Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

Author Topic: Serious spyware or virus problem (Help please!)  (Read 11655 times)

0 Members and 1 Guest are viewing this topic.

007will

    Topic Starter


    Beginner

    Serious spyware or virus problem (Help please!)
    « on: January 04, 2010, 05:27:41 AM »
    Hi

    I have some kind of virus and i have used this site before and the help was super!!
    Basicly I get thing come up when i turn on that says 'Windows Security Alert - Application cannot be executed. Do you want to activate your antivirus software now?'

    Then I get other messages that basicly want to know if i wanna activate antivirus or stay unprotected.

    Unfortunatly i cant run anything coz this blocks everything from opening. I can't run any virus scan software or anything like that. I cant open the internet or even anything like word.

    I need help desperatly!

    Please can someone help me...??

    Thanks!

    harry 48



      Egghead

    • lay back , relax and chill out
    • Thanked: 129
      • Yes
      • Yes
      • Yes
      • Dribbling Pensioner
    • Certifications: List
    • Experience: Familiar
    • OS: Windows 7
    Re: Serious spyware or virus problem (Help please!)
    « Reply #1 on: January 04, 2010, 07:34:10 AM »
    http://www.computerhope.com/forum/index.php/topic,46313.0.html

    you must be on another pc to get on here so go to above and download to a memory stick or similar and run all on your own pc and post the 3 logs here

    007will

      Topic Starter


      Beginner

      Re: Serious spyware or virus problem (Help please!)
      « Reply #2 on: January 04, 2010, 09:10:13 AM »
      I would but am unable to open any programs on my computer so don't think i could do that  :(

      harry 48



        Egghead

      • lay back , relax and chill out
      • Thanked: 129
        • Yes
        • Yes
        • Yes
        • Dribbling Pensioner
      • Certifications: List
      • Experience: Familiar
      • OS: Windows 7
      Re: Serious spyware or virus problem (Help please!)
      « Reply #3 on: January 04, 2010, 10:14:47 AM »
      when you put the stick in it should open its self

      007will

        Topic Starter


        Beginner

        Re: Serious spyware or virus problem (Help please!)
        « Reply #4 on: January 04, 2010, 02:55:02 PM »
        I'm really sorry i maybe dumb but i downloaded the programs to an external hard drive (as they wouldn't fit on the stick i've got) and then try to use them but my computer would open the drive but NOT let me open the programs. No programs can open it seems. Everytime i try it flashes as if its opening and then that warning message comes up. Its like its blocking me opening things. Really sorry if i am dumb. Can you still help please?

        Allan

        • Moderator

        • Mastermind
        • Thanked: 1206
        • Experience: Guru
        • OS: Windows 10
        Re: Serious spyware or virus problem (Help please!)
        « Reply #5 on: January 04, 2010, 03:53:46 PM »
        Download a boot time anti virus scanner (pick one: http://www.google.com/search?hl=en&rlz=1T4GGLL_enUS304US305&ei=WHFCS-DZLMW8lAeTsP2fBw&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0CAYQBSgA&q=download+boot+time+av+scanner&spell=1). Burn it to a cd and put the cd in the infected computer. Make sure the cd is at the top of the boot order in bios, then boot to the cd and run the scan.

        harry 48



          Egghead

        • lay back , relax and chill out
        • Thanked: 129
          • Yes
          • Yes
          • Yes
          • Dribbling Pensioner
        • Certifications: List
        • Experience: Familiar
        • OS: Windows 7
        Re: Serious spyware or virus problem (Help please!)
        « Reply #6 on: January 04, 2010, 03:57:50 PM »
        thanks allan  ;)

        Allan

        • Moderator

        • Mastermind
        • Thanked: 1206
        • Experience: Guru
        • OS: Windows 10
        Re: Serious spyware or virus problem (Help please!)
        « Reply #7 on: January 04, 2010, 03:58:29 PM »
         ;)

        007will

          Topic Starter


          Beginner

          Re: Serious spyware or virus problem (Help please!)
          « Reply #8 on: January 05, 2010, 05:02:29 AM »
          great i will try that when i get home :). Any probs i will let you guiys know!

          007will

            Topic Starter


            Beginner

            Re: Serious spyware or virus problem (Help please!)
            « Reply #9 on: January 05, 2010, 02:08:40 PM »
            Well for some unknown reason my comp is now working better! WooHoo! I have therefore been able to complete the logs... please find them below :)

            007will

              Topic Starter


              Beginner

              Re: Serious spyware or virus problem (Help please!)
              « Reply #10 on: January 05, 2010, 02:09:16 PM »
              SUPERAntiSpyware Scan Log
              http://www.superantispyware.com

              Generated 01/05/2010 at 08:17 PM

              Application Version : 4.32.1000

              Core Rules Database Version : 4447
              Trace Rules Database Version: 2269

              Scan type       : Complete Scan
              Total Scan Time : 02:39:33

              Memory items scanned      : 609
              Memory threats detected   : 0
              Registry items scanned    : 7423
              Registry threats detected : 2
              File items scanned        : 147813
              File threats detected     : 6

              Trojan.Agent/Gen-FakeSpy[Broad-1]
                 [hruvonsl] C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\APPLICATION DATA\LPTDVL\FSGDSYSGUARD.EXE
                 C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\APPLICATION DATA\LPTDVL\FSGDSYSGUARD.EXE
                 [hruvonsl] C:\DOCUMENTS AND SETTINGS\WILL\LOCAL SETTINGS\APPLICATION DATA\LPTDVL\FSGDSYSGUARD.EXE
                 C:\WINDOWS\Prefetch\FSGDSYSGUARD.EXE-057A6C20.pf

              Adware.Tracking Cookie
                 C:\Documents and Settings\Will\Cookies\[email protected][2].txt

