[pat208]

Hi i would really appreciate some help. I got a virus on my computer a couple of days ago and since then i am unable to go to any websites related to antimalware eg. kaspersky, malwarebytes.org, bleepingcomputer (apart from this website ) other websites are fine though. I also can't open my kaspersky or load my computer in safe mode. Each time i press safe mode on start up the computer turns off then back on again and doesn't let me go any further until i select run windows normally. I did manage to download malwarebytes from another website and after i renamed it when installing i was able to do a scan and it found a few things which i deleted and assumed had solved the problem but it hasn't and now when i do a full scan with malwarebytes it finds nothing so if anyone could help me i'd be grateful. thanks!
Patrick

[Advertisements]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Could you please post the Malwarebytes' Anti-Malware log(if available) that shows the infections removed you mentioned please. It can be located as follows:-

• Launch Malwarebytes' Anti-Malware
• Click on the Logs radio tab.

[Dakeyras]

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
• Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Next:

Could you please post the Malwarebytes' Anti-Malware log(if available) that shows the infections removed you mentioned please. It can be located as follows:-

• Launch Malwarebytes' Anti-Malware
• Click on the Logs radio tab.

[pat208]

Hi thanks for reply here is the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6741

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01/06/2011 12:53:28
mbam-log-2011-06-01 (12-53-28).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 281285
Time elapsed: 4 hour(s), 20 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4D1C4E81-A32A-416B-BCDB-33B3EF3617D3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NetPumper (Adware.NetPumper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@anti-leech.com/Anti-Leech Plugin,version=1.0.1.8 (Trojan.AntiLeechPlugin) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\Azureus\scrapebox master guide\forum profile creator\phpbb forum profile creator.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\program files\Azureus\editplus v3.10 + keygen [xmelzax]\keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
c:\program files\common files\Synacast\SynaLive\evid4226patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

[Dakeyras]

Hi.

thanks for reply here

You're welcome!

CKScanner:

• Please download CKScanner from here to your Desktop.

Make sure that CKScanner.exe is on the your Desktop before running the application!

• Double-click on CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File.
• A message box will verify the file saved
• Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Scan with DDS:

Please download DDS and save it to your Desktop from here.

Alternate downloads are here or here.

• Disable any script blocker, and then double click on DDS to run the tool.
• When done, DDS will open two logs:
• DDS.txt <-- Will be opened
• Attach.txt <-- Will be minimized
• Save both reports to your desktop.
• Please post the contents of these two Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

• How is you computer performing now, any further symptoms and or problems encountered?
• CKScanner Log.
• Both DDS logs. <-- Post them individually please, IE: one Log per post/reply.

[pat208]

Thank you for reply Dakeyras I havn't noticed any additional problems on my computer on top of what it already has. Here is the ck scanner log

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\julie\desktop\bigfolder\crack\xsitepro2.exe
c:\documents and settings\julie\desktop\computer software\lunasoft marketing - web content studio [software (msi) + crack (exe) + instructions(txt)]\instructions.txt
c:\documents and settings\julie\desktop\computer software\lunasoft marketing - web content studio [software (msi) + crack (exe) + instructions(txt)]\wcs-setup.msi
c:\program files\azureus\chris rempel - affiliate intelligence archives\module 3 - google keyword suggestions\crackers.csv
c:\program files\azureus\editplus v3.10 + keygen [xmelzax]\epp310_en.exe
c:\program files\azureus\editplus v3.10 + keygen [xmelzax]\torrent downloaded from demonoid.com.txt
c:\program files\microsoft directx sdk (november 2008)\samples\c++\direct3d\uvatlas\crackdecl.cpp
c:\program files\microsoft directx sdk (november 2008)\samples\c++\direct3d\uvatlas\crackdecl.h
scanner sequence 3.DD.11
----- EOF -----

[pat208]

Here is the first dds log:


