Infected with Windows Protection Servive Virus

Hey Shaba,

I can't seem to get Kaspersky to give me a usable accept button. I am getting a message that is requires Java framework verision 1.5 or later to run. I downloaded the latest Java update and installed and it now says that I have version 1.6 and still it will not recognize my java console. I am sure that I am doing something wrong here, just not sure what.
 
Then please run this instead:

Download to the desktop: Dr.Web CureIt
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    check.gif

    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.
 
apologies for the delay, been quite busy lately. Here are the logs:

Dr.Web:

5fe61458-4db09361;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24;Archive contains infected objects;Moved.;
5fe61458-6f18e195;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24;Archive contains infected objects;Moved.;
6968de25-57616e4a;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\37;Archive contains infected objects;Moved.;
cfdaaf1-556d8449;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\49;Archive contains infected objects;Moved.;
5fe61458-4db09361\dev/s/AdgredY.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24\5fe61458-4db09361;Exploit.Java.38;;
5fe61458-4db09361\dev/s/DyesyasZ.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24\5fe61458-4db09361;Exploit.Java.38;;
5fe61458-4db09361\dev/s/LoaderX.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24\5fe61458-4db09361;Exploit.Java.38;;
5fe61458-6f18e195\dev/s/AdgredY.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24\5fe61458-6f18e195;Exploit.Java.38;;
5fe61458-6f18e195\dev/s/DyesyasZ.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24\5fe61458-6f18e195;Exploit.Java.38;;
5fe61458-6f18e195\dev/s/LoaderX.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\24\5fe61458-6f18e195;Exploit.Java.38;;
6968de25-57616e4a\AppleT.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\37\6968de25-57616e4a;Exploit.Java.59;;
cfdaaf1-556d8449\dev/s/AdgredY.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\49\cfdaaf1-556d8449;Exploit.Java.38;;
cfdaaf1-556d8449\dev/s/DyesyasZ.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\49\cfdaaf1-556d8449;Exploit.Java.38;;
cfdaaf1-556d8449\dev/s/LoaderX.class;C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\49\cfdaaf1-556d8449;Exploit.Java.38;;
RegUBP2b-Wayne.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0109203.reg;C:\System Volume Information\_restore{EEAD7172-7D8D-4A56-ACA0-6652FF74E8CC}\RP506;Trojan.StartPage.1505;Deleted.;
A0110199.reg;C:\System Volume Information\_restore{EEAD7172-7D8D-4A56-ACA0-6652FF74E8CC}\RP506;Trojan.StartPage.1505;Deleted.;
A0115485.reg;C:\System Volume Information\_restore{EEAD7172-7D8D-4A56-ACA0-6652FF74E8CC}\RP542;Trojan.StartPage.1505;Deleted.;
A0116515.reg;C:\System Volume Information\_restore{EEAD7172-7D8D-4A56-ACA0-6652FF74E8CC}\RP543;Trojan.StartPage.1505;Deleted.;
A0117618.reg;C:\System Volume Information\_restore{EEAD7172-7D8D-4A56-ACA0-6652FF74E8CC}\RP544;Trojan.StartPage.1505;Deleted.;
A0119294.reg;C:\System Volume Information\_restore{EEAD7172-7D8D-4A56-ACA0-6652FF74E8CC}\RP570;Trojan.StartPage.1505;Deleted.;

DDS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Wayne at 17:11:09.43 on Tue 07/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1655 [GMT -4:00]

FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Wayne\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\wayne\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.gamehouse.com/realarcade-webgames/ancientsudoku/index.jsp?pread=0&pread=0&ractype=fullclient"
mRun: [WinSys2] c:\windows\system32\winsys2.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\wayne\applic~1\mozilla\firefox\profiles\kt7j57ki.default\
# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/