              Rogue.Agent/Gen-Nullo[EXE]
                 C:\WINDOWS\ADEPAZUHA.EXE

              Rogue.Agent/Gen-Nullo[DLL]
                 C:\WINDOWS\SYSTEM32\ATSDRVE.DLL

              Rogue.Agent/Gen-Nullo[BIN]
                 C:\WINDOWS\SYSTEM32\TAZAREM.BIN

              007will

                Topic Starter


                Beginner

                Re: Serious spyware or virus problem (Help please!)
                « Reply #11 on: January 05, 2010, 02:09:40 PM »
                Malwarebytes' Anti-Malware 1.43
                Database version: 3497
                Windows 5.1.2600 Service Pack 3
                Internet Explorer 8.0.6001.18702

                05/01/2010 20:47:09
                mbam-log-2010-01-05 (20-47-09).txt

                Scan type: Quick Scan
                Objects scanned: 115485
                Time elapsed: 11 minute(s), 48 second(s)

                Memory Processes Infected: 0
                Memory Modules Infected: 0
                Registry Keys Infected: 1
                Registry Values Infected: 0
                Registry Data Items Infected: 3
                Folders Infected: 0
                Files Infected: 1

                Memory Processes Infected:
                (No malicious items detected)

                Memory Modules Infected:
                (No malicious items detected)

                Registry Keys Infected:
                HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

                Registry Values Infected:
                (No malicious items detected)

                Registry Data Items Infected:
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
                HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

                Folders Infected:
                (No malicious items detected)

                Files Infected:
                C:\Documents and Settings\Will\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk (Rogue.AntiVirusPro2010) -> Quarantined and deleted successfully.

                007will

                  Topic Starter


                  Beginner

                  Re: Serious spyware or virus problem (Help please!)
                  « Reply #12 on: January 05, 2010, 02:10:14 PM »
                  Logfile of Trend Micro HijackThis v2.0.2
                  Scan saved at 21:05:47, on 05/01/2010
                  Platform: Windows XP SP3 (WinNT 5.01.2600)
                  MSIE: Internet Explorer v8.00 (8.00.6001.18702)
                  Boot mode: Normal

                  Running processes:
                  C:\WINDOWS\System32\smss.exe
                  C:\WINDOWS\system32\winlogon.exe
                  C:\WINDOWS\system32\services.exe
                  C:\WINDOWS\system32\lsass.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\WINDOWS\system32\spoolsv.exe
                  C:\WINDOWS\Explorer.EXE
                  C:\WINDOWS\system32\hkcmd.exe
                  C:\WINDOWS\system32\igfxpers.exe
                  C:\WINDOWS\stsystra.exe
                  C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                  C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
                  C:\Program Files\Real\RealPlayer\RealPlay.exe
                  C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
                  C:\WINDOWS\System32\DLA\DLACTRLW.EXE
                  C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
                  C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
                  C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
                  C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
                  C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
                  C:\Program Files\Winamp\winampa.exe
                  C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  C:\Program Files\Bonjour\mDNSResponder.exe
                  C:\Program Files\Dell Network Assistant\hnm_svc.exe
                  C:\Program Files\Java\jre6\bin\jqs.exe
                  C:\Program Files\iTunes\iTunesHelper.exe
                  C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
                  C:\Program Files\Zune\ZuneLauncher.exe
                  C:\Program Files\Dell Support\DSAgnt.exe
                  C:\Program Files\Windows Live\Messenger\msnmsgr.exe
                  C:\WINDOWS\system32\ctfmon.exe
                  C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
                  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                  C:\Program Files\Kontiki\KHost.exe
                  C:\Program Files\Messenger\msmsgs.exe
                  C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
                  C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
                  C:\WINDOWS\system32\HPZipm12.exe
                  C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
                  C:\WINDOWS\system32\svchost.exe
                  C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
                  C:\WINDOWS\system32\SearchIndexer.exe
                  C:\WINDOWS\system32\ZuneBusEnum.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
                  C:\Program Files\AOL 9.0\aoltray.exe
                  C:\Program Files\Microsoft Windows OneCare Live\winss.exe
                  C:\Program Files\Logitech\SetPoint\KEM.exe
                  C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
                  C:\Program Files\Windows Desktop Search\WindowsSearch.exe
                  C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
                  C:\Program Files\iPod\bin\iPodService.exe
                  C:\Program Files\Kontiki\KService.exe
                  C:\WINDOWS\System32\svchost.exe
                  C:\WINDOWS\system32\wuauclt.exe
                  C:\WINDOWS\system32\msiexec.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Windows Live\Toolbar\wltuser.exe
                  C:\Program Files\Internet Explorer\iexplore.exe
                  C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
                  C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
                  C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
                  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
                  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
                  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
                  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                  O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
                  O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
                  O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
                  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
                  O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
                  O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
                  O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
                  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
                  O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
                  O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
                  O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                  O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                  O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
                  O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
                  O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
                  O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
                  O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                  O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
                  O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
                  O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
                  O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
                  O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
                  O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
                  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                  O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
                  O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
                  O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
                  O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
                  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
                  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                  O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
                  O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
                  O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                  O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
                  O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
                  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                  O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
                  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                  O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
                  O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
                  O4 - Global Startup: Dell Network Assistant.lnk = ?
                  O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
                  O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
                  O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                  O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                  O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                  O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
                  O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Will\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
                  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                  O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                  O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
                  O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
                  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159216988941
                  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                  O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
                  O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/stream.ocx
                  O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                  O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
                  O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
                  O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                  O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
                  O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
                  O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                  O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                  O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                  O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                  O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
                  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                  O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
                  O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
                  O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
                  O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
                  O23 - Service: NMSAccessU - Unknown owner - C:\Documents and Settings\Will\Local Settings\Temp\{A069857B-A614-4598-9495-B0029E79B748}\NMSAccessU.exe (file missing)
                  O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
                  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                  O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
                  O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

