Tech Support Team

Flili · #1 (**permalink**) **Top** 6th July 2009, 05:53 AM

Every link on a search attempt redirects. I have found a temporary workaround of opening the link twice, both in separate windows, that the second window will go to the correct site.

For the record, I did read the post and completed the first 2 steps.

Downloaded SAS, attempted to run, and installer crashed. MBAM acts like it installs, but doesn't run.

Also, though this may be a seperate problem, my video card crashed yesterday, received the BIOS beep code stating that the drivers could not be initialized. The video card issue is secondary at this point though.

**evilfantasy** · #2 (**permalink**) **Top** 6th July 2009, 04:49 PM

Try the renamer download for Malwarbytes.

http://kixhelp.com/wr/files/mb/randmbam.exe

The randmbam.exe will try to create random names and shortcuts for Malwarebytes Anti Malware (MBAM) if you have it installed already.

If it installs then use this link to download the updates.

Download Malwarebytes' Anti-Malware Database - GT500.org

Just download it to the desktop and run the exe then run Malwarebytes.

Flili · #3 (**permalink**) **Top** 6th July 2009, 10:04 PM

Thanks for the renamer, that did help. Couldn't find anywhere to update from the second link, however. Ran an initial scan without the update, eliminated a chunk of problems, and then updated it from the program. After 3 scans however, I still have 3 infections that continue to show up, and SAS still crashes during install. I am also still being forced to run MBAM from the renamed shortcut.

Malwarebytes' Anti-Malware 1.38
Database version: 2382
Windows 5.1.2600 Service Pack 2

7/6/2009 5:53:58 PM
mbam-log-2009-07-06 (17-53-58).txt

Scan type: Quick Scan
Objects scanned: 90476
Time elapsed: 2 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\MSIVXqjxjebcfsx vfoowfwiwuqgsajqevstym.dll (Spyware.Agent) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
\\?\globalroot\systemroot\system32\MSIVXqjxjebcfsx vfoowfwiwuqgsajqevstym.dll (Spyware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIVXcount (Trojan.Agent) -> Delete on reboot.

**evilfantasy** · #4 (**permalink**) **Top** 7th July 2009, 04:52 PM

You have a new rootkit that is still giving a few scanners problems when they try to disable/remove them.

No worries...

Download ComboFix from one of the below links. You must rename it before saving it!

Important! You MUST save ComboFix to your desktop.

Link 1
Link 2
Link 3

Rename ComboFix to Combo-Fix before saving it to the desktop.

Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click on Combo-Fix.exe & follow the prompts.

Vista users Right-Click on Combo-Fix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)

Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

When the scan completes it will open a text window.

Post the contents of that log in your next reply.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

Flili · #5 (**permalink**) **Top** 8th July 2009, 12:14 AM

That was relatively painless.

ComboFix 09-07-07.A2 - Owner 07/07/2009 19:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1982.1576 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\MSIVXxbqipdpbnmdbyrvir klrbfpyoqpxmbpf.sys
c:\windows\system32\launcher.exe
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXptspybndqlkmiqhwmogpevirb fffdchr.dll
c:\windows\system32\MSIVXqjxjebcfsxvfoowfwiwuqgsaj qevstym.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys

((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.

