Infected with fraud.windowsrecovery

Cleaned with Spybot and Malwarebytes but still get browser redirects in all browsers. Spybot does not see anymore infections.

I get two instances of iexplore.exe that open in the background thought do not show in the DDS log because I have been killing the process.

I hope I followed the instructions properly.

Cant seem to get this one clean any help would be appreciated. TIA

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Sean at 12:17:07 on 2011-07-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.281 [GMT -7:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Symantec AntiVirus\Smc.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Sean\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Opera\opera.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by MySpace
uDefault_Page_URL = hxxp://www.myspace.com/
uInternet Settings,ProxyOverride = *.local
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\sean\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PLFSetL] c:\windows\PLFSetL.exe
mRun: [snp2uvc] c:\windows\vsnp2uvc.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\docume~1\sean\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\sean\desktop\virus removal tool1\setup_9.0.0.722_03.07.2011_03-10\startup.exe
IE: &Search - ?p=ZJxdm128YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9675D106-F24E-4388-AC41-6CF1F03123DB} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\sean\application data\mozilla\firefox\profiles\moqjt31o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={DB27CA32-BEB7-13B6-BA78-B987C615B5E8}&q=
FF - plugin: c:\documents and settings\sean\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\sean\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\sean\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPOFF12.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 82754802;82754802 Boot Guard Driver;c:\windows\system32\drivers\82754802.sys [2011-7-4 37392]
R0 BlackBox;BlackBox SR2;c:\windows\system32\drivers\BlackBox.sys [2011-7-2 35712]
R1 82754801;82754801;c:\windows\system32\drivers\82754801.sys [2011-7-4 128016]
R1 setup_9.0.0.722_03.07.2011_03-10drv;setup_9.0.0.722_03.07.2011_03-10drv;c:\windows\system32\drivers\8275480.sys [2011-7-4 315408]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2011-5-18 38144]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-5 105592]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110705.002\NAVENG.SYS [2011-7-5 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110705.002\NAVEX15.SYS [2011-7-5 1542392]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-12 39984]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-25 135664]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2011-6-1 25728]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-12-2 23888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-25 135664]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-1-22 96856]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2011-5-18 332928]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2011-6-1 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2011-6-1 108032]
S3 ute4ntgy;AVZ Kernel Driver;\??\c:\windows\system32\drivers\ute4ntgy.sys --> c:\windows\system32\drivers\ute4ntgy.sys [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
.
=============== Created Last 30 ================
.
2011-07-05 15:12:05 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-07-05 15:08:41 97096 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-07-05 15:07:36 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-05 15:07:36 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-05 15:06:42 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2011-07-05 15:06:05 -------- d-----w- c:\program files\Symantec AntiVirus
2011-07-05 14:54:00 28160 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-05 14:53:47 14048 ------w- c:\windows\system32\spmsg2.dll
2011-07-05 14:48:54 -------- d-sh--w- c:\documents and settings\sean\IECompatCache
2011-07-04 19:43:24 37392 ----a-w- c:\windows\system32\drivers\82754802.sys
2011-07-04 19:43:23 315408 ----a-w- c:\windows\system32\drivers\8275480.sys
2011-07-04 19:43:23 128016 ----a-w- c:\windows\system32\drivers\82754801.sys
2011-07-03 10:53:41 -------- d-----w- C:\bf2dd79533a80172b7d4869c1b141349
2011-07-02 23:41:29 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab Setup Files
2011-07-02 22:51:42 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-07-02 22:43:45 50688 ----a-w- C:\ATF-Cleaner.exe
2011-06-24 18:27:21 -------- d-----w- c:\program files\Cabos
2011-06-24 16:02:14 -------- d-----w- c:\documents and settings\sean\application data\Cabos
2011-06-24 15:58:44 73728 ---ha-w- c:\windows\system32\javacpl.cpl
2011-06-24 15:58:44 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-06-24 15:58:44 472808 ---ha-w- c:\windows\system32\deployJava1.dll
2011-06-19 00:03:09 26600 ---ha-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-19 00:03:09 107368 ---ha-w- c:\windows\system32\GEARAspi.dll
2011-06-19 00:01:07 -------- d-----w- c:\program files\iPod
2011-06-19 00:00:54 -------- d-----w- c:\documents and settings\all users\application data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-06-19 00:00:53 -------- d-----w- c:\program files\iTunes
2011-06-18 23:57:48 -------- d-----w- c:\documents and settings\sean\local settings\application data\Apple
2011-06-18 23:56:44 4517664 ---ha-w- c:\windows\system32\usbaaplrc.dll
2011-06-18 23:56:44 42496 ---ha-w- c:\windows\system32\drivers\usbaapl.sys
2011-06-18 23:55:14 -------- d-----w- c:\program files\Bonjour
2011-06-18 23:52:58 -------- d-----w- c:\documents and settings\sean\local settings\application data\Apple Computer
2011-06-11 20:23:47 -------- d-----w- c:\program files\common files\Mobipocket Shared
2011-06-11 20:23:46 -------- d-----w- c:\program files\Mobipocket.com
2011-06-08 04:23:47 -------- d-----w- c:\documents and settings\sean\local settings\application data\assembly
2011-06-08 04:22:16 -------- d-----w- c:\documents and settings\sean\local settings\application data\TechSmith
.
==================== Find3M ====================
.
2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-19 04:31:45 21035 ---ha-w- c:\windows\system32\drivers\AegisP.sys
2011-05-18 18:51:48 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 12:26:22.95 ===============