.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Run by Julie at 14:27:09 on 2011-06-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1215.569 [GMT 1:00]
.
AV: Kaspersky Internet Security *Disabled/Outdated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Norton AntiVirus *Enabled/Outdated* {B5510F6F-87E1-47F7-A411-360BC453007C}
FW: Norton Internet Security *Enabled*
FW: Kaspersky Internet Security *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Cable & Wireless\ACU.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Micro Niche Finder\srvany.exe
C:\Program Files\Micro Niche Finder\bggoogle.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 68.168.215.133:51791
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\ocmlqudx\wiexexmo.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\julie\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; VNIE5 RefIE5; GTB6.4; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.nationale...oach/index.cfm"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [VTTimer] VTTimer.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"
mRun: [P2P Networking] c:\windows\system32\p2p networking\P2P Networking.exe /AUTOSTART
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [F5D8055v2] c:\program files\belkin\f5d8055\v2\Belkinwcui.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ACU] "c:\program files\cable & wireless\ACU.exe" -nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Search - http://kc.bar.need2f...earch.html?p=KC
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Toevoegen aan Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - hxxps://signup.msn.com/pages/MsnInstC.cab
DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://googleonline.webex.com/client/T27L/nbr/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{F935E9AD-B9B4-44AA-ADF2-5B99A4B46BE6} : DhcpNameServer = 194.168.4.100 194.168.8.100
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~3\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~3\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.2 licensing.intellimon.com mailserver.intellimon.com
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\julie\application data\mozilla\firefox\profiles\qq76kyfl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\abhelperxpcom.dll
FF - component: c:\program files\mozilla firefox\extensions\[email protected]\components\kavlinkfilter.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Hide My IP: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
FF - Ext: Kaspersky URL Advisor: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Google Global: {B97F57B9-1B42-4aed-9475-0022600C62DC} - %profile%\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
FF - Ext: SearchStatus: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a} - %profile%\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
FF - Ext: Niche Watch Tool: {5c1a272d-6af9-4229-b821-11703c6b5ccf} - %profile%\extensions\{5c1a272d-6af9-4229-b821-11703c6b5ccf}
FF - Ext: NoDoFollow: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} - %profile%\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
FF - Ext: SEO For Firefox: [email protected] - %profile%\extensions\[email protected]
FF - Ext: LinkDiagnosis 2.0: [email protected] - %profile%\extensions\[email protected]
FF - Ext: SeoQuake: {317B5128-0B0B-49b2-B2DB-1E7560E16C74} - %profile%\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Shareaholic: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: Elite Proxy Switcher: [email protected] - c:\program files\my-proxy\elite proxy switcher\firefox
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2010-6-9 132184]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2011-6-1 475736]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service;c:\program files\micro niche finder\srvany.exe [2009-11-10 8192]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-2-3 14976]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2010-5-7 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 rt2870;Belkin N+ Wireless USB Adapter Driver;c:\windows\system32\drivers\rt2870.sys [2010-8-31 713344]
S2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-6-1 17480]
S3 jnv4_mib;jnv4_mib;c:\docume~1\julie\locals~1\temp\jnv4_mib.sys [2004-10-2 31744]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-8-22 7680]
S3 Micorsoft Windows Service;Micorsoft Windows Service;\??\c:\windows\temp\etfieufb.sys --> c:\windows\temp\etfieufb.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-06-03 11:30:26 260763 ----a-w- c:\windows\system32\verclsidmgrmgrmgr.exe
2011-06-03 11:30:22 260763 ----a-w- c:\windows\system32\verclsidmgrmgr.exe
2011-06-03 11:30:18 260763 ----a-w- c:\windows\system32\verclsidmgr.exe
2011-06-03 09:03:44 -------- d-----w- c:\documents and settings\julie\application data\SUPERAntiSpyware.com
2011-06-03 09:03:44 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-03 09:03:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-02 17:55:41 -------- d-----w- c:\windows\pss
2011-06-02 16:00:48 109240 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]\components\abhelperxpcom.dll
2011-06-02 11:45:28 -------- d-----w- c:\program files\ocmlqudx
2011-06-01 07:31:45 -------- d-----w- c:\documents and settings\julie\application data\Malwarebytes
2011-06-01 07:31:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-01 07:31:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-01 07:31:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-01 07:31:31 -------- d-----w- c:\program files\Malwarebytes' Antipat-Malware
2011-06-01 00:01:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-31 23:34:24 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-05-31 23:34:23 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-05-31 23:33:40 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2011-05-31 23:13:57 150200 ----a-w- c:\program files\mozilla firefox\extensions\[email protected]\components\kavlinkfilter.dll
2011-05-31 23:13:32 97545 ----a-w- c:\windows\system32\drivers\klick.dat
2011-05-31 23:13:32 115465 ----a-w- c:\windows\system32\drivers\klin.dat
2011-05-29 14:21:01 -------- d-----w- c:\documents and settings\julie\local settings\application data\NP3
2011-05-29 14:11:19 -------- d-----w- c:\documents and settings\julie\application data\NeuroProgrammer3
2011-05-29 14:11:06 -------- d-----w- c:\windows\XSxS
2011-05-29 14:11:06 -------- d-----w- c:\program files\Xenocode
2011-05-29 14:11:06 -------- d-----w- c:\documents and settings\julie\local settings\application data\Xenocode
2011-05-29 14:09:50 -------- d-----w- c:\program files\Neuro-Programmer 3
2011-05-27 18:11:15 -------- d-----w- c:\program files\EASEUS
2011-05-24 20:03:20 -------- d-----w- c:\documents and settings\julie\application data\Traffic Mystic IM Solutions
2011-05-20 07:33:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 07:10:51 -------- d-----w- c:\program files\DVD Decrypter
2011-05-11 16:53:39 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2011-05-07 21:06:31 -------- d-----w- c:\documents and settings\julie\.ranktracker
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 14:29:18.56 ===============