                  --
                  End of file - 14294 bytes

                  harry 48



                    Egghead

                  • lay back , relax and chill out
                  • Thanked: 129
                    • Yes
                    • Yes
                    • Yes
                    • Dribbling Pensioner
                  • Certifications: List
                  • Experience: Familiar
                  • OS: Windows 7
                  Re: Serious spyware or virus problem (Help please!)
                  « Reply #13 on: January 05, 2010, 02:46:19 PM »
                  glad you got it working

                  you don't seem to have an anti-virus in the pc if not go here , both free

                  http://www.free-av.com/

                  or

                  http://www.avast.com/eng/download-avast-home.html

                  a malware expert should have a look at the logs but there seems to be little wrong

                  007will

                    Topic Starter


                    Beginner

                    Re: Serious spyware or virus problem (Help please!)
                    « Reply #14 on: January 05, 2010, 02:50:28 PM »
                    okay great... hope a malware guy will look at it :)

                    harry 48



                      Egghead

                    • lay back , relax and chill out
                    • Thanked: 129
                      • Yes
                      • Yes
                      • Yes
                      • Dribbling Pensioner
                    • Certifications: List
                    • Experience: Familiar
                    • OS: Windows 7
                    Re: Serious spyware or virus problem (Help please!)
                    « Reply #15 on: January 05, 2010, 02:54:37 PM »
                    keep sas , mbam and ccleaner in the pc and run weekly

                    SuperDave

                    • Malware Removal Specialist
                    • Moderator


                    • Genius
                    • Thanked: 990
                    • Certifications: List
                    • Experience: Expert
                    • OS: Windows 8
                    Re: Serious spyware or virus problem (Help please!)
                    « Reply #16 on: January 06, 2010, 07:29:10 AM »
                    Hello 007will and welcome to Computer Hope Forum. My name is Superdave but you can just call me SD. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

                    1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
                    2. The fixes are specific to your problem and should only be used for this issue on this machine.
                    3. If you don't know or understand something, please don't hesitate to ask.
                    4. Please DO NOT run any other tools or scans while I am helping you.
                    5. It is important that you reply to this thread. Do not start a new topic.
                    6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
                    7. Absence of symptoms does not mean that everything is clear.

                    Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

                    Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

                    Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

                    Exit out of MessengerDisable then delete the two files that were put on the desktop.

                    Open HijackThis and select Do a system scan only

                    Place a check mark next to the following entries: (if there)

                    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
                    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Will\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
                    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
                    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
                    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll


                    Important: Close all open windows except for HijackThis and then click Fix checked.

                    Once completed, exit HijackThis.

                    Your logs look quite clean but just to be on the safe side, we'll run another scan with this:

                    Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

                    link # 1
                    link #2

                    Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

                    Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

                    Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts.
                    Double-click combofix.exe and follow the prompts.
                    When finished, ComboFix will produce a log for you.
                    Post the ComboFix log and a new HijackThis log in your next reply.

                    NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

                    Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

                    Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                    007will

                      Topic Starter


                      Beginner

                      Re: Serious spyware or virus problem (Help please!)
                      « Reply #17 on: January 06, 2010, 05:36:22 PM »
                      ComboFix 10-01-04.01 - Will 07/01/2010   0:23.3.2 - x86
                      Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.459 [GMT 0:00]
                      Running from: c:\documents and settings\Will\Desktop\ComboFix.exe
                      AV:  *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
                      AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
                      FW:  *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
                      FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
                      .

                      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                      .

                      c:\documents and settings\Will\Cookies\oduny._dl
                      c:\documents and settings\Will\Cookies\xepodazoca.ban
                      c:\program files\Common Files\hukegomiho.vbs
                      c:\program files\Common Files\padamum.bat
                      c:\program files\Common Files\yzenijace.bat
                      C:\Thumbs.db
                      c:\windows\alygiwo.vbs

                      c:\windows\system32\proquota.exe was missing
                      Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

                      .
                      (((((((((((((((((((((((((   Files Created from 2009-12-07 to 2010-01-07  )))))))))))))))))))))))))))))))
                      .

                      2010-01-07 00:31 . 2008-04-14 00:12   50176   ----a-w-   c:\windows\system32\proquota.exe
                      2010-01-07 00:31 . 2008-04-14 00:12   50176   ----a-w-   c:\windows\system32\dllcache\proquota.exe
                      2010-01-05 20:32 . 2010-01-05 20:33   --------   d-----w-   C:\Malwarebytes' Anti-Malware
                      2010-01-05 17:35 . 2010-01-05 17:35   52224   ----a-w-   c:\documents and settings\Will\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
                      2009-12-31 10:18 . 2010-01-05 20:21   --------   d-----w-   c:\documents and settings\Will\Local Settings\Application Data\lptdvl
                      2009-12-16 22:29 . 2009-12-16 22:42   --------   d-----w-   c:\documents and settings\Will\.hydrogen
                      2009-12-16 22:27 . 2009-12-16 22:28   --------   d-----w-   c:\program files\Hydrogen
                      2009-12-16 22:27 . 2009-12-16 22:27   --------   d-----w-   c:\program files\SwiffRec
                      2009-12-16 22:24 . 2009-12-16 22:26   --------   d-----w-   c:\program files\BestPractice
                      2009-12-16 22:22 . 2009-12-16 22:22   --------   d-----w-   c:\program files\AudioBookCutter_0_5_0
                      2009-12-16 22:21 . 2009-12-16 22:21   --------   d-----w-   c:\program files\7-Zip
                      2009-12-16 22:19 . 2009-12-16 22:19   --------   d-----w-   c:\program files\ggseq-0.3.1
                      2009-12-16 22:17 . 2009-12-16 22:17   --------   d-----w-   c:\program files\WinLame_pre4
                      2009-12-16 22:15 . 2009-12-16 22:15   --------   d-----w-   c:\program files\lame_3.96.1
                      2009-12-13 16:23 . 2009-12-13 16:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\TomTom
                      2009-12-13 16:22 . 2009-12-13 16:22   --------   d-----w-   c:\documents and settings\Will\Local Settings\Application Data\TomTom
                      2009-12-13 16:22 . 2009-12-13 16:22   --------   d-----w-   c:\documents and settings\Will\Application Data\TomTom
                      2009-12-13 16:22 . 2009-12-13 16:22   --------   d-----w-   c:\program files\TomTom International B.V
                      2009-12-13 16:22 . 2009-12-13 16:22   --------   d-----w-   c:\program files\TomTom HOME 2

