Free Malware Removal Forum

[SantiGasm]

Some have been Blinkx.com and even yellowpages.com. It has also frozen my computer (I believe it was the cause).

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:23:04 PM, on 3/20/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab ... detect.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe (file missing)
O23 - Service: Xlight FTP Server - XLIGHTFTPD - C:\Program Files\Xlight\xlight.exe

--
End of file - 6927 bytes

[MWR 3 day Mod]

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

[gringo_pr]

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

1.Please do not run any other tool untill instructed to do so!
2.Please reply to this thread, do not start another!
3.Please tell me about any problems that have occurred during the fix.
4.Please tell me of any other symptoms you may be having as these can help also.
5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.

• The application window will appear
  
• Click the Disable button to disable your CD Emulation drivers
• Click Yes to continue
• A 'Finished!' message will appear
• Click OK
• DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:

Please download DDS by sUBs from one of the links below and save it to your desktop:


Download DDS and save it to your desktop

Link1
Link2
Link3

Please disable any anti-malware program that will block scripts from running before running DDS.


• Double-Click on dds.scr and a command window will appear. This is normal.
  
• Shortly after two logs will appear:
  
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

GMER:

Download GMER Rootkit Scanner from here or here.

• Extract the contents of the zipped file to desktop.
  
• Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..


• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

information and logs:

In your next post I need the following


1.logs from DDS
2.log from GMER
3.let me know of any problems you may have had

Gringo

[SantiGasm]

DDS (Ver_10-03-17.01) - NTFSx86
Run by Luke at 17:56:41.25 on Thu 03/25/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1023.203 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\vmnat.exe
C:\Program Files\Xlight\xlight.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\msiexec.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Luke\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Aim6]
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\luke\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab ... detect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: MCPClient - c:\progra~1\common~1\stardock\mcpstub.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\luke\appdata\roaming\mozilla\firefox\profiles\f1l2kbu1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ThePirateBay.org
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\users\luke\appdata\roaming\mozilla\firefox\profiles\f1l2kbu1.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\luke\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\luke\appdata\roaming\mozilla\firefox\profiles\f1l2kbu1.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-10-18 24652]
R2 Xlight FTP Server;Xlight FTP Server;c:\program files\xlight\xlight.exe -runservice --> c:\program files\xlight\xlight.exe -runservice [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2009-7-24 2074464]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

=============== Created Last 30 ================

2010-03-25 21:48:07 0 ----a-w- c:\users\luke\defogger_reenable
2010-03-23 01:13:36 0 d-----w- c:\program files\R4
2010-03-22 03:21:30 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-22 03:19:22 0 dc-h--w- c:\programdata\~0
2010-03-22 03:18:26 0 d-----w- c:\programdata\Lavasoft
2010-03-21 21:59:48 0 d-----w- c:\program files\Ask.com
2010-03-21 19:52:21 1890 ----a-w- c:\windows\diagwrn.xml
2010-03-21 19:52:21 1890 ----a-w- c:\windows\diagerr.xml
2010-03-21 05:43:37 0 d-----w- C:\Downloads
2010-03-21 01:14:48 0 d-----w- c:\program files\Trend Micro
2010-03-20 20:24:12 0 d-----w- c:\windows\A8B9466986544126BD28D0D2412CDED6.TMP
2010-03-20 20:11:02 1013 ----a-w- C:\User-Luke.lnk
2010-03-20 19:55:34 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-20 15:26:52 0 d-----w- c:\windows\pss
2010-03-19 02:37:47 0 d-----w- c:\users\luke\appdata\roaming\Malwarebytes
2010-03-19 02:37:19 0 d-----w- c:\programdata\Malwarebytes
2010-03-19 02:06:13 0 d-----w- c:\users\luke\appdata\roaming\TrueCrypt
2010-03-19 02:05:44 0 d-----w- c:\programdata\TrueCrypt
2010-03-19 02:05:36 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2010-03-19 02:05:35 0 d-----w- c:\program files\TrueCrypt
2010-03-16 23:18:20 0 d-----w- c:\users\luke\appdata\roaming\Thinstall
2010-03-16 23:07:52 0 d-----w- c:\windows\system32\embedded
2010-03-16 23:07:52 0 d-----w- c:\program files\Xlight
2010-03-16 17:48:52 0 d-----w- c:\users\luke\appdata\roaming\TightVNC
2010-03-06 22:12:19 0 d-----w- c:\users\luke\appdata\roaming\dBpoweramp
2010-03-06 15:38:25 0 d-----w- c:\users\luke\appdata\roaming\Free Download Manager
2010-03-06 15:38:21 0 d-----w- c:\programdata\FreeDownloadManager.ORG
2010-03-06 15:38:20 0 d-----w- c:\program files\Free Download Manager
2010-03-06 15:03:50 0 d-----w- c:\program files\common files\DivX Shared
2010-03-06 15:03:49 0 d-----w- c:\program files\DivX
2010-03-05 21:16:55 0 d-----w- c:\users\luke\appdata\roaming\CD Art Display
2010-03-05 21:16:50 94208 ----a-w- c:\windows\system32\wmpuice.dll
2010-03-05 21:16:50 69632 ----a-w- c:\windows\cadSSaver.scr
2010-03-05 21:16:48 0 d-----w- c:\program files\CD Art Display
2010-03-04 02:41:08 0 d-----w- c:\users\luke\appdata\roaming\Mp3tag
2010-03-04 02:41:02 0 d-----w- c:\program files\Mp3tag
2010-03-03 04:11:24 0 d-----w- c:\users\luke\appdata\roaming\HpUpdate
2010-03-03 04:11:10 0 d-----w- c:\windows\Hewlett-Packard
2010-03-02 02:18:59 2613248 ----a-w- c:\windows\explorer.exe
2010-03-02 02:18:59 2613248 ----a-w- c:\windows\explorer Backup.exe
2010-03-02 02:17:49 2613248 ----a-w- c:\windows\explorer - Copy.exe
2010-03-02 02:00:41 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup
2010-03-02 02:00:39 2755072 ----a-w- c:\windows\system32\themeui.dll.backup
2010-03-02 02:00:36 37376 ----a-w- c:\windows\system32\themeservice.dll.backup
2010-03-01 21:00:31 0 d-----w- c:\program files\RocketDock1
2010-03-01 03:42:36 0 d-----w- c:\users\luke\appdata\roaming\Launchy
2010-03-01 03:29:07 0 d-----w- c:\program files\StartKiller
2010-02-28 23:46:26 495104 ----a-w- c:\windows\system32\sqlite3.dll
2010-02-28 23:42:35 0 d-----w- c:\users\luke\appdata\roaming\Rainmeter
2010-02-28 22:56:34 0 d-----w- c:\program files\Microsoft
2010-02-28 19:24:57 0 d-----w- c:\program files\RocketDock
2010-02-26 22:05:41 0 d-----w- c:\users\luke\appdata\roaming\My Games
2010-02-26 19:58:18 0 d-----w- c:\program files\Firaxis Games
2010-02-26 01:04:48 89088 ----a-w- c:\windows\system32\atl71.dll
2010-02-26 01:01:07 0 d-----w- c:\program files\common files\Stardock
2010-02-26 01:01:06 0 d-----w- c:\program files\Object Desktop
2010-02-24 23:02:26 0 d-----w- c:\program files\Winamp Detect