2009-07-06 20:24 . 2009-07-06 20:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-06 12:26 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 12:26 . 2009-07-06 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 12:26 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-06 05:11 . 2009-07-06 21:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 16:10 . 2009-07-07 10:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-01 12:58 . 2009-07-01 12:58 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-06-27 23:54 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\setup.exe
2009-06-27 23:54 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\install.exe
2009-06-27 23:54 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-06-27 23:52 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\setup2.exe
2009-06-27 23:52 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\install2.exe
2009-06-21 04:37 . 2009-06-21 04:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-06-20 04:39 . 2009-06-21 04:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Xfire
2009-06-20 04:39 . 2009-06-21 10:55 -------- d-----w- c:\program files\Xfire
2009-06-20 04:07 . 2009-06-20 04:07 -------- d-----w- c:\program files\Advanced Spyware Remover
2009-06-20 03:56 . 2009-06-20 03:56 -------- d-----w- c:\program files\Trend Micro
2009-06-20 03:29 . 2004-05-04 16:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-06-20 03:29 . 2009-06-20 03:29 -------- d-----w- c:\program files\BurnAware Free
2009-06-19 20:26 . 2009-06-19 20:28 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-06-17 05:26 . 2009-06-17 05:26 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\AdobeUM
2009-06-17 05:25 . 2009-06-17 05:25 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-06-17 05:24 . 2009-06-17 05:24 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\Yahoo!
2009-06-13 22:58 . 2009-06-13 22:59 5525282 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\GameManager\GameDB\F5057T1L 1\setup_gF5057T1L1_d552754470_l1_s1.exe
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-10 02:11 . 2009-06-10 02:11 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 18:41 . 2009-06-08 18:41 -------- d-----w- c:\documents and settings\Owner\Application Data\ViquaSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-07 23:30 . 2008-05-28 21:06 -------- d-----w- c:\program files\Mozilla Firefox 3
2009-07-06 12:33 . 2008-04-20 01:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-06 05:18 . 2007-06-15 16:53 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-07-01 23:58 . 2009-05-03 06:15 -------- d-----w- c:\program files\Sony Online Entertainment
2009-07-01 13:24 . 2008-06-25 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-01 12:57 . 2008-06-25 14:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 12:57 . 2008-06-25 14:52 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-01 12:57 . 2008-06-25 14:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 23:54 . 2008-06-05 11:00 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp
2009-06-20 17:18 . 2009-03-09 00:46 -------- d-----w- c:\program files\PopCap Games
2009-06-20 17:17 . 2009-01-05 23:18 -------- d-----w- c:\program files\MythwarII
2009-06-20 17:16 . 2007-07-19 17:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-06-20 17:15 . 2008-10-31 20:04 -------- d-----w- c:\program files\Oberon Media
2009-06-20 17:14 . 2009-02-23 16:50 -------- d-----w- c:\program files\Galaxy Online
2009-06-20 04:32 . 2005-12-16 20:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-20 03:18 . 2009-02-13 13:21 -------- d-----w- c:\program files\CDBurnerXP
2009-06-19 22:23 . 2007-06-06 01:59 -------- d-----w- c:\documents and settings\Owner\Application Data\IGN_DLM
2009-06-19 20:04 . 2008-09-30 02:01 -------- d-----w- c:\program files\CCleaner
2009-06-16 01:19 . 2007-02-14 19:01 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo
2009-06-14 13:08 . 2009-03-27 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-06-13 00:54 . 2007-06-06 01:59 -------- d-----w- c:\program files\Download Manager
2009-06-11 23:36 . 2009-03-27 17:57 -------- d-----w- c:\program files\bfgclient
2009-06-11 15:14 . 2009-05-19 02:52 -------- d-----w- c:\program files\Megaplex Madness - Now Playing
2009-06-10 02:13 . 2005-12-16 20:25 -------- d-----w- c:\program files\Java
2009-06-07 13:16 . 2007-07-04 03:33 -------- d-----w- c:\program files\Taldren
2009-05-26 23:30 . 2009-05-26 23:30 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-26 03:21 . 2009-05-26 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Slapdash Games
2009-05-21 15:33 . 2008-12-15 00:47 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-07 15:44 . 2008-08-27 05:37 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 18:23 . 2009-05-07 05:03 372736 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgnar59d.default\ext ensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes. dll
2009-05-01 14:10 . 2008-06-25 14:52 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-29 04:31 . 2004-08-04 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2008-08-27 05:37 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-04 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJack.dll
2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\setup.exe
2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJackLoader.exe
2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\octvqe1_apiw.dll
2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\TjVista.dll
2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\TjIpSys.dll
2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\SJHandsetTigerJet.dll
2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\mjsetup.exe
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJack.dll
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.dll
2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.exe
2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\install.exe
2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\mjsetup.exe
2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJack.dll
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe
2008-08-06 15:24 . 2008-08-06 15:24 0 ----a-w- c:\program files\temp01
2008-12-18 14:50 . 2005-12-16 20:15 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-18 14:50 . 2005-12-16 20:15 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-18 14:50 . 2007-09-24 16:59 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-18 14:50 . 2007-09-24 16:59 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-18 14:50 . 2005-12-16 20:15 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1BE275B-78BF-4A33-81AB-380699CFF329}]
2008-12-31 23:07 1249280 ----a-w- c:\program files\Gaia Online Toolbar\Toolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-11 13529088]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"Tarantula"="c:\program files\Razer\Tarantula\razerhid.exe" [2007-05-07 159744]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-04-11 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-04-11 1630208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-11-6 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-01 12:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^desktop_minion4260671805.lnk]
backup=c:\windows\pss\desktop_minion4260671805.lnk Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\p ol.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octosh ape.exe"=
"c:\\Program Files\\Vivox\\Voon for Ten Ton Hammer\\Voon.exe"=
"c:\\Program Files\\Puzzle Quest Galactrix\\Galactrix.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox 3\\firefox.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"20217:TCP"= 20217:TCP:BitComet 20217 TCP
"20217:UDP"= 20217:UDP:BitComet 20217 UDP
"48990:TCP"= 48990:TCP:utorrent