user_pref(app.update.lastUpdateTime.addon-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.blocklist-background-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.microsummary-generator-update-timer, 1242299186);
user_pref(app.update.lastUpdateTime.search-engine-update-timer, 1242321386);
user_pref(browser.migration.version, 1);
user_pref(browser.places.importDefaults, false);
user_pref(browser.places.migratePostDataAnnotations, false);
user_pref(browser.places.smartBookmarksVersion, 1);
user_pref(browser.places.updateRecentTagsUri, false);
user_pref(browser.rights.3.shown, true);
user_pref(browser.startup.homepage_override.mstone, rv:1.9.0.10);
user_pref(extensions.enabledItems, {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10,{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13,jqs@sun.com:1.0,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717,moveplayer@movenetworks.com:7,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10);
user_pref(extensions.lastAppVersion, 3.0.10);
user_pref(extensions.update.notifyUser, false);
user_pref(intl.charsetmenu.browser.cache, ISO-8859-1, UTF-8);
user_pref(network.cookie.prefsMigrated, true);
user_pref(spellchecker.dictionary, en-US);
user_pref(urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey, 1255473016);
user_pref(yahoo.addtomy, true);
user_pref(yahoo.homepage.dontask, true);
user_pref(yahoo.installer.country, us);
user_pref(yahoo.installer.dc, v1_yff2);
user_pref(yahoo.installer.language, us);
user_pref(yahoo.installer.nd, 2);
user_pref(yahoo.installer.sc, sunm);
user_pref(yahoo.installer.version, 1.5.2.20080717);
user_pref(yahoo.installer.version.simple, 1.5.2);
user_pref(yahoo.supports.livesearch, true);
user_pref(yahoo.toolbar.searchbox.width, 55);
FF - prefs.js: browser.search.selectedEngine - Yahoo!);
user_pref(browser.startup.homepage, http://bing.zugo.com/?cfg=2-79-0-1kCe3);
user_pref(keyword.URL, http://bing.zugo.com/s/?src=FF-Address&site=Bing&cfg=2-79-0-1kCe3&q=
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-11-17 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-11-17 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-11-17 28872]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2008-11-17 1402568]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-9-11 24652]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2008-6-27 99352]
S3 cpuz130;cpuz130;\??\c:\docume~1\wayne\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\wayne\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2008-6-27 566296]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-25 25832]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2008-11-17 3538632]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2009-9-14 85504]

=============== Created Last 30 ================

2010-07-06 16:36:12 0 d-----w- c:\documents and settings\wayne\DoctorWeb
2010-06-29 17:17:19 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-29 17:17:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-24 05:11:24 0 d-----w- C:\ComboFix
2010-06-18 04:38:22 0 d-sha-r- C:\cmdcons
2010-06-18 04:34:44 98816 ----a-w- c:\windows\sed.exe
2010-06-18 04:34:44 77312 ----a-w- c:\windows\MBR.exe
2010-06-18 04:34:44 256512 ----a-w- c:\windows\PEV.exe
2010-06-18 04:34:44 161792 ----a-w- c:\windows\SWREG.exe
2010-06-10 20:44:45 0 d-----w- c:\docume~1\wayne\applic~1\Malwarebytes
2010-06-10 20:44:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-10 20:44:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-10 20:44:36 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-10 20:44:36 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-10 20:19:21 397 ----a-w- c:\windows\wininit.ini
2010-06-10 17:41:16 0 d-----w- c:\docume~1\wayne\applic~1\Pogo Games
2010-06-10 17:08:35 14 ----a-w- c:\windows\popcinfo.dat
2010-06-10 16:21:12 0 ----a-w- c:\windows\popcreg.dat
2010-06-10 16:21:11 18 ----a-w- c:\windows\popcinfot.dat
2010-06-08 17:08:27 9 ----a-w- c:\windows\sierra.ini
2010-06-08 17:08:26 0 d-----w- c:\program files\Sierra On-Line

==================== Find3M ====================


============= FINISH: 17:11:39.06 ===============
 
And Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 11/16/2008 7:59:13 AM
System Uptime: 7/6/2010 5:10:04 PM (0 hours ago)

Motherboard: Dell Inc. | | 0U7077
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 368 GiB total, 118.298 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_8086&DEV_266E&SUBSYS_01771028&REV_03\3&172E68DD&0&F2
Service:

