"automobilewdew_com[1].htm" [RESOLVED] - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

"automobilewdew_com[1].htm" [RESOLVED] My antivirus says it "Contains HEUR/HTML.Malware suspicious code&#

#1 torango

  • Group: Member
  • Posts: 15
  • Joined: 25-October 08

Posted 25 October 2008 - 03:00 PM

I will begin with the necessary description of the problem and then paste in the necessary information. I do thank anyone in advance who can help me with this. I've never had trouble with spyware before, Ad-Aware 2008 Free was always able to remove anything I've encountered but no matter what I've done and I've followed all of the instructions on this website for getting rid of malware, it all has not worked. I originally got this piece of malware or spyware after I downloaded a movie from uTorrent. It started affecting my computer after I deleted the movie file. My antivirus which is Avira AntiVir has detected it in its guard but has not been able to remove or quarantine it. I think this is the case because whenever it tells me the path of where the virus is, it's in a place that does not exist on my computer. The symptoms of the spyware are not destructive from what I see but it simply opens popups in IE7 from either "AdultFriendFinder" or anything that begins with the name "CiD" on the IE title bar. My computer has Windows XP SP3 and is fully up to date. I'll post the necessary info below.

Malwarebytes' Anti-Malware 1.30
Database version: 1321
Windows 5.1.2600 Service Pack 3

10/25/08 3:43:40 PM
mbam-log-2008-10-25 (15-43-40).txt

Scan type: Quick Scan
Objects scanned: 55669
Time elapsed: 10 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
________________________________________________________________________________
___________________________________________
Uninstall List:

Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel WinDVD 9
Creative EAX Console
Creative MediaSource
Creative Speaker Settings
Device Control
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Easy CD Creator 5 Platinum
ERUNT 1.1j
ffdshow [rev 2033] [2008-07-05]
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Intel® PRO Network Connections Drivers
Internet Check-Up
iTunes
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
KhalInstallWrapper
Lexmark X1100 Series
LimeWire 4.18.8
Logitech Communications Manager
Logitech SetPoint
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
MobileMe Control Panel
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
NVIDIA Drivers
PowerISO
QuickTime
RealPlayer
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Sound Blaster Live! 24-bit
Starcraft
System Requirements Lab
TBS WMP Plug-in
TomTom HOME
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
VC_MergeModuleToMSI
WildTangent Updater
WildTangent Web Driver
Windows Backup Utility
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.1.3 final uninstall
________________________________________________________________________________
____________________________________________
hijack this scan report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:49:19 PM, on 10/25/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Active Balm Error City] C:\Documents and Settings\All Users\Application Data\01 TRANS ACTIVE BALM\Bolt comp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....reScannerV2.ocx
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/do...h/v2/EARTPX.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://smms.sub.fulf...onager_smms.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202009610718
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187577263702
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15103/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B4FF00B-B4F4-4B8E-B526-98F3A3FDA886}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B4FF00B-B4F4-4B8E-B526-98F3A3FDA886}: NameServer = 192.168.2.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2B4FF00B-B4F4-4B8E-B526-98F3A3FDA886}: NameServer = 192.168.2.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 12214 bytes

#2 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 25 October 2008 - 04:37 PM

Hi torango

welcome to geekstogo :)


we will do another scan first, i suspect i can see the infection in your logs:
Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

andrewuk

#3 torango

  • Group: Member
  • Posts: 15
  • Joined: 25-October 08

Posted 25 October 2008 - 04:54 PM

Here is the result of the scan:

--------------------\\ Lop S&D 4.2.4-7 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.00GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A12
USER : Richard Bradley ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 114 Go Free : 83 Go
D:\ (CD or DVD)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 23-10-2008|23:15 )
Option : [1] ( 10/25/08|18:50 )