Thought maybe a search capture of the iexplore.exe files on my system may help.

Hello Slaragbee and welcome to the Safernetwork Form.
I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.
My apologies for the delayed reply, we are a bit busy as you can see.

Please observe these rules while we work: Read the entire procedure It is important to perform ALL actions in sequence. If you don't know, stop and ask! Don't keep going on. Please reply to this thread. Do not start a new topic. Stick with me till you're given the all clear. Malware removal can be stressful but we will clean it. Remember, absence of symptoms does not mean the infection is all gone. Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.

Stay with this topic until I give you the all clean post.

Bill,

I will follow all your instructions and bear with you. I am patient. :)

Just a heads up I ran Combofix last night in safe mode. I still cannot get tddskiller to run. Sorry if this creates any problems but I needed to try to get this fixed.

Upon further examination I find that redirects only happen when following weblinks from google searches.

Below is the logfile from the Combofix runs (I ran it twice).

ComboFix 11-07-07.05 - Sean 07/07/2011 22:36:05.2.2 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.674 [GMT -7:00]
Running from: c:\documents and settings\Sean\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Sean\Desktop\Windows XP Repair.lnk
c:\documents and settings\Sean\Start Menu\Programs\Windows XP Repair\Uninstall Windows XP Repair.lnk
c:\documents and settings\Sean\Start Menu\Programs\Windows XP Repair\Windows XP Repair.lnk
c:\program files\SGPSA\BHO.dll
c:\windows\system32\autorun.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MYWEBSEARCHSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))
.
.
2011-07-05 22:07 . 2011-07-05 22:07 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-07-05 15:12 . 2010-09-11 05:32 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2011-07-05 15:08 . 2010-04-17 04:06 97096 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2011-07-05 15:07 . 2011-07-05 15:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-07-05 15:07 . 2011-07-05 15:08 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-07-05 15:06 . 2007-03-22 03:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2011-07-05 15:06 . 2011-07-07 16:31 -------- d-----w- c:\program files\Symantec AntiVirus
2011-07-05 14:54 . 2007-03-23 03:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-07-05 14:53 . 2006-06-29 20:07 14048 ------w- c:\windows\system32\spmsg2.dll
2011-07-05 14:48 . 2011-07-05 14:48 -------- d-sh--w- c:\documents and settings\Sean\IECompatCache
2011-07-04 19:43 . 2009-10-22 20:54 37392 ----a-w- c:\windows\system32\drivers\82754802.sys
2011-07-04 19:43 . 2009-10-10 06:31 315408 ----a-w- c:\windows\system32\drivers\8275480.sys
2011-07-04 19:43 . 2009-09-26 00:59 128016 ----a-w- c:\windows\system32\drivers\82754801.sys
2011-07-03 10:53 . 2011-07-03 10:59 -------- d-----w- C:\bf2dd79533a80172b7d4869c1b141349
2011-07-02 23:41 . 2011-07-02 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-07-02 22:51 . 2011-07-02 22:51 35712 ----a-w- c:\windows\system32\drivers\BlackBox.sys
2011-07-02 22:43 . 2011-07-02 22:41 50688 ----a-w- C:\ATF-Cleaner.exe
2011-07-02 22:41 . 2011-07-02 22:41 -------- d-sh--w- c:\documents and settings\test\PrivacIE
2011-07-02 22:39 . 2011-07-02 22:39 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\Opera
2011-07-02 14:56 . 2011-07-02 14:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2011-07-02 14:53 . 2011-07-02 14:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-06-28 22:50 . 2011-06-30 01:06 -------- d-----w- c:\documents and settings\Sean\Application Data\vlc
2011-06-28 22:07 . 2011-06-28 22:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-06-24 18:27 . 2011-06-24 18:27 -------- d-----w- c:\program files\Cabos
2011-06-24 16:02 . 2011-06-30 01:12 -------- d-----w- c:\documents and settings\Sean\Application Data\Cabos
2011-06-24 15:59 . 2011-06-24 15:59 -------- d-----w- c:\program files\Common Files\Java
2011-06-24 15:58 . 2011-06-24 15:58 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-24 15:58 . 2011-06-24 15:57 73728 ---ha-w- c:\windows\system32\javacpl.cpl
2011-06-24 15:58 . 2011-06-24 15:57 472808 ---ha-w- c:\windows\system32\deployJava1.dll
2011-06-24 15:57 . 2011-06-24 15:57 -------- d-----w- c:\program files\Java
2011-06-19 00:03 . 2011-06-19 00:30 -------- d-----w- c:\documents and settings\Sean\Application Data\Apple Computer
2011-06-19 00:03 . 2009-05-18 20:17 26600 ---ha-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-06-19 00:03 . 2008-04-17 19:12 107368 ---ha-w- c:\windows\system32\GEARAspi.dll
2011-06-19 00:01 . 2011-06-19 00:01 -------- d-----w- c:\program files\iPod
2011-06-19 00:00 . 2011-06-19 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-06-19 00:00 . 2011-06-19 00:03 -------- d-----w- c:\program files\iTunes