[pat208]

here is the second dds log



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 05/05/2005 14:35:17
System Uptime: 03/06/2011 12:29:36 (2 hours ago)
.
Motherboard: NEC COMPUTERS INTERNATIONAL | | MS-6786
Processor: AMD Sempron™ 2800+ | Socket A | 2005/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 22.421 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_D0021631&REV_74\3&61AAA01&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_D0021631&REV_74\3&61AAA01&0&90
Service: FETND5BV
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
Article Marketing Robot
Artisteer 2
AviSynth 2.5
Aztech CNR2900 V.90 Modem
Azureus
Belkin N+ Wireless USB Adapter
Cable & Wireless 11g PC Card Utility
CCleaner (remove only)
Combined Community Codec Pack 2008-09-21 16:18
Critical Update for Windows Media Player 11 (KB959772)
DivX Subtitle Displayer 5.00
DivX Web Player
DVD Decrypter (Remove Only)
EditPlus 3
Elite Proxy Switcher Professional 1.07C
ffdshow [rev 1723] [2007-12-24]
FileZilla Client 3.2.4.1
FLV Player 2.0 (build 25)
focus booster
Google AdWords Editor
Google Chrome
Google Earth
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
Haali Media Splitter
Hitman Pro 3.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Image Resizer Powertoy for Windows XP
InstantArticleWizard
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Java Auto Updater
Java™ 6 Update 19
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
Kaspersky Internet Security 2011
Magic ISO Maker v5.4 (build 0239)
Malwarebytes' Anti-Malware
Micro Niche Finder
Micro Niche Finder 5.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX SDK (November 2008)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel Viewer
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Standard 2007 Trial
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Works 7.0
Mindjet MindManager 9
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Connector/ODBC 5.1
neroxml
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Secure Module 4.5.01
OpenOffice.org 3.2
P2P Networking
Paint.NET v3.5.2
PDF-XChange 3
PDF Manual NW-A10003000
Picture Package Music Transfer
PPLive 1.1.0.6
ProxyFirewall 1.0.4 Beta
PS3 Video 9 4.08
PSP Video 9 1.74
QuickTime
Rank Tracker
Revo Uninstaller 1.83
SAGEM F@st 800-840
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2466156)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2464583)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SEO Link Robot
SEO Link Robot 1.4.8.0
SERPAttacks
Sick Submitter
Sonic MyDVD
Sonic RecordNow!
SonicStage 4.0
Sony Picture Utility
SopCast 3.2.4
Spotify
SUPERAntiSpyware
Synacast Plug-in 1.1.0.6
TextMaker Viewer
The Action Machine
TheBestSpinner
Traffic Travis 3.3.14
TreePad Lite 4.3
TVersity Codec Pack 1.4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2536413)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV 0.9.18
VIA Rhine-Family Fast Ethernet Adapter
VLC media player 1.0.2
VobSub v2.23 (Remove Only)
Vuze
WD Diagnostics
Web Content Studio
WebEx
WebFldrs XP
WinAVI VideoConverter
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wondershare DVD Slideshow Builder Standard(Build 6.0.1.23)
XHeader
XHeader Bonus Download
XSitePro2
.
==== Event Viewer Messages From Past Week ========
.
31/05/2011 23:34:17, error: Service Control Manager [7034] - The Kaspersky Anti-Virus-service service terminated unexpectedly. It has done this 4 time(s).
31/05/2011 23:32:17, error: Service Control Manager [7034] - The Kaspersky Anti-Virus-service service terminated unexpectedly. It has done this 3 time(s).
31/05/2011 23:32:05, error: Service Control Manager [7031] - The Kaspersky Anti-Virus-service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
31/05/2011 23:30:25, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus-service service to connect.
31/05/2011 23:30:25, error: Service Control Manager [7000] - The Kaspersky Anti-Virus-service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
31/05/2011 23:30:15, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
31/05/2011 23:30:15, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
31/05/2011 23:30:14, error: Service Control Manager [7031] - The Kaspersky Anti-Virus-service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
31/05/2011 23:30:08, error: Service Control Manager [7022] - The Kaspersky Anti-Virus-service service hung on starting.
31/05/2011 17:03:25, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
31/05/2011 16:33:25, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
31/05/2011 16:18:25, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
29/05/2011 08:43:46, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x PCIIde perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 Sparrow symc810 symc8xx sym_hi sym_u3 TosIde uagp35 ultra viaagp
02/06/2011 18:56:41, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
02/06/2011 16:58:01, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0022753F55EC. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
01/06/2011 21:09:45, error: Service Control Manager [7034] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 3 time(s).
01/06/2011 21:09:33, error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
01/06/2011 16:48:30, error: Service Control Manager [7034] - The CyberLink Task Scheduler (CTS) service terminated unexpectedly. It has done this 1 time(s).
01/06/2011 14:14:25, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
01/06/2011 12:57:48, error: DCOM [10005] - DCOM got error "%1055" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
01/06/2011 09:09:29, error: MRxSmb [8003] - The master browser has received a server announcement from the computer LOAFY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F935E9AD-B9B4-44AA-ADF. The master browser is stopping or an election is being forced.
01/06/2011 00:56:33, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Kaspersky Anti-Virus Service service to connect.
01/06/2011 00:56:33, error: Service Control Manager [7000] - The Kaspersky Anti-Virus Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/06/2011 00:56:22, error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
01/06/2011 00:56:13, error: Service Control Manager [7022] - The Kaspersky Anti-Virus Service service hung on starting.
01/06/2011 00:55:45, error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0).
.
==== End Of File ===========================

[Dakeyras]

Hi.

Your welcome and thanks for the update, lets proceed as follows shall we...

Peer to Peer & Illegal Software Advice:

I see you have Azureus, P2P Networking and Vuze installed...Since it appears they have been used you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.