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [1/2/2008 11:08 PM 17920]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/25/2008 10:52 AM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/25/2008 10:52 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 2:34 PM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/1/2009 10:10 AM 298776]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [9/17/2003 3:57 PM 8440]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag 69xp.sys [8/15/2003 2:55 AM 11237]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [2/10/2008 12:37 AM 45440]
S3 XDva007;XDva007;\??\c:\windows\system32\XDva007.sy s --> c:\windows\system32\XDva007.sys [?]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)

.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
Trusted Zone: tenderfoot.com
DPF: {C4D6755D-2123-4EEF-BAA0-94B22F1C2271} - hxxps://www.hostilespace.com/Portal/IAHSOCX20019.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgnar59d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgnar59d.default\ext ensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgnar59d.default\ext ensions\flashplugin@idm\platform\WINNT\plugins\npi dmdcp.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgnar59d.default\ext ensions\OberonGameHost@OberonGames.com\platform\WI NNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-07 20:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-527237240-2147062339-1003\Software\Microsoft\Windows\CurrentVersion\Exp lorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-839522115-527237240-2147062339-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d5,d7,ed,42,55,92,b4,6e,a5,d1,d8,99,05,39 ,4f,de,0a,90,80,15,de,f9,b8,
e2,e5,45,45,c4,f5,50,98,0c,31,61,b9,89,a2,3e,0c,bc ,06,db,89,2b,f4,72,e7,1f,\
"??"=hex:43,87,80,79,59,07,01,34,a5,e8,4f,b7,12,f9 ,4e,65

[HKEY_USERS\S-1-5-21-839522115-527237240-2147062339-1003\Software\SecuROM\License information*]
"datasecu"=hex:14,91,47,2c,1a,fc,70,25,2a,a9,9b,3d ,00,bc,8d,56,34,90,07,01,18,
4a,29,52,5a,c8,59,0e,e2,99,6c,a5,39,e8,bc,e6,41,74 ,73,90,71,d9,5b,59,d0,93,\
"rkeysecu"=hex:57,94,b2,4d,4c,cd,fe,bf,32,a3,20,a6 ,ce,19,23,b7
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2964)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
************************************************** ************************
.
Completion time: 2009-07-08 20:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-08 00:08

Pre-Run: 24,846,721,024 bytes free
Post-Run: 24,958,783,488 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

268 --- E O F --- 2009-06-12 03:10

**evilfantasy** · #6 (**permalink**) **Top** 8th July 2009, 01:37 AM

Please go to Start > Run and copy/paste the following, then press Enter:

Quote:

C:\QooBox\Add-Remove Programs.txt

A text file should open. Please post the contents of that file in your next reply.

