Computer infected please help

J

J_Money

New member
hello, my computer seems to have picked up some serious infections recently which i am unable to remove, the problem startes after i type my password a ms-dos program comes up for a split second then disappears then my computer displays a warning bubble saying that a usb device has exceeded its power limit and the port needs to be reset even though there are no usb devices plugged in as it is a laptop, also i was getting a message saying that mcafee virus scan is disabled, the wireless will connect to my router but the internet always says that it cannot pick up any signals and although internet explorer does not work my other browser flock does work apart from that it does not let me install any programs, i have managed to install anti malware pro but it will not let carry out a virus scan and always crashes on the same file 'HKEY_CLASSES_ROOT\.dat' the virus scan does reveal that there are 3061 tracking cookie problems,65 windows registry problems, 138 activx problems, 1 system service problems and 20 file association problems, also now i do not get the ms-dos program now that i have uninstalled mcafee viruse scan but i do get another bubble your computer is infected by spyware click here to protect your computer from spyware but i am unbale to click the dialouge box. i have hijackthis an have managed to install it but the program will not run. please someone out there help me :sad:
 
still unable to provide high jack this log but i have managed to get malwarebytes.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

24/10/2009 15:19:41
mbam-log-2009-10-24 (15-19-32).txt

Scan type: Full Scan (C:\|)
Objects scanned: 165323
Time elapsed: 40 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 6
Folders Infected: 7
Files Infected: 162

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiMalware Pro_is1 (Rogue.AntiMalwarePro) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\AntiMalware_Pro (Rogue.AntiMalwarePro) -> No action taken.
C:\Program Files\AntiMalware_Pro\definitions (Rogue.AntiMalwarePro) -> No action taken.
C:\Program Files\TinyProxy (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalware_Pro (Rogue.AntiMalwarePro) -> No action taken.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> No action taken.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> No action taken.

Files Infected:
C:\RECYCLER\S-1-5-21-1682011850-787452711-249421292-1006\Dc136.exe (Rogue.AntiMalwarePro) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP818\A0489765.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP818\A0489776.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP804\A0476401.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP805\A0478418.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP805\A0478428.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP805\A0478437.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP806\A0478447.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP807\A0479447.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP807\A0479456.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP807\A0479464.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP808\A0479485.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP809\A0480485.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP809\A0480494.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP810\A0480505.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP811\A0480521.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP812\A0480589.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP812\A0482611.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP812\A0482629.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP813\A0482639.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP813\A0482648.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP814\A0483648.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP814\A0483662.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP815\A0484662.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP815\A0484670.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP815\A0484678.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP815\A0484686.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP821\A0493847.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP822\A0494847.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP822\A0494856.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP823\A0494867.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP823\A0494878.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP824\A0494890.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP824\A0494901.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP826\A0494916.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP826\A0495916.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP827\A0495928.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP828\A0495942.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP829\A0496942.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP829\A0497942.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP830\A0497957.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP830\A0497968.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP830\A0497979.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP831\A0497989.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP831\A0497998.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP831\A0498009.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP833\A0504056.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP836\A0507137.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP836\A0507146.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP836\A0508146.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP836\A0508156.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP838\A0515242.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP838\A0513232.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP841\A0518314.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP841\A0518325.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP843\A0521416.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP844\A0522416.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP844\A0522441.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP844\A0522450.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP845\A0522464.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP845\A0522475.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP845\A0522485.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP849\A0529533.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP849\A0530533.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP852\A0536633.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP853\A0536644.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP853\A0537644.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP853\A0538644.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP853\A0538645.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP855\A0538714.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP855\A0538715.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP855\A0538737.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP855\A0538738.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP856\A0538752.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP856\A0538753.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP857\A0538767.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP857\A0538768.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP857\A0539767.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP857\A0539768.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP857\A0539785.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP857\A0539787.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{9F7C3886-4BCE-4E31-8335-D78A0712DC3E}\RP857\A0539788.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\brastk.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\brastk.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\dllcache\beep.sys (Backdoor.UltimateDefender) -> No action taken.
C:\WINDOWS\system32\drivers\beep.sys (Backdoor.UltimateDefender) -> No action taken.
C:\Program Files\AntiMalware_Pro\Cl.exe (Rogue.AntiMalwarePro) -> No action taken.
C:\Program Files\AntiMalware_Pro\EngineAP.dll (Rogue.AntiMalwarePro) -> No action taken.
C:\Program Files\AntiMalware_Pro\ScheduleAP.txt (Rogue.AntiMalwarePro) -> No action taken.
C:\Program Files\AntiMalware_Pro\Task.dat (Rogue.AntiMalwarePro) -> No action taken.
C:\Program Files\AntiMalware_Pro\unins000.dat (Rogue.AntiMalwarePro) -> No action taken.
C:\Program Files\AntiMalware_Pro\unins000.exe (Rogue.AntiMalwarePro) -> No action taken.
C:\Program Files\AntiMalware_Pro\definitions\200812.cab (Rogue.AntiMalwarePro) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalware_Pro\AntiMalware_Pro.lnk (Rogue.AntiMalwarePro) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalware_Pro\Uninstall AntiMalware_Pro.lnk (Rogue.AntiMalwarePro) -> No action taken.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> No action taken.
C:\Documents and Settings\All Users\Desktop\AntiMalware_Pro.lnk (Rogue.AntiMalwarePro) -> No action taken.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\wini104552502.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\Winlogonpc.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\wrdwn2 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\wrdwn3 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\wrdwn4 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\wrdwn5 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\wrdwn6 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\wrdwn7 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temp\wrdwn9 (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\j\delself.bat (Malware.Trace) -> No action taken.
C:\Documents and Settings\j\Local Settings\Temporary Internet Files\eredice.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\bdn.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\bolivar24.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\bolivar25.exe (Backdoor.Bot) -> No action taken.
C:\WINDOWS\f49f4daa.dat (Worm.Koobface) -> No action taken.
C:\WINDOWS\fmark2.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\tmark2.dat (Malware.Trace) -> No action taken.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winSystem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> No action taken.
 
Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:
  • Double-click .exe that you downloaded
  • Click rootkit-tab and then scan.
  • Don't check
    Show All
    box while scanning in progress!
  • When scanning is ready, click Copy.
  • This copies log to clipboard
  • Post log in your reply.
 
DDS (Ver_09-09-29.01) - NTFSx86
Run by j at 14:05:29.79 on 29/10/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.246.55 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Flock\flock\flock.exe
C:\Documents and Settings\j\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uWindow Title = Microsoft Internet Explorer provided by Freeserve
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=127.0.0.1:9090
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [TOSHIBA Accessibility] c:\program files\toshiba\accessibility\FnKeyHook.exe
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\mcupdate.exe
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [XP Antispyware 2009] "c:\program files\xp_antispyware\XP_Antispyware.exe" /hide
mRun: [McRegWiz] c:\progra~1\mcafee.com\agent\mcregwiz.exe /autorun
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [brastk] brastk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: karna.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-11-25 126976]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-11-25 122368]
S3 Dmuredd;Dmuredd; [x]
S3 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-4-9 245760]

=============== Created Last 30 ================

2009-10-24 02:27 <DIR> --d----- c:\docume~1\j\applic~1\Malwarebytes
2009-10-24 02:26 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 02:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-24 02:26 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-10-24 02:26 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 02:21 <DIR> --d----- c:\program files\Snoop
2009-10-24 02:21 249,856 -------- c:\windows\Setup1.exe
2009-10-24 02:21 73,216 a------- c:\windows\ST6UNST.EXE
2009-10-24 02:20 <DIR> --d----- c:\program files\Trend Micro
2009-10-23 10:41 0 a------- c:\windows\system32\MSVolumeAMP.dll
2009-10-23 10:41 <DIR> --d----- c:\documents and settings\all users\AVP 2009
2009-10-23 10:41 <DIR> --d----- c:\program files\AntiMalware_Pro
2009-10-23 01:07 <DIR> --d----- c:\docume~1\j\applic~1\AVG8
2009-10-17 19:12 10,240 a------- c:\windows\brastk.exe