My advice would be to uninstall all of the aforementioned, however if you opt not too..please refrain from using either during the course of the Malware Removal process, thank you.

With regard to the illegal(cracked) sofware you have downloaded I am going to ask you to remove them via below custom OTM scrip. Otherwise I will withdraw my assistance per this forums Terms of Use. We will also remove some out of date software which are a security risk. We will in turn update these at a later date.

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 9.4.4
EditPlus 3
Hitman Pro 3.5
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_05
Java Auto Updater
Java™ 6 Update 19
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
SUPERAntiSpyware <-- Will hinder the Malware Removal process, you may reinstall once I give the all clear if you so wish.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

Check System Restore is Active:

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• Check Turn On System Restore if it is not on.
• Click Apply, and then click OK.

Next:

Please download OTM to your Desktop.

• Double-click OTM to start the program.
• Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Files
ipconfig /flushdns /c
%systemroot%\prefetch\*.*
c:\documents and settings\julie\desktop\bigfolder\crack
c:\documents and settings\julie\desktop\computer software\lunasoft marketing - web content studio [software (msi) + crack (exe) + instructions(txt)]\instructions.txt
c:\documents and settings\julie\desktop\computer software\lunasoft marketing - web content studio [software (msi) + crack (exe) + instructions(txt)]\wcs-setup.msi
c:\program files\azureus\chris rempel - affiliate intelligence archives\module 3 - google keyword suggestions\crackers.csv
c:\program files\azureus\editplus v3.10 + keygen [xmelzax]

:Commands
[Purity]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

• Return to OTM, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
• Then click the red MoveIt! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Note: The logfile can also be located C: >> _OTM >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

When completed the above please post the log from the custom OTM script and then we will continue the Malware Removal process, thank you.

[pat208]

Thanks for your help here is the OTM log:


