virtumonde infecting my computer

[evilfantasy]

Yes just download it from the above link.

[sanmil0963]

Thanks for the patience. Here is the log

[attachment deleted by admin]

[evilfantasy]

Download DDS by sUBs and save it to your desktop. Alternate DDS download link

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please include the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

[sanmil0963]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/25/2007 4:43:44 PM
System Uptime: 4/11/2009 1:19:03 PM (5 hours ago)

Motherboard: Hewlett-Packard |  | 0A60h
Processor: Intel(R) Core(TM)2 CPU          6400  @ 2.13GHz | XU1 PROCESSOR | 2128/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 141 GiB total, 110.228 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 6.356 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&DE53A73&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&DE53A73&0
Service: i8042prt

==== System Restore Points ===================

RP463: 1/10/2009 5:14:26 PM - System Checkpoint
RP464: 1/11/2009 3:33:09 PM - Installed BlackBerry Desktop Software 4.3.
RP465: 1/11/2009 3:37:16 PM - Installed Roxio Media Manager
RP466: 1/13/2009 3:43:32 AM - Software Distribution Service 3.0
RP467: 1/14/2009 8:13:44 AM - System Checkpoint
RP468: 1/14/2009 4:51:00 PM - Software Distribution Service 3.0
RP469: 1/16/2009 7:53:52 AM - Shockwave Player
RP470: 1/16/2009 8:13:13 AM - Software Distribution Service 3.0
RP471: 1/17/2009 11:13:35 AM - System Checkpoint
RP472: 1/18/2009 1:17:32 PM - System Checkpoint
RP473: 1/19/2009 10:54:26 AM - Software Distribution Service 3.0
RP474: 1/20/2009 1:19:45 PM - System Checkpoint
RP475: 1/21/2009 2:35:39 PM - System Checkpoint
RP476: 1/23/2009 1:19:28 AM - Software Distribution Service 3.0
RP477: 1/24/2009 3:58:41 AM - System Checkpoint
RP478: 1/25/2009 4:34:16 PM - System Checkpoint
RP479: 1/26/2009 7:00:36 PM - System Checkpoint
RP480: 1/27/2009 5:49:27 AM - Software Distribution Service 3.0
RP481: 1/28/2009 1:18:42 PM - System Checkpoint
RP482: 1/30/2009 1:48:21 AM - Software Distribution Service 3.0
RP483: 1/31/2009 5:32:45 PM - System Checkpoint
RP484: 2/1/2009 6:05:17 PM - Windows Defender Checkpoint
RP485: 2/2/2009 6:08:01 PM - System Checkpoint
RP486: 2/3/2009 2:12:21 AM - Software Distribution Service 3.0
RP487: 2/4/2009 11:04:02 AM - System Checkpoint
RP488: 2/5/2009 2:18:23 PM - Software Distribution Service 3.0
RP489: 2/6/2009 9:16:38 PM - System Checkpoint
RP490: 2/8/2009 5:59:24 AM - System Checkpoint
RP491: 2/9/2009 11:25:46 AM - System Checkpoint
RP492: 2/9/2009 6:04:26 PM - Software Distribution Service 3.0
RP493: 2/10/2009 6:47:50 PM - System Checkpoint
RP494: 2/11/2009 3:00:21 AM - Software Distribution Service 3.0
RP495: 2/12/2009 8:56:30 AM - System Checkpoint
RP496: 2/13/2009 1:33:21 AM - Software Distribution Service 3.0
RP497: 2/13/2009 3:30:24 PM - Shockwave Player
RP498: 2/13/2009 3:57:11 PM - Shockwave Player
RP499: 2/15/2009 12:53:47 PM - System Checkpoint