==================== Find3M ====================

2010-03-21 21:21:39 1392304 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-03-02 02:00:41 249856 ----a-w- c:\windows\system32\uxtheme.dll
2010-03-02 02:00:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2010-03-02 02:00:36 37376 ----a-w- c:\windows\system32\themeservice.dll
2010-02-23 04:04:23 3065 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2010-02-23 04:04:17 652152 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-02-23 04:04:14 3153 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2010-02-23 04:04:06 3107 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2010-02-23 04:03:57 2987 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-02-23 04:03:49 2843 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2010-02-23 04:03:31 11024 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-02-23 04:02:15 15607 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-02-15 23:57:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-07 00:37:23 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-02-07 00:37:23 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-02-07 00:37:23 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-01-19 22:12:18 21704 ----a-w- c:\windows\system32\dopdfmn7.dll
2010-01-19 22:12:16 18632 ----a-w- c:\windows\system32\dopdfmi7.dll
2010-01-15 06:03:38 239104 ----a-w- c:\windows\UltraMon.scr
2010-01-14 22:23:40 219648 ----a-w- c:\windows\system32\UltraMonIndDisp.exe
2010-01-14 22:23:32 320512 ----a-w- c:\windows\system32\UltraMon.dll
2010-01-14 22:23:14 87552 ----a-w- c:\windows\system32\UltraMonHook.dll
2010-01-14 22:23:12 81920 ----a-w- c:\windows\system32\UltraMonIndDispHook.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-10-19 06:00:08 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-18 17:12:38 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-25 00:20:26 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-10-25 00:20:26 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-10-25 00:20:26 16384 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:59:41.00 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/18/2009 1:10:08 PM
System Uptime: 3/25/2010 5:43:39 PM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | A7N8X-LA
Processor: AMD Athlon(tm) XP 2600+ | Socket A | 2079/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 69 GiB total, 15.414 GiB free.
D: is CDROM ()
E: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0064&SUBSYS_80AD1043&REV_A2\3&267A616A&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0064&SUBSYS_80AD1043&REV_A2\3&267A616A&0&09
Service:

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SM Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??

_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#9206051&2#
Manufacturer: Generic
Name: J:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??

_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SM_READER&REV_1.02#9206051&2#
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB CF Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??

_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#9206051&1#
Manufacturer: Generic
Name: I:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??

