Tech Support Team

febuary1088 · #1 (**permalink**) **Top** 29th June 2009, 03:05 AM

its hard for me to type cuz of this virus..

i have windows xp --------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, June 28, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Sunday, June 28, 2009 22:52:59
Records in database: 2399975
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 51472
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:27:41

File name / Threat name / Threats count
C:\Documents and Settings\Park\Local Settings\Temporary Internet Files\Content.IE5\JEIGF44O\AntivirusPlus[1].grn Infected: not-a-virus:FraudTool.Win32.AntivirusPlus.iz 1

The selected area was scanned.

HELP!

**evilfantasy** · #2 (**permalink**) **Top** 29th June 2009, 07:14 PM

Welcome to TST.

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

If you already have Malwarebytes be sure to update it before running the scan!

Download Malwarebytes' Anti-Malware (MBAM)

Alternate MBAM download link

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

----------

Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

febuary1088 · #3 (**permalink**) **Top** 29th June 2009, 07:51 PM

I did both the temporary internet file cleaner and the malicious virus scanner and the scanner found zero infected files

the typing problem seems to have been a computer configuration problem rather than a virus problem seeing as how a simple restart fixed it

anyway, am I clean now?

**evilfantasy** · #4 (**permalink**) **Top** 29th June 2009, 07:52 PM

I can't tell what's going on without the DDS logs. AntivirusPlus usually is found in more than just the temp files so it is best to rule everything out. Better safe than sorry.

febuary1088 · #5 (**permalink**) **Top** 29th June 2009, 07:54 PM

Attach:

Quote:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-06-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/6/2009 9:01:49 PM
System Uptime: 6/29/2009 3:40:48 PM (0 hours ago)

Motherboard: TOSHIBA | | HAQAA
Processor: Genuine Intel(R) CPU T1350 @ 1.86GHz | U2E1 | 1861/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 29.877 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 5/6/2009 9:01:55 PM - System Checkpoint
RP2: 5/6/2009 5:46:11 PM - Avira AntiVir Personal - 5/6/2009 14:46
RP3: 5/7/2009 11:42:51 AM - Software Distribution Service 3.0
RP4: 5/8/2009 3:00:17 AM - Software Distribution Service 3.0
RP5: 5/9/2009 11:04:15 AM - System Checkpoint
RP6: 5/9/2009 9:58:49 PM - Installed DAEMON Tools
RP7: 5/9/2009 10:14:30 PM - Removed DAEMON Tools
RP8: 5/12/2009 2:42:52 PM - Installed Microsoft Office Enterprise 2007
RP9: 5/12/2009 2:51:46 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP10: 5/13/2009 8:46:13 PM - System Checkpoint
RP11: 5/14/2009 5:20:56 PM - Installed Age of Empires III
RP12: 5/14/2009 5:43:10 PM - Installed DirectX 9.0
RP13: 5/14/2009 5:45:51 PM - Removed Age of Empires III
RP14: 5/14/2009 5:54:29 PM - Installed Age of Empires III
RP15: 5/14/2009 9:25:38 PM - Removed Age of Empires III
RP16: 5/16/2009 3:39:48 PM - System Checkpoint
RP17: 5/19/2009 3:07:29 PM - System Checkpoint
RP18: 5/20/2009 4:57:35 PM - System Checkpoint
RP19: 5/21/2009 4:57:10 PM - Installed iTunes
RP20: 5/21/2009 7:19:48 PM - Installed Steam
RP21: 5/22/2009 7:23:52 PM - System Checkpoint
RP22: 5/25/2009 5:18:41 AM - System Checkpoint
RP23: 5/26/2009 2:44:11 PM - System Checkpoint
RP24: 5/29/2009 2:50:33 AM - System Checkpoint
RP25: 6/2/2009 3:58:19 PM - Uniblue RegistryBooster 2009
RP26: 6/3/2009 4:25:23 PM - System Checkpoint
RP27: 6/4/2009 3:20:08 PM - Removed Steam
RP28: 6/7/2009 5:00:01 AM - System Checkpoint
RP29: 6/8/2009 5:42:49 AM - System Checkpoint
RP30: 6/9/2009 5:49:02 AM - System Checkpoint
RP31: 6/10/2009 7:13:26 PM - System Checkpoint
RP32: 6/23/2009 10:31:14 PM - System Checkpoint
RP33: 6/28/2009 2:02:39 AM - System Checkpoint
RP34: 6/29/2009 3:58:08 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
Age of Empires III
ALPS Touch Pad Driver
ALTools Update
ALZip
AOL Coach Version 2.0(Build:20041026.5 en)
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Avira AntiVir Personal - Free Antivirus
Battle.net
Bonjour
CD/DVD Drive Acoustic Silencer
Diablo
Diablo II
DVD-RAM Driver
GOM Player
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
ICCup Launcher
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDrWiFi
Metamail (Toshiba Registration Utility)
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIWA
mLogView
mMHouse
Mozilla Firefox (3.0.11)
mPfMgr
mPfWiz
mProSafe
MSXML 4.0 SP2 (KB954430)
mWlsSafe
mXML
mZConfig
Office 2003 Trial Assistant
PowerISO
QuickTime
Real Alternative 1.9.0
Realtek High Definition Audio Driver
Runtime Files Pack 3
SD Secure Module
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SMSC IrCC V5.1.3600.5 SP2
Sonic DLA
Sonic RecordNow!
SopCast 3.0.3
Starcraft
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
Toshiba Tbiosdrv Driver
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB912945)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Utility Common Driver
Viewpoint Media Player
Visual Basic 4 Runtime Files
Warcraft II BNE
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
WinRAR archiver