Flili · #7 (**permalink**) **Top** 8th July 2009, 01:46 AM

µTorrent
7-Zip 4.42
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 7.1.0
Adobe Shockwave Player
Advanced Spyware Remover Free Edition
AGEIA PhysX v7.07.24
AusLogics Disk Defrag
AutoUpdate
AVG 8.5
Be a King
Big Fish Games Client
Bink and Smacker
BitComet 0.80
BurnAware Free 2.3.6
C-Media 3D Audio
CCleaner (remove only)
CDBurnerXP
Critical Update for Windows Media Player 11 (KB959772)
DivX
DivX Converter
DivX Player
DivX Web Player
Download Manager 2.3.6
DragonSky
EA Download Manager
EASIS Screenshot
FINAL FANTASY XI
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
FINAL FANTASY XI: Wings of the Goddess
FlashDevelop 3.0.0
FlashGet(JetCar)
Free Realms Installer
Gaia Online Toolbar 1.400
Google Toolbar for Firefox
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
IMS Web Dwarf V2
IrfanView (remove only)
IsoBuster 2.1
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 14
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Java(TM) SE Runtime Environment 6 Update 1
Jojo's Fashion Show
LiveSwif 2.2 (Remove only)
LotRO MIDI Player
Malwarebytes' Anti-Malware
Megaplex Madness: Now Playing
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Reader
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.19)
Mozilla Firefox (3.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
NETGEAR GA311 Gigabit Adapter
NETGEAR GA311 Smart Wizard Utility
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OpenOffice.org 2.0
PerfectDisk
Photo DVD Maker Professional 7.97
Photo Story 3 for Windows
Picasa 3
Platform
PlayOnline Viewer & Tetra Master
PowerDVD
Puzzle Hero
Puzzle Quest
Puzzle Quest Galactrix
QuickTime
Razer Tarantula
RealPlayer
Realtek AC'97 Audio
Reaper Gaming Mouse
S3 S3Chromo
S3 S3Config3D
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3 S3TrayPlus
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Spa Mania
System Requirements Lab
TBS WMP Plug-in
The Lord of the Rings Online™: Mines of Moria™ v02.01.03.4021
TopStyle Lite (Version 3)
Unity Web Player
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB907265)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC80CRTRedist - 8.0.50727.762
VIA Platform Device Manager
Voon for Ten Ton Hammer 0.1.11.1855
WebFldrs XP
Winamp (remove only)
Windows Communication Foundation
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Wise Registry Cleaner 4 Free 4.62
Wizardry Gold
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
XPS Essentials Pack
XPS Essentials Pack 1.0
XviD MPEG-4 Video Codec
Yahoo! Browser Services
Yahoo! IE Search Suggest
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Zip Motion Block Video codec (Remove Only)

**evilfantasy** · #8 (**permalink**) **Top** 8th July 2009, 02:00 AM

Go to Add or Remove Programs and uninstall:

Advanced Spyware Remover Free Edition <-See here

----------

Your Java is out of date.

Older versions have vulnerabilities that malicious sites can use to infect your system.

First install the new Sun Java Runtime Environment

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close all browser windows before beginning the install.

Remove the old version(s)

Download JavaRa
* Unzip the file and open the JavaRa.exe
* Click Remove Older Versions
* JavaRa will search for and remove any outdated version of Java and remove any that are found.
* Click Additional Tasks
* Place a check next to Remove Useless JRE Files and click Go
* Exit JavaRa
* Delete the JavaRa files from the Desktop

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

----------

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

Folder::
c:\program files\Advanced Spyware Remover

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20217:TCP"=-
"20217:UDP"=-
"48990:TCP"=-

RegLock::
[HKEY_USERS\S-1-5-21-839522115-527237240-2147062339-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Flili · #9 (**permalink**) **Top** 8th July 2009, 03:00 AM

ComboFix 09-07-07.A2 - Owner 07/07/2009 22:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1982.1555 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Advanced Spyware Remover
c:\program files\Advanced Spyware Remover\Common.ini
c:\windows\Installer\1d9bbc53.msi
c:\windows\Installer\571b2.msi
c:\windows\Installer\601f0.msi
c:\windows\Installer\60447.msi
c:\windows\Installer\61886.msi
c:\windows\Installer\71dde.msi
c:\windows\Installer\7c088.msi

.
((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.