                      .
                      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      2010-01-07 00:32 . 2008-09-21 20:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\Kontiki
                      2010-01-06 22:07 . 2007-03-01 14:05   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
                      2010-01-05 18:18 . 2008-12-22 21:43   --------   d-----w-   c:\program files\Microsoft Windows OneCare Live
                      2010-01-05 17:36 . 2008-12-31 15:48   --------   d-----w-   c:\program files\SUPERAntiSpyware
                      2010-01-05 17:35 . 2009-10-01 21:24   117760   ----a-w-   c:\documents and settings\Will\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
                      2009-12-30 14:55 . 2009-01-01 15:53   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
                      2009-12-30 14:54 . 2009-01-01 15:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
                      2009-12-16 08:18 . 2009-11-10 20:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\SSScanAppDataDir
                      2009-12-05 15:06 . 2006-09-20 09:20   --------   d-----w-   c:\program files\Java
                      2009-12-05 15:03 . 2009-12-05 15:03   152576   ----a-w-   c:\documents and settings\Will\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
                      2009-12-05 15:02 . 2009-12-05 15:02   79488   ----a-w-   c:\documents and settings\Will\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
                      2009-11-10 22:20 . 2006-09-25 21:35   49000   ----a-w-   c:\documents and settings\Will\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
                      2009-11-10 22:19 . 2008-03-06 08:19   --------   d-----w-   c:\program files\Windows Live
                      2009-11-10 22:19 . 2006-09-26 09:34   --------   d-----w-   c:\program files\Windows Live Toolbar
                      2009-11-10 22:18 . 2009-11-10 22:18   --------   d-----w-   c:\program files\Microsoft Sync Framework
                      2009-11-10 22:11 . 2009-11-10 22:11   --------   d-----w-   c:\program files\Microsoft
                      2009-11-10 22:11 . 2009-11-10 22:11   --------   d-----w-   c:\program files\Windows Live SkyDrive
                      2009-11-10 20:42 . 2009-11-10 20:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\MSScanAppDataDir
                      2009-10-29 07:45 . 2004-08-10 11:51   916480   ----a-w-   c:\windows\system32\wininet.dll
                      2009-10-21 05:38 . 2004-08-10 11:51   75776   ----a-w-   c:\windows\system32\strmfilt.dll
                      2009-10-21 05:38 . 2004-08-10 11:51   25088   ----a-w-   c:\windows\system32\httpapi.dll
                      2009-10-20 16:20 . 2004-08-03 22:00   265728   ----a-w-   c:\windows\system32\drivers\http.sys
                      2009-10-13 10:30 . 2004-08-10 11:51   270336   ----a-w-   c:\windows\system32\oakley.dll
                      2009-10-12 19:37 . 2009-10-12 19:25   110415   ----a-w-   c:\windows\hpoins11.dat
                      2009-10-12 13:38 . 2004-08-10 11:51   149504   ----a-w-   c:\windows\system32\rastls.dll
                      2009-10-12 13:38 . 2004-08-10 11:51   79872   ----a-w-   c:\windows\system32\raschap.dll
                      2009-10-11 04:17 . 2009-01-01 16:26   411368   ----a-w-   c:\windows\system32\deploytk.dll
                      2008-10-07 07:00 . 2008-10-07 07:00   235296   ----a-w-   c:\program files\MC
                      2008-11-16 23:42 . 2006-10-05 21:32   88   --sh--r-   c:\windows\system32\64D3CEE666.sys
                      2008-05-19 20:22 . 2006-10-17 19:25   56   --sh--r-   c:\windows\system32\66E6CED364.sys
                      2008-11-16 23:43 . 2006-10-05 21:32   5852   --sha-w-   c:\windows\system32\KGyGaAvL.sys
                      .

                      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                      .
                      .
                      *Note* empty entries & legit default entries are not shown
                      REGEDIT4

                      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
                      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]
                      "kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
                      "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
                      "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
                      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

                      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                      "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
                      "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
                      "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
                      "SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
                      "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
                      "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
                      "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 497240]
                      "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-09-20 26112]
                      "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
                      "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
                      "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-20 169984]
                      "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
                      "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
                      "DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
                      "DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
                      "EPSON Stylus C64 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
                      "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
                      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
                      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
                      "OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
                      "MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
                      "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]

                      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
                      "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

                      c:\documents and settings\All Users\Start Menu\Programs\Startup\
                      Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
                      AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-9-20 156784]
                      BT Broadband Basic Help.lnk - c:\program files\BT Broadband Basic Help\bin\matcli.exe [2006-10-31 200704]
                      Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-20 7168]
                      Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-9-25 581632]
                      Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

                      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                      "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
                      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
                      @="Service"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                      @="Driver"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
                      @="Service"

                      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
                      @="Service"

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
                      "DisableMonitoring"=dword:00000001

                      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
                      "DisableMonitoring"=dword:00000001

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                      "EnableFirewall"= 0 (0x0)

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                      "%windir%\\system32\\sessmgr.exe"=
                      "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
                      "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
                      "c:\\Program Files\\AOL 9.0\\waol.exe"=
                      "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
                      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                      "c:\\StubInstaller.exe"=
                      "c:\\Sierra\\SWAT3\\Swat.icd"=
                      "c:\\Program Files\\Raven\\Star Trek Voyager Elite Force\\stvoyHM.exe"=
                      "c:\\Program Files\\EasyChat\\EasyChat.exe"=
                      "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
                      "c:\\Program Files\\Kontiki\\KService.exe"=
                      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                      "c:\\Program Files\\iTunes\\iTunes.exe"=
                      "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
                      "c:\\Program Files\\LimeWire\\LimeWire.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
                      "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
                      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
                      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                      "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