==== Event Viewer Messages From Past Week ========

6/29/2009 7:05:22 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
6/28/2009 4:17:28 PM, error: Dhcp [1002] - The IP address lease 192.168.0.108 for the Network Card with network address 001302A00591 has been denied by the DHCP server 10.1.1.250 (The DHCP Server sent a DHCPNACK message).
6/28/2009 10:56:31 PM, error: Dhcp [1002] - The IP address lease 10.224.1.71 for the Network Card with network address 001302A00591 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/26/2009 4:41:30 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302A00591. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
6/25/2009 7:36:21 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 001302A00591 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
6/23/2009 10:52:11 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
6/23/2009 1:07:01 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{23AA0177-5664-4709-A97D-F4F3329A3D82} because another computer on the network has the same name. The server could not start.

==== End Of File ===========================

DDS:

Quote:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Park at 15:52:05.32 on Mon 06/29/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.992 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\TDispVol.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Park\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Bar = hxxp://www.toshiba.com/search
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] c:\program files\toshiba\toshiba applet\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\windows utilities\SVPWUTIL.exe SVPwUTIL
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [CeEKEY] c:\program files\toshiba\e-key\CeEKey.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [ZoomingHook] ZoomingHook.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TPNF] c:\program files\toshiba\touchpad\TPTray.exe
mRun: [TCtryIOHook] TCtrlIOHook.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ram asst.lnk - c:\windows\system32\RAMASST.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\park\applic~1\mozilla\firefox\profiles \v5gsatbe.default\
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-6 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-6 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-6 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgn tflt.sys [2009-5-6 55640]

=============== Created Last 30 ================

2009-06-29 15:45 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 15:45 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-29 15:45 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-23 21:35 <DIR> --d----- c:\docume~1\park\applic~1\Malwarebytes
2009-06-23 21:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-03 15:14 98,304 a------- c:\windows\W2BNEUnin.exe
2009-06-03 15:14 20,250 a------- c:\windows\W2BNEUnin.dat
2009-06-03 15:14 2,829 a------- c:\windows\W2BNEUnin.pif
2009-06-03 15:13 <DIR> --d----- c:\program files\Warcraft II BNE
2009-06-03 13:07 720,896 a------- c:\windows\iun6002.exe
2009-06-03 12:58 <DIR> --d----- c:\program files\Condition Zero
2009-06-02 15:56 <DIR> --d----- c:\docume~1\park\applic~1\Uniblue
2009-06-02 13:56 999 a------- c:\windows\system32\ST4UNST.000
2009-06-02 13:56 722,192 a------- c:\windows\system32\VB40032.DLL
2009-06-02 13:56 60,416 a------- c:\windows\ST4UNST.EXE