==================== Find3M ====================

2009-10-29 13:25 10,240 a------- c:\windows\system32\brastk.exe
2009-10-29 13:25 6,144 a------- c:\windows\system32\karna.dat
2009-10-29 13:25 6,144 a------- c:\windows\karna.dat
2009-08-29 07:36 832,512 a------- c:\windows\system32\wininet.dll
2009-08-29 07:36 78,336 a------- c:\windows\system32\ieencode.dll
2009-08-29 07:36 17,408 a------- c:\windows\system32\corpol.dll
2008-11-18 04:05 19,578 ac------ c:\docume~1\j\applic~1\exizese.sys
2008-11-18 04:05 19,312 ac------ c:\docume~1\j\applic~1\byryteda.sys
2008-11-18 04:05 12,133 ac------ c:\program files\common files\uxeleq.sys
2008-11-18 04:05 11,493 ac------ c:\docume~1\alluse~1\applic~1\pymivadumy.pif
2008-11-18 04:05 10,935 ac------ c:\docume~1\j\applic~1\divubod.bat
2008-11-18 04:05 18,804 ac------ c:\docume~1\alluse~1\applic~1\unuratewur.sys
2008-11-18 04:05 13,880 ac------ c:\program files\common files\suvinur.dat
2008-10-21 11:08 19,303 ac------ c:\program files\common files\xabaqe._sy
2008-10-21 11:08 18,740 ac------ c:\docume~1\alluse~1\applic~1\fagamux.dat
2008-10-21 11:08 16,315 ac------ c:\program files\common files\uqamuvicor.dl
2008-10-21 11:08 16,104 ac------ c:\docume~1\j\applic~1\poqiwyq.bin
2008-10-21 11:08 13,751 ac------ c:\docume~1\j\applic~1\patica.bat
2008-10-21 11:08 13,231 ac------ c:\docume~1\j\applic~1\iredoj.com
2008-10-21 11:08 13,123 ac------ c:\program files\common files\nacasucet.exe
2008-10-21 11:08 10,830 ac------ c:\program files\common files\lalasumy.dl
2008-10-21 11:08 10,510 ac------ c:\docume~1\alluse~1\applic~1\onud.pif
2008-10-08 00:57 142 ac------ c:\documents and settings\j\delself.bat
2005-04-26 22:29 56 -c-shr-- c:\windows\system32\F31CC94AA7.sys
2005-04-26 22:29 1,890 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2008-10-12 22:54 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101220081013\index.dat

============= FINISH: 14:06:35.34 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 06/04/2005 18:31:24
System Uptime: 29/10/2009 13:25:23 (1 hours ago)

Motherboard: TOSHIBA | | EAT10/EAT20
Processor: Intel(R) Pentium(R) M processor 1.60GHz | U1 | 797/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 1.034 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_FF001179&REV_10\4&111A1FD8&0&00E0
Manufacturer: Marvell
Name: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_FF001179&REV_10\4&111A1FD8&0&00E0
Service: yukonwxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\6940619223F52
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\6940619223F52
Service: NIC1394

==== System Restore Points ===================

RP860: 26/10/2009 13:45:22 - System Checkpoint
RP861: 27/10/2009 21:02:21 - System Checkpoint
RP862: 29/10/2009 05:05:42 - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 Plugin
Adobe Photoshop CS
Adobe Reader 6.0.1
ALPS Touch Pad Driver
AntiMalware Pro 2.1
Apple Software Update
µTorrent
BearShare
CD/DVD Drive Acoustic Silencer
Critical Update for Windows Media Player 11 (KB959772)
DivX Content Uploader
DivX Web Player
Flock 1.1
Football Manager 2006
Google Toolbar for Internet Explorer
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD for TOSHIBA
J2SE Runtime Environment 5.0
K-Lite Codec Pack 2.72 Standard
Karen's Snooper
Macromedia Flash Player
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft User-Mode Driver Framework Feature Pack 1.0
MP3 music player
My DSC
My Global Search Bar
OpenMG Limited Patch 3.0.01-01-12-10-01
OpenMG Limited Patch 3.0.01-01-12-17-01
OpenMG Secure Module 3.0.01
QuickTime
Realtek AC'97 Audio
SD Secure Module
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973525)
SMSC IrCC V5.1.3600.5 SP2
Sonic DLA
Sonic RecordNow!
SopCast 2.0.4
SpeedTouch USB Software
Texas Instruments PCIxx21/x515 drivers.
TIxx21/x515
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Controls Driver
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA Manuals
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Power Saver Driver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Supervisor Password
TOSHIBA Virtual Sound
TOSHIBA Zooming Hook
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
Yacc 0.4.0.3