                      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                      "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
                      "10426:UDP"= 10426:UDP:SingleClick ICC

                      R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 10:42 9968]
                      R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 10:42 74480]
                      R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [09/07/2009 11:15 26104]
                      R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 11:31 92008]
                      S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/11/2008 12:11 682232]
                      S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [05/10/2006 22:11 13592]
                      S3 pfsvgae;pfsvgae;\??\c:\docume~1\Will\LOCALS~1\Temp\pfsvgae.sys --> c:\docume~1\Will\LOCALS~1\Temp\pfsvgae.sys [?]
                      S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 10:42 7408]
                      .
                      Contents of the 'Scheduled Tasks' folder

                      2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
                      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
                      .
                      .
                      ------- Supplementary Scan -------
                      .
                      uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
                      uInternet Connection Wizard,ShellNext = hxxp://www.btbroadbandstart.com/
                      uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
                      .
                      - - - - ORPHANS REMOVED - - - -

                      SafeBoot-WudfPf
                      SafeBoot-WudfRd
                      AddRemove-CCleaner - f:\ccleaner\uninst.exe
                      AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



                      **************************************************************************

                      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                      Rootkit scan 2010-01-07 00:32
                      Windows 5.1.2600 Service Pack 3 NTFS

                      scanning hidden processes ... 

                      scanning hidden autostart entries ...

                      scanning hidden files ... 

                      scan completed successfully
                      hidden files: 0

                      **************************************************************************
                      .
                      --------------------- LOCKED REGISTRY KEYS ---------------------

                      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
                      @DACL=(02 0000)
                      "Installed"="1"

                      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
                      @DACL=(02 0000)
                      "Installed"="1"
                      "NoChange"="1"

                      [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
                      @DACL=(02 0000)
                      "Installed"="1"
                      .
                      Completion time: 2010-01-07  00:34:50
                      ComboFix-quarantined-files.txt  2010-01-07 00:34

                      Pre-Run: 37,931,307,008 bytes free
                      Post-Run: 38,102,618,112 bytes free

                      - - End Of File - - 7044B05AD25336358301E416D411741C

                      007will

                        Topic Starter


                        Beginner

                        Re: Serious spyware or virus problem (Help please!)
                        « Reply #18 on: January 06, 2010, 05:36:46 PM »
                        Logfile of Trend Micro HijackThis v2.0.2
                        Scan saved at 00:35:55, on 07/01/2010
                        Platform: Windows XP SP3 (WinNT 5.01.2600)
                        MSIE: Internet Explorer v8.00 (8.00.6001.18702)
                        Boot mode: Normal

                        Running processes:
                        C:\WINDOWS\System32\smss.exe
                        C:\WINDOWS\system32\winlogon.exe
                        C:\WINDOWS\system32\services.exe
                        C:\WINDOWS\system32\lsass.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\WINDOWS\system32\spoolsv.exe
                        C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                        C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                        C:\Program Files\Bonjour\mDNSResponder.exe
                        C:\Program Files\Dell Network Assistant\hnm_svc.exe
                        C:\Program Files\Java\jre6\bin\jqs.exe
                        C:\Program Files\Kontiki\KService.exe
                        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                        C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
                        C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
                        C:\WINDOWS\system32\HPZipm12.exe
                        C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
                        C:\WINDOWS\system32\svchost.exe
                        C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
                        C:\WINDOWS\system32\SearchIndexer.exe
                        C:\WINDOWS\system32\ZuneBusEnum.exe
                        C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
                        C:\Program Files\Microsoft Windows OneCare Live\winss.exe
                        C:\WINDOWS\system32\wscntfy.exe
                        C:\WINDOWS\System32\svchost.exe
                        C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
                        C:\WINDOWS\system32\notepad.exe
                        C:\WINDOWS\explorer.exe
                        C:\WINDOWS\system32\wuauclt.exe
                        C:\Program Files\Internet Explorer\IEXPLORE.EXE
                        C:\Program Files\Internet Explorer\IEXPLORE.EXE
                        C:\WINDOWS\system32\ctfmon.exe
                        C:\Program Files\Windows Live\Toolbar\wltuser.exe
                        C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
                        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

                        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
                        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
                        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
                        R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.btbroadbandstart.com/
                        O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
                        O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
                        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
                        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
                        O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
                        O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
                        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
                        O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
                        O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
                        O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
                        O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
                        O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
                        O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
                        O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
                        O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
                        O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
                        O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
                        O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
                        O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
                        O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
                        O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
                        O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
                        O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
                        O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB002" /M "Stylus C64"
                        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
                        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
                        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
                        O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
                        O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
                        O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
                        O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
                        O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
                        O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
                        O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
                        O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
                        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
                        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
                        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
                        O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
                        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
                        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
                        O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
                        O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
                        O4 - Global Startup: Dell Network Assistant.lnk = ?
                        O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
                        O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
                        O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                        O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
                        O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
                        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
                        O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
                        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
                        O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
                        O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
                        O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
                        O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
                        O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1159216988941
                        O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
                        O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
                        O16 - DPF: {A903E5AB-C67E-40FB-94F1-E1305982F6E0} (KooPlayer Control) - http://www.ooxtv.com/stream.ocx
                        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
                        O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
                        O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
                        O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
                        O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
                        O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
                        O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                        O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
                        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
                        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
                        O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
                        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
                        O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
                        O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
                        O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
                        O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
                        O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
                        O23 - Service: NMSAccessU - Unknown owner - C:\Documents and Settings\Will\Local Settings\Temp\{A069857B-A614-4598-9495-B0029E79B748}\NMSAccessU.exe (file missing)
                        O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
                        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
                        O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
                        O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

                        --
                        End of file - 11924 bytes

                        SuperDave

                        • Malware Removal Specialist
                        • Moderator


                        • Genius
                        • Thanked: 990
                        • Certifications: List
                        • Experience: Expert
                        • OS: Windows 8
                        Re: Serious spyware or virus problem (Help please!)
                        « Reply #19 on: January 06, 2010, 05:57:17 PM »
                        Hello 007will. You logs show that you are running two Anti-virus programs. McAfee (outdated) and LiveOneCare. Only one AV program should be run on computer. More than that will cause lots of problems. Please let me know which you want to remove and I'll send you a tool to remove it. It also shows that your running two firewalls (McAfee and LiveOneCare ) which is also a no-no. One should be removed.