==================== Find3M ====================

2009-05-30 13:39 86,528 a------- c:\windows\bnetunin.exe
2009-05-30 13:39 61,440 a------- c:\windows\diabunin.exe
2009-05-25 03:44 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-05-25 03:44 17,212 a------t c:\windows\system32\SIntf32.dll
2009-05-25 03:44 12,067 a------t c:\windows\system32\SIntf16.dll
2009-05-10 00:39 34,811 a------- c:\windows\scunin.dat
2009-05-10 00:39 94,208 a------- c:\windows\ScUnin.exe
2009-05-06 20:51 21,275 a------- c:\windows\system32\drivers\AegisP.sys
2009-05-06 17:55 153 a------- C:\DelUS.bat

============= FINISH: 15:52:19.01 ===============

**evilfantasy** · #6 (**permalink**) **Top** 29th June 2009, 08:10 PM

There are a few things that we should take care of.

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa
* Unzip the file and open the JavaRa.exe
* Click Remove Older Versions
* JavaRa will search for and remove any outdated version of Java and remove any that are found.
* Click Additional Tasks
* Place a check next to Remove Useless JRE Files and click Go
* Exit JavaRa
* Delete the JavaRa files from the Desktop

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

----------

You have Viewpoint installed.

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

More information:

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint
Viewpoint Manager
Viewpoint Media Player
Viewpoint Toolbar
Viewpoint Experience Technology

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

DDS::
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Firefox::
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

Folder::
c:\program files\viewpoint

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

febuary1088 · #7 (**permalink**) **Top** 29th June 2009, 08:27 PM

Thanks very helpful!

Here is my log for the Combofix:

ComboFix 09-06-29.01 - Park 06/29/2009 16:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1526.989 [GMT -4:00]
Running from: c:\documents and settings\Park\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Park\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\messenger\msmsgs.exe

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-29 )))))))))))))))))))))))))))))))
.