==== Event Viewer Messages From Past Week ========

24/10/2009 01:55:07, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 000E35DD11B4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
23/10/2009 13:49:28, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
23/10/2009 13:49:22, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
23/10/2009 13:49:22, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
23/10/2009 13:49:11, error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
23/10/2009 02:06:10, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0ed: Security Update for Windows XP (KB956744).
23/10/2009 02:05:11, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0ed: Security Update for Windows XP (KB956844).
23/10/2009 02:03:46, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB954459).
23/10/2009 02:03:04, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0ed: Security Update for Windows XP (KB973869).
23/10/2009 02:02:29, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
23/10/2009 02:01:03, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0ed: Security Update for Windows XP (KB955069).
23/10/2009 01:58:54, error: w29n51 [5031] - Intel(R) PRO/Wireless 2200BG Network Connection : The adapter has detected an Adapter Check as a result of some unrecoverable hardware of software error. Please contact your service provider.
23/10/2009 01:58:54, error: w29n51 [5010] - Intel(R) PRO/Wireless 2200BG Network Connection : The adapter has returned an invalid value to the driver.
23/10/2009 01:58:54, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
23/10/2009 01:58:54, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
23/10/2009 01:58:47, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee.com McShield service to connect.
23/10/2009 01:58:47, error: Service Control Manager [7000] - The McAfee.com McShield service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
22/10/2009 17:54:42, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 fee9948b, parameter3 f99effc4, parameter4 f99efcc0.

==== End Of File ===========================
 
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent
Bearshare


I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


After that:


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.



Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 
used both links for the program download and have managed to download it to my desktop but the program will not run
 
Hi,

Rename ComboFix.exe file -> Eatmalware.exe and try to run it again.
 
ComboFix 09-10-28.08 - j 30/10/2009 15:16.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.246.55 [GMT 0:00]
Running from: c:\documents and settings\j\Desktop\Eatmalware.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\jawyre.bat
c:\documents and settings\j\Application Data\divubod.bat
c:\documents and settings\j\Application Data\patica.bat
c:\documents and settings\j\Cookies\ehexavavo.dl
c:\documents and settings\j\Cookies\itoqoju.lib
c:\documents and settings\j\delself.bat
c:\documents and settings\j\Local Settings\Application Data\urigyfaq.vbs
c:\documents and settings\j\Local Settings\Temporary Internet Files\eredice.exe
c:\documents and settings\j\Local Settings\Temporary Internet Files\idus._sy
c:\documents and settings\j\Local Settings\Temporary Internet Files\nimojubu.pif
c:\documents and settings\j\Local Settings\Temporary Internet Files\nori.bin
c:\documents and settings\j\Local Settings\Temporary Internet Files\qutifyf._dl
c:\documents and settings\j\Local Settings\Temporary Internet Files\tyqyn.inf
c:\documents and settings\j\Local Settings\Temporary Internet Files\xinikar.dat
c:\program files\AVI Codec Pack
c:\program files\AVI Codec Pack\AC3\ac3filter.ax
c:\program files\TinyProxy
c:\recycler\S-1-5-21-1606980848-839522115-725345543-1003
c:\recycler\S-1-5-21-1696900801-673444254-1198706582-1003
c:\recycler\S-1-5-21-2325207520-1955753301-4288126109-1003
c:\recycler\S-1-5-21-3611587196-4038010048-3432065643-1003
c:\recycler\S-1-5-21-3617300515-1142314785-2478053788-1003
c:\recycler\S-1-5-21-72906647-2416302709-964523486-1003
c:\recycler\S-1-5-21-981462108-2766100533-1366851002-1003
c:\windows\a.bat
c:\windows\aqere.scr
c:\windows\base64.tmp
c:\windows\bdn.com
c:\windows\bolivar24.exe
c:\windows\bolivar25.exe
c:\windows\brastk.exe
c:\windows\eciryx.reg
c:\windows\f49f4daa.dat
c:\windows\fmark2.dat
c:\windows\FVProtect.exe
c:\windows\ipuhina.inf
c:\windows\iTunesMusic.exe
c:\windows\karna.dat
c:\windows\mslagent
c:\windows\mslagent\2_mslagent.dll
c:\windows\mslagent\mslagent.exe
c:\windows\mslagent\uninstall.exe
c:\windows\mssecu.exe
c:\windows\ocyliniq.reg
c:\windows\pugiso._sy
c:\windows\system32\akttzn.exe
c:\windows\system32\anticipator.dll
c:\windows\system32\awtoolb.dll
c:\windows\system32\bdn.com
c:\windows\system32\brastk.exe
c:\windows\system32\bsva-egihsg52.exe
c:\windows\system32\dpcproxy.exe
c:\windows\system32\emesx.dll
c:\windows\system32\hoproxy.dll
c:\windows\system32\hxiwlgpm.dat
c:\windows\system32\hxiwlgpm.exe
c:\windows\system32\karna.dat
c:\windows\system32\medup012.dll
c:\windows\system32\medup020.dll
c:\windows\system32\msgp.exe
c:\windows\system32\msnbho.dll
c:\windows\system32\mssecu.exe
c:\windows\system32\MSVolumeAMP.dll
c:\windows\system32\mtr2.exe
c:\windows\system32\mwin32.exe
c:\windows\system32\netode.exe
c:\windows\system32\newsd32.exe
c:\windows\system32\ps1.exe
c:\windows\system32\psoft1.exe
c:\windows\system32\recotiv.vbs
c:\windows\system32\regm64.dll
c:\windows\system32\rosyzod.inf
c:\windows\system32\Rundl1.exe
c:\windows\system32\smp
c:\windows\system32\smp\msrc.exe
c:\windows\system32\ssurf022.dll
c:\windows\system32\ssvchost.exe
c:\windows\system32\sysreq.exe
c:\windows\system32\taack.dat
c:\windows\system32\taack.exe
c:\windows\system32\temp#01.exe
c:\windows\system32\VBIEWER.OCX
c:\windows\system32\vcatchpi.dll
c:\windows\system32\wini104552502.exe
c:\windows\system32\winlogonpc.exe
c:\windows\system32\WINWGPX.EXE
c:\windows\tmark2.dat
c:\windows\tysybacyg._sy
c:\windows\userconfig9x.dll
c:\windows\winsystem.exe
c:\windows\ybaris.bat
c:\windows\ycuxe.inf
c:\windows\yqunylegu.inf
c:\windows\zip1.tmp
c:\windows\zip2.tmp
c:\windows\zip3.tmp
c:\windows\zipped.tmp