2009-07-06 20:24 . 2009-07-06 20:24 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-06 12:26 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-06 12:26 . 2009-07-06 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-06 12:26 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-06 05:11 . 2009-07-06 21:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-04 16:10 . 2009-07-07 10:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-01 12:58 . 2009-07-01 12:58 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG8
2009-06-27 23:54 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\setup.exe
2009-06-27 23:54 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\install.exe
2009-06-27 23:54 . 2008-02-29 12:42 386496 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-06-27 23:52 . 2009-04-10 13:58 6327408 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\setup2.exe
2009-06-27 23:52 . 2009-04-10 13:55 725296 ---ha-w- c:\documents and settings\Owner\Application Data\mjusbsp\Upgrade\install2.exe
2009-06-21 04:37 . 2009-06-21 04:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-06-20 04:39 . 2009-06-21 04:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Xfire
2009-06-20 04:39 . 2009-06-21 10:55 -------- d-----w- c:\program files\Xfire
2009-06-20 03:56 . 2009-06-20 03:56 -------- d-----w- c:\program files\Trend Micro
2009-06-20 03:29 . 2004-05-04 16:53 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2009-06-20 03:29 . 2009-06-20 03:29 -------- d-----w- c:\program files\BurnAware Free
2009-06-19 20:26 . 2009-06-19 20:28 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-06-17 05:26 . 2009-06-17 05:26 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\AdobeUM
2009-06-17 05:25 . 2009-06-17 05:25 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-06-17 05:24 . 2009-06-17 05:24 -------- d-----w- c:\windows\system32\config\systemprofile\Applicati on Data\Yahoo!
2009-06-13 22:58 . 2009-06-13 22:59 5525282 ----a-w- c:\documents and settings\All Users\Application Data\BigFishGamesCache\GameManager\GameDB\F5057T1L 1\setup_gF5057T1L1_d552754470_l1_s1.exe
2009-06-11 22:29 . 2009-06-11 22:29 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-10 02:11 . 2009-06-10 02:11 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-08 18:41 . 2009-06-08 18:41 -------- d-----w- c:\documents and settings\Owner\Application Data\ViquaSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-07-08 02:35 . 2005-12-16 20:25 -------- d-----w- c:\program files\Java
2009-07-08 02:32 . 2008-05-28 21:06 -------- d-----w- c:\program files\Mozilla Firefox 3
2009-07-08 02:31 . 2008-12-15 00:47 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-06 12:33 . 2008-04-20 01:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-06 05:18 . 2007-06-15 16:53 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-07-01 23:58 . 2009-05-03 06:15 -------- d-----w- c:\program files\Sony Online Entertainment
2009-07-01 13:24 . 2008-06-25 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-01 12:57 . 2008-06-25 14:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 12:57 . 2008-06-25 14:52 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-01 12:57 . 2008-06-25 14:51 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-27 23:54 . 2008-06-05 11:00 -------- d-----w- c:\documents and settings\Owner\Application Data\mjusbsp
2009-06-20 17:18 . 2009-03-09 00:46 -------- d-----w- c:\program files\PopCap Games
2009-06-20 17:17 . 2009-01-05 23:18 -------- d-----w- c:\program files\MythwarII
2009-06-20 17:16 . 2007-07-19 17:17 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks
2009-06-20 17:15 . 2008-10-31 20:04 -------- d-----w- c:\program files\Oberon Media
2009-06-20 17:14 . 2009-02-23 16:50 -------- d-----w- c:\program files\Galaxy Online
2009-06-20 04:32 . 2005-12-16 20:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-20 03:18 . 2009-02-13 13:21 -------- d-----w- c:\program files\CDBurnerXP
2009-06-19 22:23 . 2007-06-06 01:59 -------- d-----w- c:\documents and settings\Owner\Application Data\IGN_DLM
2009-06-19 20:04 . 2008-09-30 02:01 -------- d-----w- c:\program files\CCleaner
2009-06-16 01:19 . 2007-02-14 19:01 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo
2009-06-14 13:08 . 2009-03-27 17:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-06-13 00:54 . 2007-06-06 01:59 -------- d-----w- c:\program files\Download Manager
2009-06-11 23:36 . 2009-03-27 17:57 -------- d-----w- c:\program files\bfgclient
2009-06-11 15:14 . 2009-05-19 02:52 -------- d-----w- c:\program files\Megaplex Madness - Now Playing
2009-06-07 13:16 . 2007-07-04 03:33 -------- d-----w- c:\program files\Taldren
2009-05-26 23:30 . 2009-05-26 23:30 390664 ----a-w- c:\documents and settings\Owner\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-26 03:21 . 2009-05-26 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Slapdash Games
2009-05-07 15:44 . 2008-08-27 05:37 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 18:23 . 2009-05-07 05:03 372736 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgnar59d.default\ext ensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes. dll
2009-05-01 14:10 . 2008-06-25 14:52 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-04-29 04:31 . 2004-08-04 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2008-08-27 05:37 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2004-08-04 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 13:58 . 2009-04-10 13:58 86360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJack.dll
2009-04-10 13:58 . 2009-04-10 13:58 6327408 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\setup.exe
2009-04-10 13:58 . 2009-04-10 13:58 412784 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJackLoader.exe