--------------------\\ Listing folders in APPLIC~1

[10/05/08|08:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[10/07/08|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> 01 TRANS ACTIVE BALM
[03/05/08|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[10/25/08|04:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AntiVir PersonalEdition Classic
[08/20/07|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[06/11/08|05:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[07/12/08|03:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Corel
[03/05/08|12:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> FLEXnet
[08/20/07|12:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[08/28/07|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[06/15/08|05:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[01/29/08|01:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LogiShrd
[06/28/08|01:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Logitech
[10/20/08|02:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[07/24/08|10:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[04/21/08|11:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Motive
[08/02/08|02:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> nView_Profiles
[02/07/08|01:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[10/15/08|08:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SITEguard
[10/15/08|08:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> STOPzilla!
[05/11/08|06:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TomTom
[07/05/08|06:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[08/19/07|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[01/09/08|05:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WinZip
[06/09/08|03:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[03/17/08|07:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

[08/20/07|01:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/20/07|01:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[12/31/07|04:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[10/19/08|12:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[12/31/07|04:58] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Real

[08/20/07|01:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[03/05/08|12:57] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Adobe
[03/19/08|02:22] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Apple Computer
[10/21/07|09:03] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> BitTorrent
[03/13/08|05:13] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> BitTorrent DNA
[07/05/08|12:34] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Corel
[08/20/07|12:59] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Creative
[08/27/07|11:47] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> CyberLink
[08/20/07|03:47] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> DivX
[08/30/08|07:14] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> DNA
[03/05/08|12:48] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Download Manager
[07/06/08|03:48] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> dvdcss
[11/09/07|04:30] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Google
[08/24/07|03:09] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Help
[08/20/07|01:00] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Identities
[01/29/08|01:36] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> InstallShield
[08/28/07|12:50] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> InterVideo
[10/18/08|10:51] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> LimeWire
[06/28/08|01:12] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Logitech
[08/19/07|11:35] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Macromedia
[10/20/08|02:17] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Malwarebytes
[01/09/08|05:27] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Media Player Classic
[09/26/08|09:35] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Microsoft
[10/15/07|04:03] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Motive
[05/11/08|06:03] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Mozilla
[03/05/08|12:05] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Nitro PDF
[07/05/08|03:56] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Real
[08/24/08|08:17] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Roxio
[08/20/07|02:10] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Sun
[08/01/08|07:01] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> SystemRequirementsLab
[05/11/08|06:03] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> TomTom
[10/07/08|03:57] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> uTorrent
[11/01/07|03:29] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Windows Live Writer
[07/24/08|10:26] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> Windows Search
[01/09/08|05:22] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> WinRAR
[04/08/08|02:40] C:\DOCUME~1\RICHAR~1\APPLIC~1\<DIR> yahoo!