                        1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
                        It must be Notepad, not Wordpad.
                        2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

                        Code: [Select]
                        KillAll::

                        Driver::
                        pfsvgae

                        3. Go to the Notepad window and click Edit > Paste
                        4. Then click File > Save
                        5. Name the file CFScript.txt - Save the file to your Desktop
                        6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



                        ComboFix will begin to execute, just follow the prompts.
                        After reboot (in case it asks to reboot), it will produce a log for you.
                        Post that log (Combofix.txt) in your next reply.

                        Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

                        Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                        007will

                          Topic Starter


                          Beginner

                          Re: Serious spyware or virus problem (Help please!)
                          « Reply #20 on: January 07, 2010, 05:58:49 AM »
                          i will do as you have said when i get home from work. I would like to remove macafee as a paying for LiveOneCare.

                          Thanks!

                          SuperDave

                          • Malware Removal Specialist
                          • Moderator


                          • Genius
                          • Thanked: 990
                          • Certifications: List
                          • Experience: Expert
                          • OS: Windows 8
                          Re: Serious spyware or virus problem (Help please!)
                          « Reply #21 on: January 07, 2010, 12:32:34 PM »
                          Download the McAfee Consumer Product Removal Tool to your Desktop.

                          Using McAfee Consumer Product Removal tool:

                          * Double click the MCPR.exe
                          * A Command Line window will be displayed, and then close automatically.
                          * Wait for a second Command Line window to be displayed.

                          Note: Do not double-click MCPR.exe again, you may have to wait up to 1 minute for the next window to appear.

                          * After the second window appears, the program will begin the cleanup.
                          * Observe the installation, which could take several minutes. The following message will be displayed in the Command Line window: The machine must reboot to complete the un-installation. Reboot now? [y.n]
                          * Press Y on the keyboard.
                          * Wait for the computer to restart.
                          * All McAfee products are now removed from your computer.

                          This is supposed to  remove all traces of McAfee from your computer but you should check in Add/Remove programs to see if  the McAfee firewall is gone also.
                          Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender

                          007will

                            Topic Starter


                            Beginner

                            Re: Serious spyware or virus problem (Help please!)
                            « Reply #22 on: January 07, 2010, 02:22:05 PM »
                            Okay i've done what you said.... log below.

                            007will

                              Topic Starter


                              Beginner

                              Re: Serious spyware or virus problem (Help please!)
                              « Reply #23 on: January 07, 2010, 02:22:18 PM »
                              ComboFix 10-01-04.01 - Will 07/01/2010  20:55:03.4.2 - x86
                              Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.522 [GMT 0:00]
                              Running from: c:\documents and settings\Will\Desktop\ComboFix.exe
                              Command switches used :: c:\documents and settings\Will\Desktop\CFScript.txt
                              AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
                              FW: Windows Live OneCare Firewall *disabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
                              .

                              (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
                              .

                              .
                              (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
                              .

                              -------\Legacy_PFSVGAE
                              -------\Service_pfsvgae


                              (((((((((((((((((((((((((   Files Created from 2009-12-07 to 2010-01-07  )))))))))))))))))))))))))))))))
                              .

                              2010-01-07 00:31 . 2008-04-14 00:12   50176   ----a-w-   c:\windows\system32\proquota.exe
                              2010-01-07 00:31 . 2008-04-14 00:12   50176   ----a-w-   c:\windows\system32\dllcache\proquota.exe
                              2010-01-05 20:32 . 2010-01-05 20:33   --------   d-----w-   C:\Malwarebytes' Anti-Malware
                              2009-12-31 10:18 . 2010-01-05 20:21   --------   d-----w-   c:\documents and settings\Will\Local Settings\Application Data\lptdvl
                              2009-12-16 22:29 . 2009-12-16 22:42   --------   d-----w-   c:\documents and settings\Will\.hydrogen
                              2009-12-16 22:27 . 2009-12-16 22:28   --------   d-----w-   c:\program files\Hydrogen
                              2009-12-16 22:27 . 2009-12-16 22:27   --------   d-----w-   c:\program files\SwiffRec
                              2009-12-16 22:24 . 2009-12-16 22:26   --------   d-----w-   c:\program files\BestPractice
                              2009-12-16 22:22 . 2009-12-16 22:22   --------   d-----w-   c:\program files\AudioBookCutter_0_5_0
                              2009-12-16 22:21 . 2009-12-16 22:21   --------   d-----w-   c:\program files\7-Zip
                              2009-12-16 22:19 . 2009-12-16 22:19   --------   d-----w-   c:\program files\ggseq-0.3.1
                              2009-12-16 22:17 . 2009-12-16 22:17   --------   d-----w-   c:\program files\WinLame_pre4
                              2009-12-16 22:15 . 2009-12-16 22:15   --------   d-----w-   c:\program files\lame_3.96.1
                              2009-12-13 16:23 . 2009-12-13 16:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\TomTom
                              2009-12-13 16:22 . 2009-12-13 16:22   --------   d-----w-   c:\documents and settings\Will\Local Settings\Application Data\TomTom
                              2009-12-13 16:22 . 2009-12-13 16:22   --------   d-----w-   c:\documents and settings\Will\Application Data\TomTom
                              2009-12-13 16:22 . 2009-12-13 16:22   --------   d-----w-   c:\program files\TomTom International B.V
                              2009-12-13 16:22 . 2009-12-13 16:22   --------   d-----w-   c:\program files\TomTom HOME 2