2009-04-10 13:58 . 2009-04-10 13:58 480608 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\octvqe1_apiw.dll
2009-04-10 13:58 . 2009-04-10 13:58 214360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\TjVista.dll
2009-04-10 13:58 . 2009-04-10 13:58 325040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\TjIpSys.dll
2009-04-10 13:57 . 2009-04-10 13:57 398696 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\SJHandsetTigerJet.dll
2009-04-10 13:57 . 2009-04-10 13:57 87384 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\mjsetup.exe
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJack.dll
2009-04-10 13:57 . 2009-04-10 13:57 86360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.dll
2009-04-10 13:56 . 2009-04-10 13:56 11871576 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJack.exe
2009-04-10 13:55 . 2009-04-10 13:55 725296 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\install.exe
2009-04-10 13:55 . 2009-04-10 13:55 87384 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\mjsetup.exe
2009-04-10 13:55 . 2009-04-10 13:55 86360 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJack.dll
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 456040 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-04-10 13:53 . 2009-04-10 13:53 50520 ----a-w- c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe
2008-08-06 15:24 . 2008-08-06 15:24 0 ----a-w- c:\program files\temp01
2008-12-18 14:50 . 2005-12-16 20:15 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-18 14:50 . 2005-12-16 20:15 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-18 14:50 . 2007-09-24 16:59 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-18 14:50 . 2007-09-24 16:59 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-18 14:50 . 2005-12-16 20:15 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-08_00.03.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-08 02:47 . 2009-07-08 02:47 16384 c:\windows\temp\Perflib_Perfdata_1e4.dat
- 2009-06-10 02:13 . 2009-05-21 15:34 148888 c:\windows\system32\javaws.exe
+ 2009-07-08 02:32 . 2009-07-08 02:31 148888 c:\windows\system32\javaws.exe
+ 2009-07-08 02:32 . 2009-07-08 02:31 144792 c:\windows\system32\javaw.exe
- 2009-06-10 02:13 . 2009-05-21 15:34 144792 c:\windows\system32\javaw.exe
+ 2009-07-08 02:32 . 2009-07-08 02:31 144792 c:\windows\system32\java.exe
- 2009-06-10 02:13 . 2009-05-21 15:34 144792 c:\windows\system32\java.exe
+ 2009-07-08 02:31 . 2009-07-08 02:31 1563648 c:\windows\Installer\85ad8.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B1BE275B-78BF-4A33-81AB-380699CFF329}]
2008-12-31 23:07 1249280 ----a-w- c:\program files\Gaia Online Toolbar\Toolbar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-11 13529088]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"Tarantula"="c:\program files\Razer\Tarantula\razerhid.exe" [2007-05-07 159744]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-04-11 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-08 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-04-11 1630208]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
GA311 Smart Wizard Utility.lnk - c:\program files\NETGEAR GA311 Adapter\GA311.exe [2003-11-6 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-01 12:57 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^desktop_minion4260671805.lnk]
backup=c:\windows\pss\desktop_minion4260671805.lnk Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PlayOnline\\SquareEnix\\PlayOnlineViewer\\p ol.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octosh ape.exe"=
"c:\\Program Files\\Vivox\\Voon for Ten Ton Hammer\\Voon.exe"=
"c:\\Program Files\\Puzzle Quest Galactrix\\Galactrix.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox 3\\firefox.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [1/2/2008 11:08 PM 17920]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/25/2008 10:52 AM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/25/2008 10:52 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 2:34 PM 906520]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/1/2009 10:10 AM 298776]
R2 LANPkt;Realtek LANPkt Protocol;c:\windows\system32\drivers\LANPkt.sys [9/17/2003 3:57 PM 8440]
R3 Diag69xp;Diag69xp;c:\windows\system32\drivers\diag 69xp.sys [8/15/2003 2:55 AM 11237]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\drivers\UsbFltr.sys [2/10/2008 12:37 AM 45440]
S3 XDva007;XDva007;\??\c:\windows\system32\XDva007.sy s --> c:\windows\system32\XDva007.sys [?]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download All by FlashGet - c:\program files\FlashGet\jc_all.htm
IE: Download using FlashGet - c:\program files\FlashGet\jc_link.htm
Trusted Zone: tenderfoot.com
DPF: {C4D6755D-2123-4EEF-BAA0-94B22F1C2271} - hxxps://www.hostilespace.com/Portal/IAHSOCX20019.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgnar59d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&ei=utf-8&yahoo_domain=search.yahoo.com&p=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgnar59d.default\ext ensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgnar59d.default\ext ensions\flashplugin@idm\platform\WINNT\plugins\npi dmdcp.dll
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\jgnar59d.default\ext ensions\OberonGameHost@OberonGames.com\platform\WI NNT_x86-msvc\plugins\npOberonGameHost.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox 3\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-07-07 22:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-839522115-527237240-2147062339-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:d5,d7,ed,42,55,92,b4,6e,a5,d1,d8,99,05,39 ,4f,de,0a,90,80,15,de,f9,b8,
e2,e5,45,45,c4,f5,50,98,0c,31,61,b9,89,a2,3e,0c,bc ,06,db,89,2b,f4,72,e7,1f,\
"??"=hex:43,87,80,79,59,07,01,34,a5,e8,4f,b7,12,f9 ,4e,65