All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Julie\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Julie\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\ACRORD32INFO.EXE-1A61B617.pf moved successfully.
C:\WINDOWS\prefetch\ADOBEARM.EXE-00A55D68.pf moved successfully.
C:\WINDOWS\prefetch\ADOBE_UPDATER.EXE-36985884.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-275708CF.pf moved successfully.
C:\WINDOWS\prefetch\ARTISTEER.EXE-22437201.pf moved successfully.
C:\WINDOWS\prefetch\AVP.EXE-08A3C4E6.pf moved successfully.
C:\WINDOWS\prefetch\BELKINWCUI.EXE-0A05052B.pf moved successfully.
C:\WINDOWS\prefetch\BGGOOGLE.EXE-03E658C3.pf moved successfully.
C:\WINDOWS\prefetch\CCLEANER.EXE-09CFC2BC.pf moved successfully.
C:\WINDOWS\prefetch\CHROME.EXE-161B3EBA.pf moved successfully.
C:\WINDOWS\prefetch\CKSCANNER.EXE-327D420E.pf moved successfully.
C:\WINDOWS\prefetch\CLMLUPNPBROWSER.EXE-003B4030.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf moved successfully.
C:\WINDOWS\prefetch\CONTROL.EXE-24FBF8B3.pf moved successfully.
C:\WINDOWS\prefetch\CSCRIPT.EXE-0A13A05C.pf moved successfully.
C:\WINDOWS\prefetch\CTFMON.EXE-05E57A5E.pf moved successfully.
C:\WINDOWS\prefetch\DDS.PIF-0D680F84.pf moved successfully.
C:\WINDOWS\prefetch\DEFRAG.EXE-2858C7E2.pf moved successfully.
C:\WINDOWS\prefetch\DFRGNTFS.EXE-38C3807C.pf moved successfully.
C:\WINDOWS\prefetch\DRVINS32.EXE-296DA700.pf moved successfully.
C:\WINDOWS\prefetch\DUMPREP.EXE-0AF2BF67.pf moved successfully.
C:\WINDOWS\prefetch\DWWIN.EXE-2C373FB7.pf moved successfully.
C:\WINDOWS\prefetch\EXEPATHELPER.COM-0EC8F5B2.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-14015D04.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-1CCEDDDE.pf moved successfully.
C:\WINDOWS\prefetch\FIND.EXE-0EEAD1A7.pf moved successfully.
C:\WINDOWS\prefetch\FINDSTR.EXE-1A4FC238.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-00EAA129.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-160E1F62.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE.EXE-2F4A2F77.pf moved successfully.
C:\WINDOWS\prefetch\GRPCONV.EXE-375690AD.pf moved successfully.
C:\WINDOWS\prefetch\HELPSVC.EXE-1C192440.pf moved successfully.
C:\WINDOWS\prefetch\HITMANPRO35[1].EXE-29D118F6.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-035D5A3F.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-183BD598.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-1894654A.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-1F2278B3.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf moved successfully.
C:\WINDOWS\prefetch\IMJPMIG.EXE-32ABEE9A.pf moved successfully.
C:\WINDOWS\prefetch\IPCONFIG.EXE-05D7908C.pf moved successfully.