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[10/20/08 08:24 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/25/08 06:40 PM][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{F8814C7D-F34F-4D87-B030-C42F2077797D}.job
[10/25/08 03:51 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/04 03:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/02/08|08:27] C:\Program Files\<DIR> Adaptec
[06/26/08|10:19] C:\Program Files\<DIR> Adobe
[10/25/08|04:44] C:\Program Files\<DIR> AntiVir PersonalEdition Classic
[08/06/08|12:18] C:\Program Files\<DIR> Apple Software Update
[08/13/08|01:09] C:\Program Files\<DIR> BearShare
[10/08/08|05:32] C:\Program Files\<DIR> BellCanada
[03/13/08|05:13] C:\Program Files\<DIR> BitTorrent_DNA
[09/10/08|01:55] C:\Program Files\<DIR> Bonjour
[10/20/08|02:16] C:\Program Files\<DIR> Common Files
[08/26/04|02:01] C:\Program Files\<DIR> ComPlus Applications
[08/20/07|03:20] C:\Program Files\<DIR> CONEXANT
[02/04/08|12:51] C:\Program Files\<DIR> Creative
[10/07/08|03:57] C:\Program Files\<DIR> DivX
[08/30/08|03:45] C:\Program Files\<DIR> DNA
[10/22/08|10:56] C:\Program Files\<DIR> ERUNT
[07/06/08|04:07] C:\Program Files\<DIR> ffdshow
[11/09/07|04:30] C:\Program Files\<DIR> Google
[08/02/08|03:23] C:\Program Files\<DIR> InstallShield Installation Information
[10/19/08|12:54] C:\Program Files\<DIR> Internet Explorer
[07/12/08|03:03] C:\Program Files\<DIR> InterVideo
[03/05/08|12:24] C:\Program Files\<DIR> Investintech.com Inc
[10/05/08|08:49] C:\Program Files\<DIR> iPod
[10/05/08|08:49] C:\Program Files\<DIR> iTunes
[08/06/08|05:26] C:\Program Files\<DIR> Java
[06/15/08|05:56] C:\Program Files\<DIR> Lavasoft
[09/27/08|12:47] C:\Program Files\<DIR> LimeWire
[06/28/08|01:06] C:\Program Files\<DIR> Logitech
[10/25/08|03:23] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/12/08|06:43] C:\Program Files\<DIR> Messenger
[08/20/07|02:26] C:\Program Files\<DIR> Microsoft ActiveSync
[08/28/07|04:50] C:\Program Files\<DIR> Microsoft Calculator Plus
[08/20/07|01:00] C:\Program Files\<DIR> microsoft frontpage
[09/08/08|05:52] C:\Program Files\<DIR> Microsoft Office
[10/20/08|01:21] C:\Program Files\<DIR> Microsoft Silverlight
[05/09/08|03:48] C:\Program Files\<DIR> Movie Maker
[10/25/08|06:04] C:\Program Files\<DIR> Mozilla Firefox
[08/19/07|11:28] C:\Program Files\<DIR> MSBuild
[09/08/08|05:51] C:\Program Files\<DIR> MSECache
[08/20/07|01:00] C:\Program Files\<DIR> MSN
[08/20/07|01:00] C:\Program Files\<DIR> MSN Gaming Zone
[07/12/08|03:33] C:\Program Files\<DIR> MSXML 4.0
[08/20/07|12:43] C:\Program Files\<DIR> MSXML 6.0
[05/09/08|03:45] C:\Program Files\<DIR> NetMeeting
[08/20/07|01:00] C:\Program Files\<DIR> Online Services
[05/09/08|03:45] C:\Program Files\<DIR> Outlook Express
[11/03/07|05:03] C:\Program Files\<DIR> PowerISO
[09/10/08|01:54] C:\Program Files\<DIR> QuickTime
[07/05/08|03:55] C:\Program Files\<DIR> Real
[08/19/07|11:24] C:\Program Files\<DIR> Reference Assemblies
[07/06/08|02:47] C:\Program Files\<DIR> Starcraft
[10/24/08|03:22] C:\Program Files\<DIR> SystemRequirementsLab
[05/11/08|06:02] C:\Program Files\<DIR> TomTom DesktopSuite
[05/11/08|06:02] C:\Program Files\<DIR> TomTom HOME 2
[10/25/08|04:46] C:\Program Files\<DIR> Trend Micro
[08/26/04|02:09] C:\Program Files\<DIR> Uninstall Information
[11/03/07|02:17] C:\Program Files\<DIR> uTorrent
[07/12/08|02:54] C:\Program Files\<DIR> VideoLAN
[01/01/08|09:13] C:\Program Files\<DIR> Viewpoint
[01/03/08|09:52] C:\Program Files\<DIR> WildTangent
[07/25/08|02:15] C:\Program Files\<DIR> Windows Desktop Search
[10/15/07|11:49] C:\Program Files\<DIR> Windows Journal Viewer
[11/01/07|03:43] C:\Program Files\<DIR> Windows Live
[12/04/07|05:13] C:\Program Files\<DIR> Windows Live Safety Center
[08/20/07|12:18] C:\Program Files\<DIR> Windows Media Connect 2
[05/09/08|03:45] C:\Program Files\<DIR> Windows Media Player
[05/09/08|03:45] C:\Program Files\<DIR> Windows NT
[08/26/04|02:02] C:\Program Files\<DIR> WindowsUpdate
[01/09/08|05:24] C:\Program Files\<DIR> WinRAR
[08/20/07|01:00] C:\Program Files\<DIR> xerox
[08/20/07|01:30] C:\Program Files\<DIR> Xvid
[04/08/08|05:53] C:\Program Files\<DIR> Yahoo!
[02/01/08|03:02] C:\Program Files\<DIR> Zonet