[HKEY_USERS\S-1-5-21-839522115-527237240-2147062339-1003\Software\SecuROM\License information*]
"datasecu"=hex:14,91,47,2c,1a,fc,70,25,2a,a9,9b,3d ,00,bc,8d,56,34,90,07,01,18,
4a,29,52,5a,c8,59,0e,e2,99,6c,a5,39,e8,bc,e6,41,74 ,73,90,71,d9,5b,59,d0,93,\
"rkeysecu"=hex:57,94,b2,4d,4c,cd,fe,bf,32,a3,20,a6 ,ce,19,23,b7
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\nexon\Mabinogi\npkcmsvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
.
************************************************** ************************
.
Completion time: 2009-07-08 22:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-08 02:53
ComboFix2.txt 2009-07-08 00:09

Pre-Run: 25,439,379,456 bytes free
Post-Run: 25,406,955,520 bytes free

264 --- E O F --- 2009-06-12 03:10

**evilfantasy** · #10 (**permalink**) **Top** 8th July 2009, 03:10 AM

* Click START then RUN
* Now type Combo-fix /u in the runbox
* Make sure there's a space between Combo-fix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Use the Kaspersky Lab Online Scanner

In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command. From the Desktop right click the icon to open the browser and choose Run as Administrator.

Click on SCAN NOW
Click Accept.
The program will then begin downloading the latest definition files.
Once the files have been downloaded locate the Scan Settings and have it scan My Computer.
The scan will take a while, so be patient and let it finish.

When the scan is done, in the Scan is complete window, any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.

To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop.
In the File name area use KScan, or something similar.
In Save as type: click the drop arrow and select: Text file [*.txt]
Then, click: Save

Copy and paste the Kaspersky Online Scanner Report in your next reply.

Note for Internet Explorer 7 and 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

If needed, this animation will guide you through the process.

Flili · #11 (**permalink**) **Top** 8th July 2009, 03:18 AM

* Click START then RUN
* Now type Combo-fix /u in the runbox
* Make sure there's a space between Combo-fix and /u
* Then hit Enter

My computer replies with unable to locate file?

**evilfantasy** · #12 (**permalink**) **Top** 8th July 2009, 03:22 AM

Co into your C: drive and delete the Combo-Fix and the Qoobox folders. That will remove ComboFix. Then you need to manually flush your old infected Restore Points.

Reset and Re-enable your System Restore to remove any infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are infected, but that's good news)

Turn OFF System Restore

On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
Check Turn off System Restore
Click Apply, and then click OK

Restart your computer

Turn ON System Restore

On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
UN-Check Turn off System Restore
Click Apply, and then click OK

System Restore will now be active again

Flili · #13 (**permalink**) **Top** 8th July 2009, 01:32 PM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 8, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 08, 2009 05:34:43
Records in database: 2440023
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 112295
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 01:32:07

No malware has been detected. The scan area is clean.

The selected area was scanned.

**evilfantasy** · #14 (**permalink**) **Top** 8th July 2009, 04:25 PM

It looks like we got everything.

Can you try updating then running SUPERAntiSpyware again to see if it works now?