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
c:\windows\system32\drivers\beep.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-24 02:27 . 2009-10-24 02:27 -------- d-----w- c:\documents and settings\j\Application Data\Malwarebytes
2009-10-24 02:26 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-24 02:26 . 2009-10-24 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-24 02:26 . 2009-10-24 02:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-24 02:26 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-24 02:21 . 2009-10-24 02:22 -------- d-----w- c:\program files\Snoop
2009-10-24 02:21 . 2009-10-24 02:21 249856 ------w- c:\windows\Setup1.exe
2009-10-24 02:21 . 2009-10-24 02:21 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-10-24 02:20 . 2009-10-24 02:20 -------- d-----w- c:\program files\Trend Micro
2009-10-23 10:41 . 2009-10-23 10:41 -------- d-----w- c:\documents and settings\All Users\AVP 2009
2009-10-23 10:41 . 2009-10-23 10:42 -------- d-----w- c:\program files\AntiMalware_Pro
2009-10-23 01:07 . 2009-10-23 01:07 -------- d-----w- c:\documents and settings\j\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 20:48 . 2007-10-14 00:39 -------- d-----w- c:\program files\uTorrent
2009-10-24 13:33 . 2008-10-03 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\uhyvalmj
2009-10-23 18:33 . 2007-10-14 00:39 -------- d-----w- c:\documents and settings\j\Application Data\uTorrent
2009-10-23 01:25 . 2008-10-13 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-23 01:22 . 2005-04-07 13:45 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-08-29 07:36 . 2004-12-30 08:22 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-12-30 08:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-12-30 08:21 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-06 18:24 . 2004-12-30 09:36 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2004-12-30 09:36 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2005-05-26 03:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2005-04-07 18:40 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2004-12-30 09:36 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2004-12-30 08:21 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2004-12-30 09:36 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2004-12-30 09:36 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2008-11-18 04:05 . 2008-11-18 04:05 12133 -c--a-w- c:\program files\Common Files\uxeleq.sys
2008-11-18 04:05 . 2008-11-18 04:05 13880 -c--a-w- c:\program files\Common Files\suvinur.dat
2008-10-21 11:08 . 2008-10-21 11:08 19303 -c--a-w- c:\program files\Common Files\xabaqe._sy
2008-10-21 11:08 . 2008-10-21 11:08 16315 -c--a-w- c:\program files\Common Files\uqamuvicor.dl
2008-10-21 11:08 . 2008-10-21 11:08 13123 -c--a-w- c:\program files\Common Files\nacasucet.exe
2008-10-21 11:08 . 2008-10-21 11:08 10830 -c--a-w- c:\program files\Common Files\lalasumy.dl
2005-04-26 22:29 . 2005-04-26 22:29 56 -csh--r- c:\windows\system32\F31CC94AA7.sys
2005-04-26 22:29 . 2005-04-26 22:29 1890 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Accessibility"="c:\program files\TOSHIBA\Accessibility\FnKeyHook.exe" [2004-12-07 24576]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-12-27 61440]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 212992]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"McRegWiz"="c:\progra~1\mcafee.com\agent\mcregwiz.exe" [2003-09-02 135168]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\sopvod.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9832:TCP"= 9832:TCP:BitComet 9832 TCP
"9832:UDP"= 9832:UDP:BitComet 9832 UDP
"21891:TCP"= 21891:TCP:BitComet 21891 TCP
"21891:UDP"= 21891:UDP:BitComet 21891 UDP
"12114:TCP"= 12114:TCP:BitComet 12114 TCP
"12114:UDP"= 12114:UDP:BitComet 12114 UDP
"12749:TCP"= 12749:TCP:BitComet 12749 TCP
"12749:UDP"= 12749:UDP:BitComet 12749 UDP