                              .
                              ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              2010-01-07 21:13 . 2008-09-21 20:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\Kontiki
                              2010-01-07 21:10 . 2007-03-01 14:05   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
                              2010-01-07 20:57 . 2008-12-22 21:43   --------   d-----w-   c:\program files\Microsoft Windows OneCare Live
                              2010-01-05 17:36 . 2008-12-31 15:48   --------   d-----w-   c:\program files\SUPERAntiSpyware
                              2010-01-05 17:35 . 2010-01-05 17:35   52224   ----a-w-   c:\documents and settings\Will\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
                              2010-01-05 17:35 . 2009-10-01 21:24   117760   ----a-w-   c:\documents and settings\Will\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
                              2009-12-30 14:55 . 2009-01-01 15:53   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
                              2009-12-30 14:54 . 2009-01-01 15:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
                              2009-12-16 08:18 . 2009-11-10 20:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\SSScanAppDataDir
                              2009-12-05 15:06 . 2006-09-20 09:20   --------   d-----w-   c:\program files\Java
                              2009-12-05 15:03 . 2009-12-05 15:03   152576   ----a-w-   c:\documents and settings\Will\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
                              2009-12-05 15:02 . 2009-12-05 15:02   79488   ----a-w-   c:\documents and settings\Will\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
                              2009-11-10 22:20 . 2006-09-25 21:35   49000   ----a-w-   c:\documents and settings\Will\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
                              2009-11-10 22:19 . 2008-03-06 08:19   --------   d-----w-   c:\program files\Windows Live
                              2009-11-10 22:19 . 2006-09-26 09:34   --------   d-----w-   c:\program files\Windows Live Toolbar
                              2009-11-10 22:18 . 2009-11-10 22:18   --------   d-----w-   c:\program files\Microsoft Sync Framework
                              2009-11-10 22:11 . 2009-11-10 22:11   --------   d-----w-   c:\program files\Microsoft
                              2009-11-10 22:11 . 2009-11-10 22:11   --------   d-----w-   c:\program files\Windows Live SkyDrive
                              2009-11-10 20:42 . 2009-11-10 20:42   --------   d-----w-   c:\documents and settings\All Users\Application Data\MSScanAppDataDir
                              2009-10-29 07:45 . 2004-08-10 11:51   916480   ------w-   c:\windows\system32\wininet.dll
                              2009-10-21 05:38 . 2004-08-10 11:51   75776   ----a-w-   c:\windows\system32\strmfilt.dll
                              2009-10-21 05:38 . 2004-08-10 11:51   25088   ----a-w-   c:\windows\system32\httpapi.dll
                              2009-10-20 16:20 . 2004-08-03 22:00   265728   ----a-w-   c:\windows\system32\drivers\http.sys
                              2009-10-13 10:30 . 2004-08-10 11:51   270336   ----a-w-   c:\windows\system32\oakley.dll
                              2009-10-12 19:37 . 2009-10-12 19:25   110415   ----a-w-   c:\windows\hpoins11.dat
                              2009-10-12 13:38 . 2004-08-10 11:51   149504   ----a-w-   c:\windows\system32\rastls.dll
                              2009-10-12 13:38 . 2004-08-10 11:51   79872   ----a-w-   c:\windows\system32\raschap.dll
                              2009-10-11 04:17 . 2009-01-01 16:26   411368   ----a-w-   c:\windows\system32\deploytk.dll
                              2008-10-07 07:00 . 2008-10-07 07:00   235296   ----a-w-   c:\program files\MC
                              2008-11-16 23:42 . 2006-10-05 21:32   88   --sh--r-   c:\windows\system32\64D3CEE666.sys
                              2008-05-19 20:22 . 2006-10-17 19:25   56   --sh--r-   c:\windows\system32\66E6CED364.sys
                              2008-11-16 23:43 . 2006-10-05 21:32   5852   --sha-w-   c:\windows\system32\KGyGaAvL.sys
                              .

                              (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
                              .
                              .
                              *Note* empty entries & legit default entries are not shown
                              REGEDIT4

                              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
                              "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]
                              "kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
                              "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 2321600]
                              "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
                              "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
                              "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

                              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                              "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
                              "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
                              "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
                              "SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 282624]
                              "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
                              "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
                              "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2004-11-09 497240]
                              "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-09-20 26112]
                              "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
                              "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
                              "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-09-20 169984]
                              "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 106496]
                              "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 29696]
                              "DSLSTATEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslstat.exe" [2003-06-28 1658965]
                              "DSLAGENTEXE"="c:\program files\BT Voyager 105 ADSL Modem\dslagent.exe" [2003-08-19 16384]
                              "EPSON Stylus C64 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
                              "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
                              "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
                              "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
                              "OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
                              "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2009-09-04 158448]

                              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
                              "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
                              "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

                              c:\documents and settings\All Users\Start Menu\Programs\Startup\
                              Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
                              AOL 9.0 Tray Icon.lnk - c:\program files\AOL 9.0\aoltray.exe [2006-9-20 156784]
                              BT Broadband Basic Help.lnk - c:\program files\BT Broadband Basic Help\bin\matcli.exe [2006-10-31 200704]
                              Dell Network Assistant.lnk - c:\windows\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2006-9-20 7168]
                              Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2006-9-25 581632]
                              Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

                              [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
                              "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
                              "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
                              @="Service"

                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
                              @="Driver"

                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
                              @="Service"

                              [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
                              @="Service"

                              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
                              "EnableFirewall"= 0 (0x0)