--------------------\\ Listing Folders in C:\Program Files\Common Files

[02/02/08|08:27] C:\Program Files\Common Files\<DIR> Adaptec Shared
[03/05/08|12:57] C:\Program Files\Common Files\<DIR> Adobe
[09/10/08|01:54] C:\Program Files\Common Files\<DIR> Apple
[06/16/08|12:15] C:\Program Files\Common Files\<DIR> Blizzard Entertainment
[08/20/07|02:26] C:\Program Files\Common Files\<DIR> Designer
[10/20/08|02:16] C:\Program Files\Common Files\<DIR> Download Manager
[02/11/08|03:14] C:\Program Files\Common Files\<DIR> InstallShield
[07/12/08|03:03] C:\Program Files\Common Files\<DIR> InterVideo
[10/15/08|05:42] C:\Program Files\Common Files\<DIR> iS3
[08/20/07|02:08] C:\Program Files\Common Files\<DIR> Java
[07/12/08|03:11] C:\Program Files\Common Files\<DIR> LogiShrd
[07/12/08|03:12] C:\Program Files\Common Files\<DIR> Logitech
[09/08/08|05:52] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/04/08|09:05] C:\Program Files\Common Files\<DIR> Motive
[08/20/07|01:00] C:\Program Files\Common Files\<DIR> MSSoap
[08/20/07|01:00] C:\Program Files\Common Files\<DIR> ODBC
[07/12/08|03:03] C:\Program Files\Common Files\<DIR> Protexis
[09/27/08|01:02] C:\Program Files\Common Files\<DIR> Real
[08/20/07|01:07] C:\Program Files\Common Files\<DIR> Services
[08/20/07|01:00] C:\Program Files\Common Files\<DIR> SpeechEngines
[05/09/08|03:45] C:\Program Files\Common Files\<DIR> System
[08/28/07|12:25] C:\Program Files\Common Files\<DIR> Ulead
[12/31/07|04:58] C:\Program Files\Common Files\<DIR> Viewpoint
[12/21/07|06:01] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[06/15/08|05:55] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[09/27/08|01:02] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 54 Processes )

IEXPLORE.EXE ~ [PID:1880]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\nsg9E.tmp
C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\nsg9F.tmp
C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\nshA3.tmp
C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\nslC1.tmp
C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\nslC2.tmp
C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\nsvCB.tmp
C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\nsvCC.tmp
C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\nsxA4.tmp

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-25 18:51:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 355

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\RICHAR~1\Application Data\uTorrent\WinDVD 9 Plus Full + Keygen.torrent


[F:6402][D:928]-> C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp
[F:61][D:0]-> C:\DOCUME~1\RICHAR~1\Cookies
[F:1971][D:12]-> C:\DOCUME~1\RICHAR~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 10/25/08|18:52 - Option : [1]

--------------------\\ Scan completed at 18:52:42

#4 torango

  • Group: Member
  • Posts: 15
  • Joined: 25-October 08

Posted 25 October 2008 - 04:55 PM

Thank you andrewuk very much for your time and attention!

#5 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 25 October 2008 - 05:02 PM

ok, before we proceed with this fix i must ask you to remove the cracked version of WinDVD you have. it is likely to be the source of the infection and we will just be chasing our tails as you get re-infected.

furthermore, it is likely illegal.

andrewuk

#6 torango

  • Group: Member
  • Posts: 15
  • Joined: 25-October 08

Posted 25 October 2008 - 08:51 PM

Hello andrewuk,

Sorry I do not want to remove my WinDVD because I know for a fact that it is not the problem because I've had WinDVD for years cracked. Can we proceed withouth removing it because then I'd have to buy another DVD program with a codec and it costs a lot of money as the lovely Windows XP does not come with a free DVD codec as I'm sure you know? If it is absolutely necessary then I'll remove it but I'd ask for your kindness and to look passed the cracked program :).