S3 Dmuredd;Dmuredd; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-XP Antispyware 2009 - c:\program files\XP_Antispyware\XP_Antispyware.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 15:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-10-30 15:30
ComboFix-quarantined-files.txt 2009-10-30 15:29

Pre-Run: 2,102,878,208 bytes free
Post-Run: 4,093,988,864 bytes free

- - End Of File - - 1E2C8355361A0CB3CFC85B06493EF4BC
 
Hi,

Start MBAM, update its definitions on update tab and run a quick scan. Let it remove found threats and post back the report along with a fresh dds.txt log.
 
Malwarebytes' Anti-Malware 1.41
Database version: 3074
Windows 5.1.2600 Service Pack 2

01/11/2009 03:37:54
mbam-log-2009-11-01 (03-37-54).txt

Scan type: Quick Scan
Objects scanned: 102364
Time elapsed: 12 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 4
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AntiMalware Pro_is1 (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch (Adware.BookedSpace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AntiMalware_Pro (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware_Pro\definitions (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalware_Pro (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AntiMalware_Pro\Cl.exe (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware_Pro\EngineAP.dll (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware_Pro\ScheduleAP.txt (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware_Pro\Task.dat (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware_Pro\unins000.dat (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware_Pro\unins000.exe (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Program Files\AntiMalware_Pro\definitions\200812.cab (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalware_Pro\AntiMalware_Pro.lnk (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\AntiMalware_Pro\Uninstall AntiMalware_Pro.lnk (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
 
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code: 
http://forums.spybot.info/showthread.php?t=52818
Driver::
Dmuredd
Collect::
c:\program files\Common Files\uxeleq.sys
c:\program files\Common Files\suvinur.dat
c:\program files\Common Files\xabaqe._sy
c:\program files\Common Files\uqamuvicor.dl
c:\program files\Common Files\nacasucet.exe
c:\program files\Common Files\lalasumy.dl
Folder::
c:\program files\uTorrent
c:\documents and settings\All Users\Application Data\uhyvalmj
c:\documents and settings\j\Application Data\uTorrent
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9832:TCP"=-
"9832:UDP"=-
"21891:TCP"=-
"21891:UDP"=-
"12114:TCP"=-
"12114:UDP"=-
"12749:TCP"=-
"12749:UDP"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

CFScriptB-4.gif


Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (9.2) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Uninstall these:
Macromedia Flash Player
Macromedia Flash Player 8

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 16.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
 
Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
 
You must log in or register to reply here.
Back
Top