                              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
                              "%windir%\\system32\\sessmgr.exe"=
                              "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
                              "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
                              "c:\\Program Files\\AOL 9.0\\waol.exe"=
                              "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
                              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
                              "c:\\StubInstaller.exe"=
                              "c:\\Sierra\\SWAT3\\Swat.icd"=
                              "c:\\Program Files\\Raven\\Star Trek Voyager Elite Force\\stvoyHM.exe"=
                              "c:\\Program Files\\EasyChat\\EasyChat.exe"=
                              "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
                              "c:\\Program Files\\Kontiki\\KService.exe"=
                              "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
                              "c:\\Program Files\\iTunes\\iTunes.exe"=
                              "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
                              "c:\\Program Files\\LimeWire\\LimeWire.exe"=
                              "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
                              "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
                              "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
                              "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
                              "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
                              "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

                              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
                              "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
                              "10426:UDP"= 10426:UDP:SingleClick ICC

                              R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/11/2008 12:11 682232]
                              R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [15/09/2009 10:42 9968]
                              R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [15/09/2009 10:42 74480]
                              R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [09/07/2009 11:15 26104]
                              R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 11:31 92008]
                              S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [05/10/2006 22:11 13592]
                              S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [15/09/2009 10:42 7408]
                              .
                              Contents of the 'Scheduled Tasks' folder

                              2009-10-20 c:\windows\Tasks\AppleSoftwareUpdate.job
                              - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
                              .
                              .
                              ------- Supplementary Scan -------
                              .
                              uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
                              uInternet Connection Wizard,ShellNext = hxxp://www.btbroadbandstart.com/
                              uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                              DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
                              .

                              **************************************************************************

                              catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                              Rootkit scan 2010-01-07 21:10
                              Windows 5.1.2600 Service Pack 3 NTFS

                              scanning hidden processes ... 

                              scanning hidden autostart entries ...

                              scanning hidden files ... 

                              scan completed successfully
                              hidden files: 0

                              **************************************************************************

                              Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

                              device: opened successfully
                              user: MBR read successfully
                              called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys sfsync02.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x86D808A8]<<
                              kernel: MBR read successfully
                              detected MBR rootkit hooks:
                              \Driver\Disk -> CLASSPNP.SYS @ 0xf7660f28
                              \Driver\ACPI -> ACPI.sys @ 0xf73e3cb8
                              \Driver\atapi -> sfsync02.sys @ 0xf762d8b4
                              IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
                              \Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
                              NDIS:  -> SendCompleteHandler -> 0x0
                               PacketIndicateHandler -> 0x0
                               SendHandler -> 0x0
                              user & kernel MBR OK

                              **************************************************************************
                              .
                              --------------------- LOCKED REGISTRY KEYS ---------------------

                              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
                              @DACL=(02 0000)
                              "Installed"="1"

                              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
                              @DACL=(02 0000)
                              "Installed"="1"
                              "NoChange"="1"

                              [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
                              @DACL=(02 0000)
                              "Installed"="1"
                              .
                              --------------------- DLLs Loaded Under Running Processes ---------------------

                              - - - - - - - > 'explorer.exe'(2908)
                              c:\windows\system32\WININET.dll
                              c:\program files\Logitech\SetPoint\lgscroll.dll
                              c:\progra~1\WINDOW~2\wmpband.dll
                              c:\windows\system32\ieframe.dll
                              c:\windows\system32\webcheck.dll
                              c:\windows\system32\WPDShServiceObj.dll
                              c:\windows\system32\PortableDeviceTypes.dll
                              c:\windows\system32\PortableDeviceApi.dll
                              .
                              ------------------------ Other Running Processes ------------------------
                              .
                              c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
                              c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
                              c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
                              c:\program files\Bonjour\mDNSResponder.exe
                              c:\program files\Dell Network Assistant\hnm_svc.exe
                              c:\program files\Java\jre6\bin\jqs.exe
                              c:\program files\Kontiki\KService.exe
                              c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
                              c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
                              c:\windows\stsystra.exe
                              c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
                              c:\windows\system32\HPZipm12.exe
                              c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
                              c:\windows\system32\ZuneBusEnum.exe
                              c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
                              c:\program files\Microsoft Windows OneCare Live\winss.exe
                              c:\windows\system32\SearchIndexer.exe
                              c:\windows\system32\wscntfy.exe
                              c:\program files\Logitech\SetPoint\KHALMNPR.EXE
                              c:\program files\iPod\bin\iPodService.exe
                              c:\program files\BT Broadband Basic Help\bin\mpbtn.exe
                              .
                              **************************************************************************
                              .
                              Completion time: 2010-01-07  21:19:36 - machine was rebooted
                              ComboFix-quarantined-files.txt  2010-01-07 21:19
                              ComboFix2.txt  2010-01-07 00:34

                              Pre-Run: 38,101,262,336 bytes free
                              Post-Run: 37,971,996,672 bytes free

                              - - End Of File - - 8370B871BA0EBF97A30FBF75B9D4DEDC

                              SuperDave

                              • Malware Removal Specialist
                              • Moderator


                              • Genius
                              • Thanked: 990
                              • Certifications: List
                              • Experience: Expert
                              • OS: Windows 8
                              Re: Serious spyware or virus problem (Help please!)
                              « Reply #24 on: January 07, 2010, 04:54:42 PM »
                              Download GMER Rootkit Detector and save it your desktop.
                               
                              * Extract it to your desktop and double-click GMER.exe
                              * Make sure all of the boxes on the right of the screen are checked, EXCEPT for "Show All".
                              * Click the Rootkit tab and then Scan.
                              * Don't check the Show All box while scanning in progress!
                              * When scanning is finished click Copy.
                              * This copies the log to clipboard
                              * Post the log in your reply.
                              Intel(R) Core (TM) i3-3220 CPU 3.30 GHz 8.0 Gb RAM Windows 8.1 with a dual boot to Windows XP  Home with SP3, Comodo  with Windows Firewall & Windows Defender