==== System Restore Points ===================

RP482: 4/8/2010 5:28:13 AM - System Checkpoint
RP483: 4/9/2010 9:03:32 PM - System Checkpoint
RP484: 4/11/2010 2:29:17 AM - System Checkpoint
RP485: 4/12/2010 7:00:49 PM - System Checkpoint
RP486: 4/13/2010 7:31:37 PM - System Checkpoint
RP487: 4/14/2010 8:24:13 PM - System Checkpoint
RP488: 4/15/2010 8:48:44 PM - System Checkpoint
RP489: 4/17/2010 6:11:54 AM - System Checkpoint
RP490: 4/18/2010 6:40:18 AM - System Checkpoint
RP491: 4/19/2010 7:23:44 AM - System Checkpoint
RP492: 4/20/2010 7:47:42 AM - System Checkpoint
RP493: 4/21/2010 8:10:00 AM - System Checkpoint
RP494: 4/22/2010 9:10:00 AM - System Checkpoint
RP495: 4/23/2010 12:44:15 PM - System Checkpoint
RP496: 4/24/2010 2:59:05 PM - System Checkpoint
RP497: 4/25/2010 4:26:58 PM - System Checkpoint
RP498: 4/26/2010 4:46:43 PM - System Checkpoint
RP499: 4/27/2010 6:06:46 PM - System Checkpoint
RP500: 4/28/2010 7:08:14 PM - System Checkpoint
RP501: 4/29/2010 7:46:43 PM - System Checkpoint
RP502: 4/30/2010 8:58:37 PM - System Checkpoint
RP503: 5/1/2010 9:46:37 PM - System Checkpoint
RP504: 5/3/2010 12:41:15 AM - System Checkpoint
RP505: 5/4/2010 12:49:13 AM - System Checkpoint
RP506: 5/5/2010 2:01:23 AM - System Checkpoint
RP507: 5/6/2010 3:02:32 AM - System Checkpoint
RP508: 5/7/2010 3:14:33 AM - System Checkpoint
RP509: 5/8/2010 5:33:36 AM - System Checkpoint
RP510: 5/9/2010 7:34:01 AM - System Checkpoint
RP511: 5/10/2010 8:13:43 AM - System Checkpoint
RP512: 5/11/2010 8:18:05 AM - System Checkpoint
RP513: 5/12/2010 9:13:21 AM - System Checkpoint
RP514: 5/13/2010 11:37:01 AM - System Checkpoint
RP515: 5/14/2010 11:37:06 AM - System Checkpoint
RP516: 5/15/2010 12:13:45 PM - System Checkpoint
RP517: 5/16/2010 1:40:44 PM - System Checkpoint
RP518: 5/17/2010 3:09:26 PM - System Checkpoint
RP519: 5/18/2010 8:50:42 PM - System Checkpoint
RP520: 5/19/2010 9:37:30 PM - System Checkpoint
RP521: 5/21/2010 1:27:36 AM - System Checkpoint
RP522: 5/22/2010 1:44:23 AM - System Checkpoint
RP523: 5/23/2010 1:49:30 AM - System Checkpoint
RP524: 5/24/2010 3:11:13 AM - System Checkpoint
RP525: 5/25/2010 3:50:16 AM - System Checkpoint
RP526: 5/26/2010 4:50:16 AM - System Checkpoint
RP527: 5/27/2010 5:40:40 AM - System Checkpoint
RP528: 5/28/2010 6:04:40 AM - System Checkpoint
RP529: 5/29/2010 6:28:41 AM - System Checkpoint
RP530: 5/30/2010 8:53:48 AM - System Checkpoint
RP531: 5/31/2010 10:00:15 AM - System Checkpoint
RP532: 6/1/2010 6:33:12 PM - System Checkpoint
RP533: 6/2/2010 7:08:21 PM - System Checkpoint
RP534: 6/4/2010 4:26:01 AM - System Checkpoint
RP535: 6/4/2010 11:07:39 PM - Installed Lemonade Tycoon 2 - New York City
RP536: 6/5/2010 1:49:06 PM - Installed Air Strike 3D
RP537: 6/5/2010 1:52:24 PM - Installed Casino Island To Go
RP538: 6/6/2010 2:54:15 PM - System Checkpoint
RP539: 6/7/2010 5:55:27 PM - System Checkpoint
RP540: 6/8/2010 12:05:03 AM - Installed Slingo Quest
RP541: 6/9/2010 3:35:25 AM - System Checkpoint
RP542: 6/10/2010 8:47:13 AM - System Checkpoint
RP543: 6/10/2010 4:27:27 PM - Restore Operation
RP544: 6/10/2010 5:15:34 PM - Software Distribution Service 3.0
RP545: 6/11/2010 5:59:32 PM - System Checkpoint
RP546: 6/12/2010 6:39:02 PM - System Checkpoint
RP547: 6/13/2010 7:03:03 PM - System Checkpoint