Thank you very much

#7 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 25 October 2008 - 09:25 PM

I am in no way permitted to provide a fix solution to machines with illegal software on them.

your call.

andrewuk

#8 torango

  • Group: Member
  • Posts: 15
  • Joined: 25-October 08

Posted 25 October 2008 - 09:47 PM

OK I can understand. I am not at home now with the problematic computer. I will remove it when I return home tomorrow late morning. I will post here when I do remove it. Just out of curiosity, how were you able to tell that WinDVD is cracked? It actually isn't, I downloaded the trial version which has as much functionality as the full version except it asks you for a key to enter in order to prevent it from expiring after 30 days. I've tried to crack it without success as the newer the windvd, the harder it gets to crack. It isn't cracked, I simply uninstalled the program and kept the dvd codecs that came with the program so I use it with WMP11 but just with the codecs in the background.

Thank you

#9 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 25 October 2008 - 09:54 PM

ok, i'll be here.

#10 torango

  • Group: Member
  • Posts: 15
  • Joined: 25-October 08

Posted 25 October 2008 - 10:02 PM

So yes, I tried to crack it but as I added to my last post just in case you weren't notified that I edited it, it is not cracked. But just to make sure that you'll help me, if you insist, I'll remove WinDVD.

#11 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 26 October 2008 - 08:17 AM

ok

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


  • Double click on ComboFix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

and a new hijackthis log please.

andrewuk

#12 torango

  • Group: Member
  • Posts: 15
  • Joined: 25-October 08

Posted 26 October 2008 - 11:50 AM

Here's the combofix report:

ComboFix 08-10-25.01 - Richard Bradley 2008-10-26 13:42:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1571 [GMT -4:00]
Running from: C:\Documents and Settings\Richard Bradley\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\INSTALL.LOG
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system\oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-25 18:49 . 2008-10-25 18:52 <DIR> d-------- C:\Lop SD
2008-10-25 16:46 . 2008-10-25 16:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-25 15:23 . 2008-10-25 15:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 15:23 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-25 15:23 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-24 15:22 . 2008-10-24 15:22 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-10-24 15:06 . 2008-10-15 12:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 22:56 . 2008-10-22 22:56 <DIR> d-------- C:\Program Files\ERUNT
2008-10-20 02:17 . 2008-10-20 02:17 <DIR> d-------- C:\Documents and Settings\Richard Bradley\Application Data\Malwarebytes
2008-10-20 02:16 . 2008-10-20 02:16 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-10-20 02:16 . 2008-10-20 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-18 21:41 . 2008-10-18 21:41 <DIR> d--hs---- C:\Documents and Settings\Richard Bradley\PrivacIE
2008-10-18 21:34 . 2008-04-13 20:11 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-15 17:43 . 2008-10-15 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-10-15 17:42 . 2008-10-15 17:42 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-10-15 17:42 . 2008-10-15 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-10-15 15:44 . 2008-09-15 08:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 15:44 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 15:43 . 2008-08-14 06:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 15:43 . 2008-08-14 06:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 15:43 . 2008-08-14 05:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 15:43 . 2008-08-14 05:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-07 15:44 . 2008-10-07 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\01 TRANS ACTIVE BALM
2008-10-06 15:56 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-10-06 15:56 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-06 15:56 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-10-06 15:56 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-10-06 15:56 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-10-06 15:56 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-05 20:49 . 2008-10-05 20:49 <DIR> d-------- C:\Program Files\iTunes
2008-10-05 20:49 . 2008-10-05 20:49 <DIR> d-------- C:\Program Files\iPod
2008-10-05 20:49 . 2008-10-05 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-27 01:02 . 2008-09-27 01:02 <DIR> d-------- C:\Program Files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-10-20 05:21 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-19 02:51 --------- d-----w C:\Documents and Settings\Richard Bradley\Application Data\LimeWire
2008-10-08 21:32 --------- d-----w C:\Program Files\BellCanada
2008-10-07 19:57 --------- d-----w C:\Program Files\DivX
2008-10-07 19:57 --------- d-----w C:\Documents and Settings\Richard Bradley\Application Data\uTorrent
2008-09-27 05:02 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-27 05:02 --------- d-----w C:\Program Files\Common Files\Real
2008-09-27 04:47 --------- d-----w C:\Program Files\LimeWire
2008-09-16 00:14 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-10 05:55 --------- d-----w C:\Program Files\Bonjour
2008-09-10 05:54 --------- d-----w C:\Program Files\QuickTime
2008-09-10 05:54 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-08 21:51 --------- d-----w C:\Program Files\MSECache
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-30 23:14 --------- d-----w C:\Documents and Settings\Richard Bradley\Application Data\DNA
2008-08-30 19:45 --------- d-----w C:\Program Files\DNA
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 07:46 74,752 ----a-w C:\WINDOWS\system32\msw3prt.dll
2008-08-28 07:46 104,960 ----a-w C:\WINDOWS\system32\win32spl.dll
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-05 21:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-12 19:17 88 --sh--r C:\Documents and Settings\All Users\Application Data\5D9FE9A7A9.sys
2008-07-12 19:17 3,350 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-03-31 17:30 23,336 ----a-w C:\Documents and Settings\Richard Bradley\Application Data\GDIPFONTCACHEV1.DAT
2008-05-09 19:59 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050920080510\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-20 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [2002-09-27 20480]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-04-05 488984]
"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-03-09 252704]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-27 185872]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Active Balm Error City"="C:\Documents and Settings\All Users\Application Data\01 TRANS ACTIVE BALM\Bolt comp.exe" [2008-10-26 13:30 5467648]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-12 805392]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-01 303104]
R2 PSI_SVC_2;Protexis Licensing V2;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
S3 IPN2120;Wireless-B PCI Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys [2003-08-26 96256]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\Setup.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{F8814C7D-F34F-4D87-B030-C42F2077797D}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 19:36]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKLM-Run-ISUSPM - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-BellCanada_McciTrayApp - C:\Program Files\BellCanada\McciTrayApp.exe
HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Richard Bradley\Application Data\Mozilla\Firefox\Profiles\53tdkbtf.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 13:44:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-26 13:47:11
ComboFix-quarantined-files.txt 2008-10-26 17:46:35

Pre-Run: 89,861,459,968 bytes free
Post-Run: 90,525,118,464 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

214 --- E O F --- 2008-10-24 19:11:54
________________________________________________________________________________
____________________________________________
Here's the hijackthis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:36 PM, on 10/26/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Active Balm Error City] C:\Documents and Settings\All Users\Application Data\01 TRANS ACTIVE BALM\Bolt comp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....reScannerV2.ocx
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/do...h/v2/EARTPX.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://smms.sub.fulf...onager_smms.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202009610718
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187577263702
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15103/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B4FF00B-B4F4-4B8E-B526-98F3A3FDA886}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B4FF00B-B4F4-4B8E-B526-98F3A3FDA886}: NameServer = 192.168.2.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2B4FF00B-B4F4-4B8E-B526-98F3A3FDA886}: NameServer = 192.168.2.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 11515 bytes

#13 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 26 October 2008 - 01:37 PM

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
C:\Documents and Settings\All Users\Application Data\01 TRANS ACTIVE BALM

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Active Balm Error City"=-

DirLook::
C:\Documents and Settings\Richard Bradley\PrivacIE



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

and a new hijackthis log please.

andrewuk

#14 torango

  • Group: Member
  • Posts: 15
  • Joined: 25-October 08

Posted 26 October 2008 - 02:07 PM

ComboFix:

ComboFix 08-10-25.01 - Richard Bradley 2008-10-26 16:02:05.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1582 [GMT -4:00]
Running from: C:\Documents and Settings\Richard Bradley\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Richard Bradley\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\01 TRANS ACTIVE BALM
C:\Documents and Settings\All Users\Application Data\01 TRANS ACTIVE BALM\Bolt comp.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
.