RP500: 2/16/2009 2:04:01 PM - System Checkpoint
RP501: 2/17/2009 1:53:28 AM - Software Distribution Service 3.0
RP502: 2/18/2009 5:29:46 AM - System Checkpoint
RP503: 2/19/2009 6:27:14 AM - System Checkpoint
RP504: 2/19/2009 8:09:59 PM - Software Distribution Service 3.0
RP505: 2/20/2009 9:22:15 PM - System Checkpoint
RP506: 2/23/2009 7:00:26 AM - System Checkpoint
RP507: 2/24/2009 6:56:27 AM - Software Distribution Service 3.0
RP508: 2/25/2009 10:58:21 AM - System Checkpoint
RP509: 2/25/2009 6:58:04 PM - Software Distribution Service 3.0
RP510: 2/27/2009 6:10:13 AM - Software Distribution Service 3.0
RP511: 2/28/2009 6:48:39 AM - System Checkpoint
RP512: 2/28/2009 2:38:47 PM - Installed Lost Treasures of Alexandria
RP513: 3/2/2009 6:33:59 AM - System Checkpoint
RP514: 3/3/2009 6:07:38 AM - Software Distribution Service 3.0
RP515: 3/4/2009 6:59:40 AM - System Checkpoint
RP516: 3/5/2009 11:42:40 AM - System Checkpoint
RP517: 3/5/2009 12:13:44 PM - Software Distribution Service 3.0
RP518: 3/6/2009 3:00:15 AM - Software Distribution Service 3.0
RP519: 3/7/2009 8:35:56 AM - System Checkpoint
RP520: 3/8/2009 2:02:09 PM - System Checkpoint
RP521: 3/9/2009 2:52:13 PM - System Checkpoint
RP522: 3/10/2009 5:21:30 AM - Software Distribution Service 3.0
RP523: 3/11/2009 7:03:11 AM - System Checkpoint
RP524: 3/12/2009 4:48:52 AM - Software Distribution Service 3.0
RP525: 3/13/2009 7:05:40 AM - System Checkpoint
RP526: 3/13/2009 2:50:17 PM - Software Distribution Service 3.0
RP527: 3/14/2009 4:57:24 AM - Software Distribution Service 3.0
RP528: 3/15/2009 8:25:01 AM - System Checkpoint
RP529: 3/16/2009 2:54:26 PM - System Checkpoint
RP530: 3/17/2009 6:29:05 AM - Software Distribution Service 3.0
RP531: 3/18/2009 9:46:38 AM - System Checkpoint
RP532: 3/19/2009 11:05:24 AM - System Checkpoint
RP533: 3/20/2009 3:46:22 AM - Software Distribution Service 3.0
RP534: 3/21/2009 1:42:30 PM - System Checkpoint
RP535: 3/22/2009 2:40:21 PM - System Checkpoint
RP536: 3/24/2009 6:01:05 AM - Software Distribution Service 3.0
RP537: 3/25/2009 10:05:49 AM - System Checkpoint
RP538: 3/26/2009 10:00:04 AM - Software Distribution Service 3.0
RP539: 3/27/2009 4:43:19 PM - System Checkpoint
RP540: 3/28/2009 4:57:00 PM - System Checkpoint
RP541: 3/30/2009 8:46:58 AM - System Checkpoint
RP542: 3/30/2009 7:30:45 PM - Software Distribution Service 3.0
RP543: 3/31/2009 9:08:48 PM - System Checkpoint
RP544: 4/2/2009 9:37:41 AM - System Checkpoint
RP545: 4/3/2009 1:00:51 PM - Software Distribution Service 3.0
RP546: 4/4/2009 4:44:55 PM - System Checkpoint
RP547: 4/5/2009 5:05:33 PM - Removed Lost Treasures of Alexandria
RP548: 4/6/2009 5:43:27 AM - Removed iTunes
RP549: 4/6/2009 5:46:16 AM - Installed Java(TM) 6 Update 13
RP550: 4/10/2009 1:02:18 PM - System Checkpoint
RP551: 4/10/2009 6:30:17 PM - ComboFix created restore point
RP552: 4/10/2009 6:41:59 PM - Software Distribution Service 3.0
RP553: 4/11/2009 3:11:00 AM - Software Distribution Service 3.0