RP548: 6/14/2010 7:15:01 PM - System Checkpoint
RP549: 6/15/2010 1:46:05 AM - Removed Ask Toolbar.
RP550: 6/16/2010 2:04:34 AM - System Checkpoint
RP551: 6/17/2010 2:36:17 AM - System Checkpoint
RP552: 6/18/2010 2:55:50 AM - System Checkpoint
RP553: 6/19/2010 3:31:51 AM - System Checkpoint
RP554: 6/20/2010 3:55:51 AM - System Checkpoint
RP555: 6/21/2010 4:55:51 AM - System Checkpoint
RP556: 6/22/2010 5:19:51 AM - System Checkpoint
RP557: 6/23/2010 5:44:04 AM - System Checkpoint
RP558: 6/24/2010 5:52:15 PM - System Checkpoint
RP559: 6/25/2010 6:34:16 PM - System Checkpoint
RP560: 6/26/2010 6:58:16 PM - System Checkpoint
RP561: 6/28/2010 2:40:15 AM - System Checkpoint
RP562: 6/29/2010 2:48:20 AM - System Checkpoint
RP563: 6/29/2010 1:16:17 PM - Removed Java(TM) 6 Update 17
RP564: 6/29/2010 1:16:57 PM - Installed Java(TM) 6 Update 20
RP565: 6/30/2010 1:27:13 PM - System Checkpoint
RP566: 7/1/2010 6:21:41 PM - System Checkpoint
RP567: 7/3/2010 3:22:35 AM - System Checkpoint
RP568: 7/4/2010 4:15:19 AM - System Checkpoint
RP569: 7/5/2010 4:43:05 AM - System Checkpoint
RP570: 7/6/2010 5:32:38 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player
AIM 6
AIM Toolbar
Air Strike 3D
Apple Application Support
Apple Software Update
AutoUpdate
Battleship
Casino Island To Go
CDBurnerXP
Cheat Engine 5.4
Creative Audio Console
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Updater (AOL LLC)
DraftDominator Version 10.0m Full
Dragon Age: Origins
Fishdom H20 - Hidden Odyssey (remove only)
FLV Player 2.0 (build 25)
Full Tilt Poker
Futuremark SystemInfo
GIMP 2.6.3
Google Chrome
Google Toolbar for Internet Explorer
Hotel Dash Suite Success
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Inkscape 0.46
Install(US)2
Java Auto Updater
Java(TM) 6 Update 20
LEGO Star Wars II
Lemonade Tycoon 2 - New York City
Lottso! Deluxe
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Move Media Player
Mozilla Firefox (3.0.10)
MSN Toolbar
MSN Toolbar Platform
Nancy Drew: Secrets Can Kill
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
Online Armor 3.0
PC Pitstop Driver Alert2 2.0.0.0
PeaZip 2.6
PlayFLV
PokerStars
PowerDVD
QuickTime
RealArcade
Runes of Magic
Safari
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Slingo Mystery Whos Gold
Slingo Quest
Sothink FLV Player
Spybot - Search & Destroy
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veetle TV 0.9.15
Ventrilo Client
Veoh Video Compass
Veoh Web Player
Viewpoint Media Player
VLC media player 1.0.5
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Winner Poker
Wireless-G PCI Adapter
World of Warcraft
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

6/29/2010 1:29:16 PM, error: Service Control Manager [7000] - The McciCMService service failed to start due to the following error: The system cannot find the path specified.
6/29/2010 1:29:16 PM, error: Service Control Manager [7000] - The Creative Service for CDROM Access service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================
 
Good :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Malwarebytes' Anti-Malware - Malwarebytes''Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :bigthumb:
 
You must log in or register to reply here.
Back
Top