2008-10-25 18:49 . 2008-10-25 18:52 <DIR> d-------- C:\Lop SD
2008-10-25 16:46 . 2008-10-25 16:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-25 15:23 . 2008-10-25 15:23 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 15:23 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-25 15:23 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-24 15:22 . 2008-10-24 15:22 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-10-24 15:06 . 2008-10-15 12:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-22 22:56 . 2008-10-22 22:56 <DIR> d-------- C:\Program Files\ERUNT
2008-10-20 02:17 . 2008-10-20 02:17 <DIR> d-------- C:\Documents and Settings\Richard Bradley\Application Data\Malwarebytes
2008-10-20 02:16 . 2008-10-20 02:16 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-10-20 02:16 . 2008-10-20 02:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-18 21:41 . 2008-10-18 21:41 <DIR> d--hs---- C:\Documents and Settings\Richard Bradley\PrivacIE
2008-10-18 21:34 . 2008-04-13 20:11 81,920 --a------ C:\WINDOWS\system32\ieencode.dll
2008-10-15 17:43 . 2008-10-15 20:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-10-15 17:42 . 2008-10-15 17:42 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-10-15 17:42 . 2008-10-15 20:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-10-15 15:44 . 2008-09-15 08:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-15 15:44 . 2008-09-08 06:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 15:43 . 2008-08-14 06:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 15:43 . 2008-08-14 06:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 15:43 . 2008-08-14 05:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 15:43 . 2008-08-14 05:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-06 15:56 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll
2008-10-06 15:56 . 2008-07-12 08:18 1,493,528 --a------ C:\WINDOWS\system32\D3DCompiler_39.dll
2008-10-06 15:56 . 2008-07-31 10:40 509,448 --a------ C:\WINDOWS\system32\XAudio2_2.dll
2008-10-06 15:56 . 2008-07-12 08:18 467,984 --a------ C:\WINDOWS\system32\d3dx10_39.dll
2008-10-06 15:56 . 2008-07-31 10:41 238,088 --a------ C:\WINDOWS\system32\xactengine3_2.dll
2008-10-06 15:56 . 2008-07-31 10:41 68,616 --a------ C:\WINDOWS\system32\XAPOFX1_1.dll
2008-10-05 20:49 . 2008-10-05 20:49 <DIR> d-------- C:\Program Files\iTunes
2008-10-05 20:49 . 2008-10-05 20:49 <DIR> d-------- C:\Program Files\iPod
2008-10-05 20:49 . 2008-10-05 20:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-27 01:02 . 2008-09-27 01:02 <DIR> d-------- C:\Program Files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
2008-10-20 05:21 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-10-19 02:51 --------- d-----w C:\Documents and Settings\Richard Bradley\Application Data\LimeWire
2008-10-08 21:32 --------- d-----w C:\Program Files\BellCanada
2008-10-07 19:57 --------- d-----w C:\Program Files\DivX
2008-10-07 19:57 --------- d-----w C:\Documents and Settings\Richard Bradley\Application Data\uTorrent
2008-09-27 05:02 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-09-27 05:02 --------- d-----w C:\Program Files\Common Files\Real
2008-09-27 04:47 --------- d-----w C:\Program Files\LimeWire
2008-09-16 00:14 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-10 05:55 --------- d-----w C:\Program Files\Bonjour
2008-09-10 05:54 --------- d-----w C:\Program Files\QuickTime
2008-09-10 05:54 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-08 21:51 --------- d-----w C:\Program Files\MSECache
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-30 23:14 --------- d-----w C:\Documents and Settings\Richard Bradley\Application Data\DNA
2008-08-30 19:45 --------- d-----w C:\Program Files\DNA
2008-08-29 14:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 13:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-28 07:46 74,752 ----a-w C:\WINDOWS\system32\msw3prt.dll
2008-08-28 07:46 104,960 ----a-w C:\WINDOWS\system32\win32spl.dll
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-05 21:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll
2008-07-12 19:17 88 --sh--r C:\Documents and Settings\All Users\Application Data\5D9FE9A7A9.sys
2008-07-12 19:17 3,350 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-03-31 17:30 23,336 ----a-w C:\Documents and Settings\Richard Bradley\Application Data\GDIPFONTCACHEV1.DAT
2008-05-09 19:59 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008050920080510\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Richard Bradley\PrivacIE ----