C:\WINDOWS\prefetch\JAUREG.EXE-0254770C.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-107A73BD.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-392A4E93.pf moved successfully.
C:\WINDOWS\prefetch\JAVAWS.EXE-2E12A933.pf moved successfully.
C:\WINDOWS\prefetch\JQS.EXE-31B60334.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-0219AD6E.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-04906F29.pf moved successfully.
C:\WINDOWS\prefetch\JUSCHED.EXE-0C11AB3F.pf moved successfully.
C:\WINDOWS\prefetch\KIS11.0.2.556EN.EXE-08E6799C.pf moved successfully.
C:\WINDOWS\prefetch\KLWTBLFS.EXE-2E9C0B57.pf moved successfully.
C:\WINDOWS\prefetch\KLWTBWS.EXE-3B8F3B7E.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGON.SCR-24ADF392.pf moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-312BE1BF.pf moved successfully.
C:\WINDOWS\prefetch\MBAM.EXE-372C59BA.pf moved successfully.
C:\WINDOWS\prefetch\MBR.DAT-3856CDC0.pf moved successfully.
C:\WINDOWS\prefetch\MSCONFIG.EXE-1EF1EA0F.pf moved successfully.
C:\WINDOWS\prefetch\MSFEEDSSYNC.EXE-05335A39.pf moved successfully.
C:\WINDOWS\prefetch\MSI76.TMP-08AE6D9F.pf moved successfully.
C:\WINDOWS\prefetch\MSIEXEC.EXE-330626DC.pf moved successfully.
C:\WINDOWS\prefetch\NET.EXE-151FD66D.pf moved successfully.
C:\WINDOWS\prefetch\NET1.EXE-02C3403D.pf moved successfully.
C:\WINDOWS\prefetch\NETCFG.EXE-00C819BD.pf moved successfully.
C:\WINDOWS\prefetch\NIRCMD.EXE-046B7D23.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\OTM.EXE-007F766B.pf moved successfully.
C:\WINDOWS\prefetch\PCMSERVICE.EXE-2E404631.pf moved successfully.
C:\WINDOWS\prefetch\PEV.DAT-17D56867.pf moved successfully.
C:\WINDOWS\prefetch\PEV.EXE-030D8B51.pf moved successfully.
C:\WINDOWS\prefetch\PEV.EXE-0383F6EA.pf moved successfully.
C:\WINDOWS\prefetch\PEV.EXE-03FA6283.pf moved successfully.
C:\WINDOWS\prefetch\PROXYCHECK.EXE-21564EEE.pf moved successfully.
C:\WINDOWS\prefetch\QTTASK.EXE-1876A1A1.pf moved successfully.
C:\WINDOWS\prefetch\READER_SL.EXE-2D713FFC.pf moved successfully.
C:\WINDOWS\prefetch\REGSVR32.EXE-396DEA2C.pf moved successfully.
C:\WINDOWS\prefetch\REMOVE.EXE-067478FC.pf moved successfully.
C:\WINDOWS\prefetch\RKILL.COM-11DBFDA1.pf moved successfully.
C:\WINDOWS\prefetch\RSVP.EXE-04BF6A6A.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3DE4948B.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-41FB74E5.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-4532DDE6.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-4B41185F.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-527366BD.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-532DA9D9.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-55E8DFE1.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-6BCB1F8E.pf moved successfully.