2009-06-29 20:12 . 2009-06-29 20:12 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-29 19:45 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-29 19:45 . 2009-06-29 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-29 19:45 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-24 01:35 . 2009-06-24 01:35 -------- d-----w- c:\documents and settings\Park\Application Data\Malwarebytes
2009-06-24 01:35 . 2009-06-24 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-07 19:33 . 2009-06-25 23:34 -------- d-----w- c:\documents and settings\Park\Application Data\U3
2009-06-03 19:14 . 2009-06-03 19:14 98304 ----a-w- c:\windows\W2BNEUnin.exe
2009-06-03 19:14 . 2009-06-03 19:14 2829 ----a-w- c:\windows\W2BNEUnin.pif
2009-06-03 19:14 . 2009-06-03 19:14 20250 ----a-w- c:\windows\W2BNEUnin.dat
2009-06-03 19:13 . 2009-06-03 19:41 -------- d-----w- c:\program files\Warcraft II BNE
2009-06-03 17:07 . 2009-06-03 16:58 720896 ----a-w- c:\windows\iun6002.exe
2009-06-03 16:58 . 2009-06-17 01:44 -------- d-----w- c:\program files\Condition Zero
2009-06-02 19:56 . 2009-06-02 19:56 -------- d-----w- c:\documents and settings\Park\Application Data\Uniblue
2009-06-02 17:56 . 2002-03-25 22:44 722192 ----a-w- c:\windows\system32\VB40032.DLL
2009-06-02 17:56 . 2002-03-25 22:44 60416 ----a-w- c:\windows\ST4UNST.EXE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-29 20:13 . 2005-12-29 19:49 -------- d-----w- c:\program files\Java
2009-06-29 03:52 . 2009-05-10 02:05 -------- d-----w- c:\program files\Starcraft
2009-06-25 21:56 . 2009-05-13 23:47 -------- d-----w- c:\documents and settings\Park\Application Data\uTorrent
2009-06-23 19:00 . 2009-05-21 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-23 18:58 . 2009-05-13 05:04 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-06-11 03:05 . 2009-05-25 21:06 -------- d-----w- c:\program files\Diablo II
2009-06-04 19:19 . 2009-05-22 12:36 -------- d-----w- c:\program files\Counter-Strike 1.6 V35
2009-06-02 11:39 . 2009-05-21 20:57 -------- d-----w- c:\documents and settings\Park\Application Data\Apple Computer
2009-05-30 17:39 . 2009-05-30 17:39 86528 ----a-w- c:\windows\bnetunin.exe
2009-05-30 17:39 . 2009-05-30 17:39 61440 ----a-w- c:\windows\diabunin.exe
2009-05-27 14:27 . 2009-05-27 14:26 -------- d-----w- c:\program files\SopCast
2009-05-26 16:59 . 2009-05-26 16:59 -------- d-----w- c:\documents and settings\Park\Application Data\Moyea
2009-05-25 07:44 . 2009-05-25 06:41 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-05-25 07:44 . 2009-05-25 06:41 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-05-25 07:44 . 2009-05-25 06:41 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-05-21 20:57 . 2009-05-21 20:57 -------- d-----w- c:\program files\iTunes
2009-05-21 20:57 . 2009-05-21 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-21 20:57 . 2009-05-21 20:57 -------- d-----w- c:\program files\iPod
2009-05-21 20:57 . 2009-05-21 20:54 -------- d-----w- c:\program files\Common Files\Apple
2009-05-21 20:56 . 2009-05-21 20:56 -------- d-----w- c:\program files\Bonjour
2009-05-21 20:56 . 2009-05-21 20:56 -------- d-----w- c:\program files\QuickTime
2009-05-21 20:55 . 2009-05-21 20:55 -------- d-----w- c:\program files\Apple Software Update
2009-05-21 20:54 . 2009-05-21 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-21 18:14 . 2009-05-19 18:29 -------- d-----w- c:\program files\Real Alternative
2009-05-19 20:19 . 2009-05-19 20:19 -------- d-----w- c:\documents and settings\Park\Application Data\Media Player Classic
2009-05-19 18:28 . 2005-12-29 20:22 -------- d-----w- c:\program files\Common Files\Real
2009-05-15 01:26 . 2005-12-29 18:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-14 21:20 . 2009-05-14 21:20 -------- d-----w- c:\program files\Microsoft Games
2009-05-14 01:36 . 2009-05-14 01:36 -------- d-----w- c:\program files\ICCup
2009-05-13 23:48 . 2009-05-13 23:48 -------- d-----w- c:\program files\uTorrent
2009-05-12 19:46 . 2009-05-12 19:46 -------- d-----w- c:\documents and settings\Park\Application Data\GRETECH
2009-05-12 19:20 . 2009-05-10 03:07 76632 ----a-w- c:\documents and settings\Park\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-12 18:55 . 2009-05-12 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-12 18:50 . 2009-05-12 18:50 -------- d-----w- c:\program files\Microsoft Works
2009-05-12 18:50 . 2009-05-12 18:50 -------- d-----w- c:\program files\MSBuild
2009-05-12 18:48 . 2009-05-12 18:48 -------- d-----w- c:\program files\Microsoft.NET
2009-05-10 04:39 . 2009-05-10 04:36 34811 ----a-w- c:\windows\scunin.dat