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
5600
5600_Help
5600Trb
Accent on Interactivity 1.6
Adobe Flash Player 10 ActiveX
Adobe Reader 7.1.0
Adobe Shockwave Player
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
AutoUpdate
Barbie Girls
BlackBerry Desktop Software 4.3
Broadcom Management Programs
Broadcom TPM Driver Installer
BufferChm
C7100
c7100_Help
Cake Mania
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner (remove only)
CorelDRAW Design Collection - 2
CorelDRAW Design Collection - 3
CorelDRAW Graphics Suite X3
Coupon Printer for Windows
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
Creating Keepsakes Scrapbook Designer
Critical Update for Windows Media Player 11 (KB959772)
CueTour
CustomerResearchQFolder
Desktop Doctor
Destinations
DeviceManagementQFolder
Diner Dash 2
Direct Show Ogg Vorbis Filter (remove only)
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
EN
eSupportQFolder
Fax
Fax_CDA
FontNav
FullDPAppQFolder
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Backup and Recovery Manager
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Help and Support
HP Image Zone Express
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center 7.0
HP Update
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareDevices
InstantShareDevicesMFC
Intel(R) Graphics Media Accelerator Driver
InterActual Player
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 13
Kidzui
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech MouseWare 9.76
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
MGTEK dopisp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Move Networks Media Player for Internet Explorer
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NewCopy
NewCopy_CDA
Nikon Message Center
OCR Software by I.R.I.S 7.0
OTOY
PanoStandAlone
PDF Complete
PhotoGallery
PictureProject
Pirate Poppers
ProductContext
ProductContextNPI
QuickTime
RandMap
Readme
Realtek High Definition Audio Driver
Rhapsody Player Engine
Roxio Media Manager
Scan
ScannerCopy
SDMSSplash
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Shockwave
SkinsHP1
SlideShow
Software Setup
SolutionCenter
Sonic_PrimoSDK
SpongeBob Diner Dash
Spybot - Search & Destroy
Status
SUPERAntiSpyware Free Edition
Toolbox
TrayApp
Uninstall Dual Mode Camera
Unload
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb962871)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update Manager
VeohTV BETA
WebFldrs XP
WebReg
Wedding Dash
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live OneCare Family Safety
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

4/4/2009 10:29:41 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/4/2009 5:11:03 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
4/4/2009 5:00:02 AM, error: Schedule [7901]  - The At6.job command failed to start due to the following error:  %%2147942402
4/4/2009 5:00:01 AM, error: Schedule [7901]  - The At30.job command failed to start due to the following error:  %%2147942402
4/4/2009 11:00:02 AM, error: Schedule [7901]  - The At36.job command failed to start due to the following error:  %%2147942402
4/4/2009 4:00:01 PM, error: Schedule [7901]  - The At17.job command failed to start due to the following error:  %%2147942402
4/4/2009 4:00:02 PM, error: Schedule [7901]  - The At41.job command failed to start due to the following error:  %%2147942402
4/4/2009 5:00:01 PM, error: Schedule [7901]  - The At18.job command failed to start due to the following error:  %%2147942402
4/4/2009 5:00:02 PM, error: Schedule [7901]  - The At42.job command failed to start due to the following error:  %%2147942402
4/4/2009 7:00:01 PM, error: Schedule [7901]  - The At20.job command failed to start due to the following error:  %%2147942402
4/4/2009 7:00:02 PM, error: Schedule [7901]  - The At44.job command failed to start due to the following error:  %%2147942402
4/4/2009 10:00:01 PM, error: Schedule [7901]  - The At23.job command failed to start due to the following error:  %%2147942402
4/4/2009 10:00:02 PM, error: Schedule [7901]  - The At47.job command failed to start due to the following error:  %%2147942402
4/5/2009 9:00:01 AM, error: Schedule [7901]  - The At10.job command failed to start due to the following error:  %%2147942402
4/5/2009 9:00:02 AM, error: Schedule [7901]  - The At34.job command failed to start due to the following error:  %%2147942402
4/5/2009 10:00:01 AM, error: Schedule [7901]  - The At11.job command failed to start due to the following error:  %%2147942402
4/5/2009 10:00:02 AM, error: Schedule [7901]  - The At35.job command failed to start due to the following error:  %%2147942402
4/5/2009 11:00:01 AM, error: Schedule [7901]  - The At12.job command failed to start due to the following error:  %%2147942402
4/5/2009 1:00:01 PM, error: Schedule [7901]  - The At14.job command failed to start due to the following error:  %%2147942402
4/5/2009 1:00:02 PM, error: Schedule [7901]  - The At38.job command failed to start due to the following error:  %%2147942402
4/5/2009 2:00:01 PM, error: Schedule [7901]  - The At15.job command failed to start due to the following error:  %%2147942402
4/5/2009 2:00:02 PM, error: Schedule [7901]  - The At39.job command failed to start due to the following error:  %%2147942402
4/5/2009 3:00:01 PM, error: Schedule [7901]  - The At16.job command failed to start due to the following error:  %%2147942402
4/5/2009 3:00:02 PM, error: Schedule [7901]  - The At40.job command failed to start due to the following error:  %%2147942402
4/5/2009 5:04:47 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
4/5/2009 6:00:01 PM, error: Schedule [7901]  - The At19.job command failed to start due to the following error:  %%2147942402
4/5/2009 6:00:02 PM, error: Schedule [7901]  - The At43.job command failed to start due to the following error:  %%2147942402
4/6/2009 4:00:01 AM, error: Schedule [7901]  - The At29.job command failed to start due to the following error:  %%2147942402
4/6/2009 4:00:02 AM, error: Schedule [7901]  - The At5.job command failed to start due to the following error:  %%2147942402
4/6/2009 6:00:01 AM, error: Schedule [7901]  - The At31.job command failed to start due to the following error:  %%2147942402
4/6/2009 6:00:02 AM, error: Schedule [7901]  - The At7.job command failed to start due to the following error:  %%2147942402
4/6/2009 7:00:01 AM, error: Schedule [7901]  - The At32.job command failed to start due to the following error:  %%2147942402
4/6/2009 7:00:02 AM, error: Schedule [7901]  - The At8.job command failed to start due to the following error:  %%2147942402
4/6/2009 8:00:01 AM, error: Schedule [7901]  - The At33.job command failed to start due to the following error:  %%2147942402
4/6/2009 8:00:02 AM, error: Schedule [7901]  - The At9.job command failed to start due to the following error:  %%2147942402
4/6/2009 12:00:01 PM, error: Schedule [7901]  - The At13.job command failed to start due to the following error:  %%2147942402
4/6/2009 12:00:02 PM, error: Schedule [7901]  - The At37.job command failed to start due to the following error:  %%2147942402