2008-10-18 21:38 49152 --ahs---- C:\Documents and Settings\Richard Bradley\PrivacIE\index.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-20 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-09-26 206184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"wcmdmgr"="C:\WINDOWS\wt\updater\wcmdmgrl.exe" [2002-09-27 20480]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-04-05 488984]
"LVCOMSX"="C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-03-09 252704]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-09-27 185872]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [2005-05-03 C:\WINDOWS\system32\P17.dll]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-12 805392]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 McciCMService;McciCMService;C:\Program Files\Common Files\Motive\McciCMService.exe [2007-11-01 303104]
R2 PSI_SVC_2;Protexis Licensing V2;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
S3 IPN2120;Wireless-B PCI Adapter Driver;C:\WINDOWS\system32\DRIVERS\LSIPNDS.sys [2003-08-26 96256]
S3 MREMP50;MREMP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [2007-10-31 19712]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [ ]
S3 MRESP50;MRESP50 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [2007-10-31 18304]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [ ]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{F8814C7D-F34F-4D87-B030-C42F2077797D}.job
- C:\WINDOWS\system32\msfeedssync.exe [2007-08-13 19:36]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-26 16:03:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-26 16:05:19
ComboFix-quarantined-files.txt 2008-10-26 20:04:17
ComboFix2.txt 2008-10-26 17:47:12

Pre-Run: 90,516,959,232 bytes free
Post-Run: 90,500,259,840 bytes free

189 --- E O F --- 2008-10-24 19:11:54
________________________________________________________________________________
______________________
Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:59 PM, on 10/26/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....030/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....reScannerV2.ocx
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/do...h/v2/EARTPX.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - http://smms.sub.fulf...onager_smms.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1202009610718
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1187577263702
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15103/CTPID.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B4FF00B-B4F4-4B8E-B526-98F3A3FDA886}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B4FF00B-B4F4-4B8E-B526-98F3A3FDA886}: NameServer = 192.168.2.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{2B4FF00B-B4F4-4B8E-B526-98F3A3FDA886}: NameServer = 192.168.2.1
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

--
End of file - 11435 bytes

#15 andrewuk

  • Group: Malware Removal
  • Posts: 5,297
  • Joined: 18-August 07

Posted 26 October 2008 - 02:13 PM

in this post we will do some scans to clear out any remnants and make sure nothing else sneaked onto your machine.

the scans will likely take 3 hours, quite possibly much longer. so just let them run.


====STEP 1====
Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


====STEP 2====
double click the malwarebytes icon on your desktop to open the program
  • on the tabs at the top, select Update and then press the Check for Updates button on that page. If an update is found, it will download and install the latest version.
  • once complete (a new version of malwarebytes may download) select the tab Scanner
  • select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


====STEP 3====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.

  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.

  • Click Close to exit the program.

====STEP 4====
Please do an online scan with Kaspersky WebScanner (this will identify any issues, we will clear them in the following post)

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

In your next reply could i see:
1. the malwarebytes log
2. the SUPERantispyware log
3. the kaspersky log
4. and some idea of how your machine is running now

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk

Share this topic:


  • 2 Pages +
  • 1
  • 2