2011-06-18 23:58 . 2011-06-19 00:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-06-18 23:57 . 2011-06-18 23:57 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Apple
2011-06-18 23:57 . 2011-06-18 23:57 -------- d-----w- c:\program files\Apple Software Update
2011-06-18 23:56 . 2011-05-10 15:06 4517664 ---ha-w- c:\windows\system32\usbaaplrc.dll
2011-06-18 23:56 . 2011-05-10 15:06 42496 ---ha-w- c:\windows\system32\drivers\usbaapl.sys
2011-06-18 23:55 . 2011-06-18 23:55 -------- d-----w- c:\program files\Bonjour
2011-06-18 23:54 . 2011-06-18 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-06-18 23:54 . 2011-06-19 00:01 -------- d-----w- c:\program files\Common Files\Apple
2011-06-18 23:52 . 2011-06-19 00:03 -------- d-----w- c:\documents and settings\Sean\Local Settings\Application Data\Apple Computer
2011-06-11 20:23 . 2011-06-11 20:23 -------- d-----w- c:\program files\Common Files\Mobipocket Shared
2011-06-11 20:23 . 2011-06-11 20:23 -------- d-----w- c:\program files\Mobipocket.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 16:11 . 2011-05-12 22:32 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-19 04:31 . 2011-05-19 04:31 21035 ---ha-w- c:\windows\system32\drivers\AegisP.sys
2011-05-18 18:51 . 2011-05-18 18:47 404640 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-04-14 16:26 . 2011-05-14 06:18 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]
.
c:\documents and settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
.
c:\documents and settings\Sean\Start Menu\Programs\Startup\
setup_9.0.0.722_03.07.2011_03-10.lnk - c:\documents and settings\Sean\Desktop\Virus Removal Tool1\setup_9.0.0.722_03.07.2011_03-10\startup.exe [2011-7-4 72208]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2008-05-22 20:30 425984 ---ha-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-15 03:00 208952 ---ha-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 15:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-15 03:00 59392 ---ha-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-15 03:00 455168 ---ha-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-15 03:00 455168 ---ha-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 21:46 14944136 ----a-w- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\Sean\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2011 11.0.2.556\\English\\setup.exe"=
"c:\\Program Files\\Symantec AntiVirus\\Smc.exe"=
"c:\\Program Files\\Symantec AntiVirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 82754802;82754802 Boot Guard Driver;c:\windows\system32\drivers\82754802.sys [7/4/2011 12:43 PM 37392]
R0 BlackBox;BlackBox SR2;c:\windows\system32\drivers\BlackBox.sys [7/2/2011 3:51 PM 35712]
S1 82754801;82754801;c:\windows\system32\drivers\82754801.sys [7/4/2011 12:43 PM 128016]
S1 setup_9.0.0.722_03.07.2011_03-10drv;setup_9.0.0.722_03.07.2011_03-10drv;c:\windows\system32\drivers\8275480.sys [7/4/2011 12:43 PM 315408]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [5/18/2011 9:31 PM 38144]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/25/2010 4:43 PM 135664]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [6/1/2011 10:29 AM 25728]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/2/2009 4:02 PM 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/5/2011 9:29 AM 105592]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/25/2010 4:43 PM 135664]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [1/22/2009 10:35 PM 96856]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [5/18/2011 9:31 PM 332928]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [6/1/2011 10:29 AM 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [6/1/2011 10:29 AM 108032]
S3 ute4ntgy;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\ute4ntgy.sys --> c:\windows\system32\Drivers\ute4ntgy.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 8:00 PM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXHELP20
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 23:43]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 23:43]
.
2011-07-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1830729943-1279238057-186408780-1008Core.job
- c:\documents and settings\Sean\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-31 18:48]
.
2011-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1830729943-1279238057-186408780-1008UA.job
- c:\documents and settings\Sean\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-31 18:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Sean\Application Data\Mozilla\Firefox\Profiles\moqjt31o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={DB27CA32-BEB7-13B6-BA78-B987C615B5E8}&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-07 23:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1956)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
Completion time: 2011-07-07 23:41:41
ComboFix-quarantined-files.txt 2011-07-08 06:41
.
Pre-Run: 54,829,158,400 bytes free
Post-Run: 54,773,706,752 bytes free
.
- - End Of File - - 0D8B50EF2DED6E13DCFA5ECDD4C4EBCB