C:\WINDOWS\prefetch\RUNONCE.EXE-01CA3A2F.pf moved successfully.
C:\WINDOWS\prefetch\SED.DAT-192C3A0B.pf moved successfully.
C:\WINDOWS\prefetch\SED.EXE-0DA6B2E6.pf moved successfully.
C:\WINDOWS\prefetch\SERPATTACKS.EXE-0E533C9B.pf moved successfully.
C:\WINDOWS\prefetch\SETUP.EXE-00254C73.pf moved successfully.
C:\WINDOWS\prefetch\SETUP_WM.EXE-02751BCA.pf moved successfully.
C:\WINDOWS\prefetch\SOL.EXE-213C4FA3.pf moved successfully.
C:\WINDOWS\prefetch\SORT.EXE-19728AC5.pf moved successfully.
C:\WINDOWS\prefetch\SOUNDMAN.EXE-2979F3F4.pf moved successfully.
C:\WINDOWS\prefetch\SRVANY.EXE-26601D00.pf moved successfully.
C:\WINDOWS\prefetch\SSUPDATE.EXE-22221678.pf moved successfully.
C:\WINDOWS\prefetch\SUPERANTIPATWARE.EXE-3B87B2E5.pf moved successfully.
C:\WINDOWS\prefetch\SUPERANTISPYWARE.EXE-28713C90.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-2D5FBD18.pf moved successfully.
C:\WINDOWS\prefetch\SWREG.DAT-12645A3A.pf moved successfully.
C:\WINDOWS\prefetch\SWREG.EXE-02B3068B.pf moved successfully.
C:\WINDOWS\prefetch\TINTSETP.EXE-2DD83AEF.pf moved successfully.
C:\WINDOWS\prefetch\TRAFFICTRAVIS.EXE-0F3DF55D.pf moved successfully.
C:\WINDOWS\prefetch\UNINSTALL.EXE-1BE64D42.pf moved successfully.
C:\WINDOWS\prefetch\UNINSTALL.EXE-28BFC885.pf moved successfully.
C:\WINDOWS\prefetch\USERINIT.EXE-19E45DEF.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf moved successfully.
C:\WINDOWS\prefetch\VLC.EXE-02F29DFD.pf moved successfully.
C:\WINDOWS\prefetch\VTTIMER.EXE-23FE10E9.pf moved successfully.
C:\WINDOWS\prefetch\WGATRAY.EXE-350D4455.pf moved successfully.
C:\WINDOWS\prefetch\WINLOGON.EXE-17D061E6.pf moved successfully.
C:\WINDOWS\prefetch\WMI32.EXE-17D11449.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf moved successfully.
C:\WINDOWS\prefetch\WMPLAYER.EXE-1ACCF805.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf moved successfully.
C:\WINDOWS\prefetch\XPNETDIAG.EXE-1BD7AA5A.pf moved successfully.
c:\documents and settings\julie\desktop\bigfolder\crack folder moved successfully.
c:\documents and settings\julie\desktop\computer software\lunasoft marketing - web content studio [software (msi) + crack (exe) + instructions(txt)]\instructions.txt moved successfully.
c:\documents and settings\julie\desktop\computer software\lunasoft marketing - web content studio [software (msi) + crack (exe) + instructions(txt)]\wcs-setup.msi moved successfully.
c:\program files\azureus\chris rempel - affiliate intelligence archives\module 3 - google keyword suggestions\Crackers.csv moved successfully.
c:\program files\azureus\EditPlus v3.10 + keygen [xmelzax] folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 70726 bytes
->Flash cache emptied: 41620 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56502 bytes