==== End Of File ===========================


[attachment deleted by admin]

[evilfantasy]

Disable Spybot's TeaTimer

While TeaTimer is an excellent tool for the prevention of spyware, it can also interfere with these fixes. Please disable TeaTimer for now until you are clean.

1. Right click Spybot in the System Tray (looks like a calendar with a padlock symbol). Choose Exit Spybot S&D Resident
2. Run Spybot S&D
3. Go to the Mode menu, and make sure Advanced Mode is selected.
4. On the left hand side, choose Tools > Resident
uncheck Resident TeaTimer and OK any prompt and Restart your computer.

Note: If TeaTimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

If TeaTimer will not turn off then uninstall Spybot until we are done cleaning.

----------

Go to Add or Remove Programs and uninstall:

• AutoUpdate
• J2SE Runtime Environment 5.0 Update 6
• LiveReg (Symantec Corporation)
• LiveUpdate 2.6 (Symantec Corporation)
• MarketResearch

.
----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Folder::
c:\docume~1\admini~1\applic~1\licenses
c:\docume~1\admini~1\applic~1\PCMM2009
c:\program files\PC MightyMax 2009

File::
c:\windows\Tasks\At1.job
c:\windows\system32\XDevH2E1.exe
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\system32\k542TykF.exe
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

RegLockDel::
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}\InprocServer32]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[sanmil0963]

I don't see the calendar with the padlock. The teatimer is off. Do I go ahead with the scan?

[evilfantasy]

Please do this.

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code: [Select]

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

Now continue on.

[sanmil0963]

I had a success. 

Do I start running spybot now?

[sanmil0963]

Here the Combofix log

[attachment deleted by admin]

[evilfantasy]

That's the same log as before.

Follow the instructions from here > http://www.computerhope.com/forum/index.php/topic,80538.msg535464.html#msg535464

[sanmil0963]

No. I just ran that one after doing the steps that you provided me and here is the MBAM


[attachment deleted by admin]

[evilfantasy]

OK I still need the new ComboFix log from the instructions in this post > > http://www.computerhope.com/forum/index.php/topic,80538.msg535464.html#msg535464

[sanmil0963]

I'm trying to run it again, but it keeps detecting my McAfee. I have tripled checked and McAfee has been disabled.

[evilfantasy]

Just keep going and ignore the warning.

[sanmil0963]

Here it is. Thank you

[attachment deleted by admin]