2009-05-10 04:39 . 2009-05-10 04:36 967 ----a-w- c:\windows\ScUnin.pif
2009-05-10 04:39 . 2009-05-10 04:36 94208 ----a-w- c:\windows\ScUnin.exe
2009-05-10 02:17 . 2005-12-29 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
2009-05-10 02:09 . 2009-05-10 02:09 -------- d-----w- c:\program files\PowerISO
2009-05-08 19:56 . 2009-05-08 19:56 -------- d-----w- c:\documents and settings\Park\Application Data\AdobeUM
2009-05-08 07:02 . 2009-05-08 07:02 -------- d-----w- c:\program files\MSXML 4.0
2009-05-07 00:57 . 2005-12-29 20:22 -------- d-----w- c:\program files\Pure Networks
2009-05-07 00:57 . 2005-12-29 20:21 -------- d-----w- c:\program files\Common Files\AOL
2009-05-07 00:56 . 2005-12-29 19:46 -------- d-----w- c:\program files\Quicken
2009-05-07 00:55 . 2005-12-29 19:48 -------- d-----w- c:\program files\Sonic
2009-05-07 00:53 . 2005-12-29 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-05-07 00:53 . 2009-05-07 01:02 -------- d-----w- c:\documents and settings\Park\Application Data\AOL
2009-05-07 00:52 . 2009-05-07 00:52 -------- d-----w- c:\program files\ArcSoft
2009-05-07 00:51 . 2009-05-07 01:02 -------- d-----w- c:\documents and settings\Park\Application Data\Intel
2009-05-07 00:51 . 2009-05-07 00:51 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-05-07 00:51 . 2009-05-07 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2009-05-07 00:51 . 2005-12-29 18:00 -------- d-----w- c:\program files\Intel
2009-05-07 00:51 . 2009-05-07 00:51 -------- d-----w- c:\program files\InterVideo
2009-05-06 22:46 . 2009-05-06 22:46 -------- d-----w- c:\documents and settings\Park\Application Data\InterVideo
2009-05-06 22:02 . 2009-05-06 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Estsoft
2009-05-06 22:02 . 2009-05-06 21:19 -------- d-----w- c:\documents and settings\Park\Application Data\ESTsoft
2009-05-06 21:55 . 2009-05-06 21:55 153 ----a-w- C:\DelUS.bat
2009-05-06 21:46 . 2009-05-06 21:46 -------- d-----w- c:\program files\Avira
2009-05-06 21:46 . 2009-05-06 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-06 21:19 . 2009-05-06 21:19 -------- d-----w- c:\program files\ESTsoft
2009-05-06 21:13 . 2009-05-06 21:13 -------- d-----w- c:\program files\GRETECH
2009-04-02 20:29 . 2009-04-02 20:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2005-12-01 671744]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-07-15 1077322]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-14 53248]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.E XE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScI nst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT \TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TIN TSETP.EXE" [2004-08-04 455168]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2005-10-15 88203]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]
"ZoomingHook"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2005-06-06 24576]
"TCtryIOHook"="TCtrlIOHook.exe" - c:\windows\system32\TCtrlIOHook.exe [2005-12-05 28672]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-12-28 73728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-12-29 155648]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/6/2009 5:46 PM 108289]
.
Contents of the 'Scheduled Tasks' folder

2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe

.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Park\Application Data\Mozilla\Firefox\Profiles\v5gsatbe.default\
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-29 16:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3200)
c:\windows\system32\TDispVol.dll
c:\windows\system32\msi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\system32\TPSBattM.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2009-06-29 16:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-29 20:25

Pre-Run: 31,898,116,096 bytes free
Post-Run: 31,881,211,904 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

230 --- E O F --- 2009-05-08 07:09

**evilfantasy** · #8 (**permalink**) **Top** 29th June 2009, 08:31 PM

Looks good now.

Time to finish up.

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

----------

Go to Microsoft Windows Update and get all critical security updates. (you will need to use Internet Explorer to do this)

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

febuary1088 · #9 (**permalink**) **Top** 30th June 2009, 01:28 AM

Thank you sir, you've been incredibly helpful!

**evilfantasy** · #10 (**permalink**) **Top** 30th June 2009, 01:37 AM

Your welcome.

Safe surfing.