User: Julie
->Temp folder emptied: 147111199 bytes
->Temporary Internet Files folder emptied: 3498206 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 55201019 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 412184 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 66722585 bytes

User: NetworkService
->Temp folder emptied: 66428 bytes
->Temporary Internet Files folder emptied: 34706 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 20377089 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2389326 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 42345646 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 323.00 mb

Restore point Set: OTM Restore Point (0)

OTM by OldTimer - Version 3.1.18.0 log created on 06032011_211845

Files moved on Reboot...
File C:\Documents and Settings\Julie\Local Settings\Temp\Temporary Directory 12 for Self Improvement.zip\Self Improvement\Time_Management\Dealing_With_The__Monsters_From_The_ID___9_Techniques_For_Overcoming_Panic_Attacks_By_Communicating_With_The_Unconscious_Mind.txt not found!
File C:\Documents and Settings\Julie\Local Settings\Temp\Temporary Directory 1 for Travel&Leisure.zip\Travel&Leisure\Vacations\Hello_From_Toronto_-_Part_5_-_Novice_Golf__Driving_Through_The_Kawarthas__A_Little_Off-Road_Mountain-Biking___Preparing_To_Say_Goodbye.txt not found!

Registry entries deleted on Reboot...

[Dakeyras]

Hi.

Download/Run ComboFix:

Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs <-- Click on this link.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

When completed the above, please post back the following in the order asked for:

• How is your computer performing now, any other symptoms and or problems encountered?
• ComboFix Log.
• A new DDS Log.

[pat208]

Hi Dakeyras thanks. Unfortunatly bleepingcomputer is one of the antimalware websites that i'm unable to visit. Is there a combofix download on another website?

Thanks Patrick

[Dakeyras]

OK try carry out the below then see if you can actually view the ComboFix download page etc...

Out of interest the user account you are using for this machine is named Julie, does the machine have multiple user accounts?

Download/run Rkill:

(If one fails to work delete it and download/try another):

One, Two,Three, Four or Five

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

• Double click on Rkill.
• A command window will open then disappear upon completion, this is normal.
• Please leave Rkill on the Desktop until otherwise advised.

Note: A logfile will have been created, it can be located at the root of your installed Hard-Drive. EG: C:\rkill.txt. Please do not delete it as I may ask to review it.

Reset Host File:

• Open Notepad.
• Copy and Paste everything from the Quote Box(do not include the word quote) below into Notepad: <-- Start >> Run... type in notepad and select OK

@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
del %0

• Go to File >> Save As
• Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
• Change Save as Type to All Files and save the file to your Desktop.
• It should look like this:

Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed.

[pat208]

Hi Dakeyras there's only one user account my sister owned the computer before me that's why it's called Julie. i had downloaded rkill a couple of days ago when i first got the problem i had also download something called exehelper. One of them (i'm not sure which one) solved the problem of not being able to visit certain websites but the problem returned again very soon after and now neither of them work. I followed the instructions in the last post but still can't visit the bleepingcomputer.com website to download combofix.

[Dakeyras]

Hi.

OK lets see if you can visit the ComboFix download/instruction page via Safe Mode with Networking as follows...

How to boot into Safe Mode with Networking:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should come up where you will be given the option to enter Safe Mode with Networking, do so.

Next:

Now check if you can visit this page to download ComboFix.

If you can fine, download the aforementioned then reboot your machine back into Normal mode and run ComboFix.

Now if in the event still unable to carry out the above merely inform myself and we will take a different approach.

[pat208]

Hi, i can't boot in safe mode either with or without networking. When i try the computer switches off and then back on. It only lets me run windows normally.