22 02:29   --------   d-----w-   c:\users\Ghaleon\AppData\Local\ElevatedDiagnostics
2011-04-20 14:21 . 2011-05-02 04:45   --------   d-----w-   c:\users\Ghaleon\AppData\Roaming\LimeWire
2011-04-20 14:20 . 2011-04-20 14:20   --------   d-----w-   c:\program files (x86)\Common Files\Java
2011-04-20 14:19 . 2011-04-20 14:19   411368   ---ha-w-   c:\windows\SysWow64\deploytk.dll
2011-04-20 14:19 . 2011-04-20 14:19   411368   ----a-w-   c:\program files (x86)\Mozilla Firefox\plugins\npdeploytk.dll
2011-04-20 14:19 . 2011-04-20 14:19   --------   d-----w-   c:\program files (x86)\Java
2011-04-20 14:19 . 2011-04-20 14:20   --------   d-----w-   c:\program files (x86)\LimeWire
2011-04-20 00:29 . 2005-05-26 19:34   3767504   ----a-w-   c:\windows\system32\d3dx9_26.dll
2011-04-20 00:29 . 2005-05-26 19:34   2297552   ---ha-w-   c:\windows\SysWow64\d3dx9_26.dll
2011-04-20 00:29 . 2011-04-20 00:29   --------   d-----w-   C:\Temp
2011-04-20 00:27 . 2011-04-20 00:31   --------   d-----w-   c:\users\Ghaleon\AppData\Roaming\Wizards of the Coast
2011-04-20 00:27 . 2011-04-20 00:27   --------   d-----w-   c:\program files (x86)\Wizards of the Coast
2011-04-19 21:30 . 2011-04-19 21:30   --------   d--h--w-   c:\program files\iTunes
2011-04-19 21:30 . 2011-04-19 21:30   --------   d--h--w-   c:\program files\iPod
2011-04-19 21:27 . 2011-04-19 21:27   --------   d--h--w-   c:\program files\Bonjour
2011-04-19 21:27 . 2011-04-19 21:27   --------   d-----w-   c:\program files (x86)\Bonjour
2011-04-06 20:26 . 2011-04-06 20:26   96544   ----a-w-   c:\windows\system32\dnssd.dll
2011-04-06 20:26 . 2011-04-06 20:26   69408   ----a-w-   c:\windows\system32\jdns_sd.dll
2011-04-06 20:26 . 2011-04-06 20:26   237856   ----a-w-   c:\windows\system32\dnssdX.dll
2011-04-06 20:26 . 2011-04-06 20:26   119584   ----a-w-   c:\windows\system32\dns-sd.exe
2011-04-06 20:20 . 2011-04-06 20:20   91424   ---ha-w-   c:\windows\SysWow64\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20   75040   ---ha-w-   c:\windows\SysWow64\jdns_sd.dll
2011-04-06 20:20 . 2011-04-06 20:20   197920   ---ha-w-   c:\windows\SysWow64\dnssdX.dll
2011-04-06 20:20 . 2011-04-06 20:20   107808   ---ha-w-   c:\windows\SysWow64\dns-sd.exe
2011-04-05 04:15 . 2011-04-05 05:16   --------   d-----w-   c:\program files (x86)\CamStudio
2011-04-04 14:00 . 2011-04-23 02:30   --------   d-----w-   c:\users\Ghaleon\AppData\Roaming\TuneUpMedia
2011-04-04 13:59 . 2011-04-26 19:50   --------   d--h--w-   c:\programdata\TuneUpMedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 04:30 . 2011-03-15 04:30   86016   ---ha-w-   c:\windows\SysWow64\frapsvid.dll
2011-03-15 04:30 . 2011-03-15 04:30   84992   ----a-w-   c:\windows\system32\frapsv64.dll
2011-02-26 05:51 . 2011-02-26 05:51   466456   ----a-w-   c:\windows\system32\wrap_oal.dll
2011-02-26 05:51 . 2011-02-26 05:51   444952   ---ha-w-   c:\windows\SysWow64\wrap_oal.dll
2011-02-26 05:51 . 2011-02-26 05:51   122904   ----a-w-   c:\windows\system32\OpenAL32.dll
2011-02-26 05:51 . 2011-02-26 05:51   109080   ---ha-w-   c:\windows\SysWow64\OpenAL32.dll
2011-02-18 20:36 . 2011-02-18 20:36   51712   ----a-w-   c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 20:36 . 2011-02-18 20:36   4184352   ----a-w-   c:\windows\system32\usbaaplrc.dll
2011-02-02 22:11 . 2011-02-26 05:22   270720   ------w-   c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 17:51   3911776   ----a-w-   c:\program files (x86)\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EasyTether"="c:\program files (x86)\Mobile Stream\EasyTether\easytthr.exe" [2010-08-30 47432]
"CreativeTaskScheduler"="c:\program files (x86)\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-04-20 399736]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 1688872]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2011-04-29 365336]
.
c:\users\Ghaleon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2011-3-20 0]
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [2010-3-23 503808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-02-26 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-26 79360]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys

S3 WRfiltv;WRfiltv;c:\windows\system32\drivers\WRfiltv.sys

.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-03 11464296]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ghaleon\AppData\Roaming\Mozilla\Firefox\Profiles\r1twoiy8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: *Blocked Russian URL* - c:\program files (x86)\Mozilla *Blocked Russian URL*
FF - Ext: Kaspersky URL Advisor: *Blocked Russian URL* - c:\program files (x86)\Mozilla *Blocked Russian URL*
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-05-02 01:19:21
ComboFix-quarantined-files.txt 2011-05-02 05:19
.
Pre-Run: 1,617,716,441,088 bytes free
Post-Run: 1,619,706,605,568 bytes free
.
- - End Of File - - EC6238CA11A341356CD2237DBCC07541

SuperDave · « **Reply #5 on:** May 02, 2011, 01:06:08 PM »

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
4. Run CCleaner.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*********************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Computer Hope Forum

News:

Author Topic: I need help please. (Read 6670 times)

Ghaleon

I need help please.

SuperDave

Re: I need help please.

Ghaleon

Re: I need help please.

SuperDave

Re: I need help please.

Ghaleon

Re: I need help please.

SuperDave

Re: I need help please.