Greetings Slarabee,
Please do not run any more tools with out supervision. They can cause irreparable damage to your PC.
You say you cannot run TDSSKiller, what kind of error message or results do you get?

No error when I run TDDSKiller it just does not run at all when I double click it. Will not run in safe mode either.

I will not run anymore tools unless you tell me too. :)

Thanks :bigthumb: I get back to you as soon as I can.

Greetings Slarabee,
Your logs indicate that you have Peer-to-Peer software installed on your PC. Peer-to-Peer sites like UTorrent, and Orbit are a major source of malware problems. It is in your best interest to avoid the sites. I strongly recommend that you remove this (these) program(s) by:


Click Start
Click Control Panel
Click Add/Remove Programs
Select uTorrent
Click Remove

Note: Often removal questions are stated so as to dissuade you from removing the program, please be careful.
Should you decide to not remove Peer – to – Peer software, do not use it until we are done.

Next

Please download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe icon to run it
Click the Scan button to start the scan
On completion of the scan, click the**save log button, save it to your desktop and post it in your next reply.


Logs to post:
aswMBR.txt

Bill,

Sorry it took me so long to get back on this. Got in a car accident. I'm fine but ready to move forward on this. Thanks for your help and patience.

I did not remove uTorrent. I am aware of the risks. Need the software though.

Below is the scan log you requested.

Thanks,

Sean

aswMBR version 0.9.7.707 Copyright(c) 2011 AVAST Software
Run date: 2011-07-13 22:22:34
-----------------------------
22:22:34.734 OS Version: Windows 5.1.2600 Service Pack 3
22:22:34.750 Number of processors: 2 586 0x1C02
22:22:34.750 ComputerName: HOPELAP UserName: Sean
22:22:53.359 Initialize success
22:23:33.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:23:33.218 Disk 0 Vendor: ST9160310AS 0303 Size: 152627MB BusType: 3
22:23:35.515 Disk 0 MBR read successfully
22:23:35.562 Disk 0 MBR scan
22:23:35.593 Disk 0 unknown MBR code
22:23:35.625 Disk 0 MBR hidden
22:23:37.671 Disk 0 scanning sectors +312576705
22:23:37.984 Disk 0 scanning C:\WINDOWS\system32\drivers
22:24:06.812 Service scanning
22:24:09.281 Disk 0 trace - called modules:
22:24:09.328
22:24:09.375 Scan finished successfully
22:24:24.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Sean\Desktop\MBR.dat"
22:24:24.921 The log file has been saved successfully to "C:\Documents and Settings\Sean\Desktop\aswMBR.txt"

Bill,

This may frustrate you a bit but...

I ran the scan and then went ahead and ran fixmbr

Thing is this little mini has no cd drive and the main problem I was encountering is that I could not get it to boot from a usb stick so I could not get to the windows repair prompt to run fixmbr and fixboot after cleaning.

The tool you provided for me seems to have done the trick!!!

The iexplore.exe files are no longer opening and the broswer redirects have stopped.

I will run SB S&D on it tonight when I retire for the evening and a couple other scans and let you know where it is at tomorrow.

Thanks so much for your help!!!

Sean

Greetings Sean,

Great, you found a problem. :bigthumb:We should run Combofix next. I see that you have it installed, but we need a fresh version.

First
Let's delete Combofix by right click and delete.
Then:

Next
Installing Combofix using my instructions will install the Recovery Console, a very powerful tool for MBR type viruses.
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***
Download Combofix from any of the links below and save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Hello Sean, are you still with me, do you more assistance?

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.