_USBSTOR#DISK&VEN_GENERIC&PROD_USB_CF_READER&REV_1.01#9206051&1#
Service: WUDFRd

Class GUID: {4d36e980-e325-11ce-bfc1-08002be10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&114BBD28&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&114BBD28&0&0
Service: flpydisk

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB MS Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??

_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#9206051&3#
Manufacturer: Generic
Name: K:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??

_USBSTOR#DISK&VEN_GENERIC&PROD_USB_MS_READER&REV_1.03#9206051&3#
Service: WUDFRd

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C4700 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: USB SD Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??

_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#9206051&0#
Manufacturer: Generic
Name: H:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&0&STORAGE#VOLUME#_??

_USBSTOR#DISK&VEN_GENERIC&PROD_USB_SD_READER&REV_1.00#9206051&0#
Service: WUDFRd

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acronis Disk Director Suite
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
AIM 6
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AutoUpdate
BufferChm
C4700
CD Art Display 2.0.1
Cheat Engine 5.5
Common Feeds List
Crimson Editor SVN263
dBpoweramp [Calculate Audio CRC] Codec
dBpoweramp DSP Effects
dBpoweramp FLAC Codec
dBpoweramp Monkeys Audio Codec
dBpoweramp mp3 (Fraunhofer IIS) Codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
DelinvFile - 4.04
DesktopX
Destinations
DeviceDiscovery
DisplayFusion 3.1.8.0
DivX Codec
DivX Plus Web Player
DivX Version Checker
doPDF 7.1 printer
Exact Audio Copy 0.99pb5
Fences
ffdshow [rev 3097] [2009-10-08]
FLAC 1.2.1b (remove only)
FlacSquisher 0.5.0
FoxyTunes for Firefox
Free Download Manager 3.0
Google Chrome
GPBaseService2
HijackThis 2.0.2
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
ImgBurn
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.7.106
MarketResearch
Microsoft Corporation
Microsoft LifeCam
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft VM for Java
Microsoft Web Publishing Wizard 1.53
MilkDrop for Winamp 2x (remove only)
Mozilla Firefox (3.5.
Mp3 File Editor 5.11 (standard)
Mp3tag v2.45a
Network
Opera 10.50
Peggle Deluxe
PS_AIO_06_C4700_SW_Min
QuickTime
R4
Rainmeter (remove only)
Realtek AC'97 Audio
RocketDock
RocketDock 1.3.5
Scan
Sid Meier's Civilization 4
Skype™ Beta 4.2
SmartWebPrinting
SolutionCenter
Start Killer
Status
System Requirements Lab
TI Connect 1.6
Toolbox
TrayApp
TrueCrypt
UltraMon
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
VMware Workstation
WampServer 2.0
WebReg
Winamp
Winamp Detector Plug-in
WinRAR archiver
Xlight FTP Server 3.5

==== Event Viewer Messages From Past Week ========

3/25/2010 6:46:55 AM, Error: bowser [8003] - The master browser has received a server

announcement from the computer YOUR-F78BF48CE2 that believes that it is the master browser

for the domain on transport NetBT_Tcpip_{A94A28A0-6A1C-406B-839B-42. The master browser is

stopping or an election is being forced.
3/25/2010 5:43:48 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor

performance power management features have been disabled due to a known firmware problem.

Check with the computer manufacturer for updated firmware.
3/25/2010 5:42:05 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the MMCSS service.
3/25/2010 5:42:05 PM, Error: Service Control Manager [7000] - The Multimedia Class

Scheduler service failed to start due to the following error: The service did not respond

to the start or control request in a timely fashion.
3/24/2010 6:37:03 PM, Error: Service Control Manager [7032] - The Service Control Manager

tried to take a corrective action (Restart the service) after the unexpected termination of

the Windows Management Instrumentation service, but this action failed with the following

error: An instance of the service is already running.
3/24/2010 6:37:01 PM, Error: Service Control Manager [7032] - The Service Control Manager

tried to take a corrective action (Restart the service) after the unexpected termination of

the Computer Browser service, but this action failed with the following error: An instance

of the service is already running.
3/24/2010 6:36:01 PM, Error: Service Control Manager [7032] - The Service Control Manager

tried to take a corrective action (Restart the service) after the unexpected termination of

the Server service, but this action failed with the following error: An instance of the

service is already running.
3/24/2010 6:35:02 PM, Error: Service Control Manager [7031] - The Windows Update service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 60000 milliseconds: Restart the service.
3/24/2010 6:35:02 PM, Error: Service Control Manager [7031] - The Windows Management

Instrumentation service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 120000 milliseconds: Restart the service.
3/24/2010 6:35:02 PM, Error: Service Control Manager [7031] - The User Profile Service

service terminated unexpectedly. It has done this 1 time(s). The following corrective

action will be taken in 120000 milliseconds: Restart the service.
3/24/2010 6:35:02 PM, Error: Service Control Manager [7031] - The Themes service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 60000 milliseconds: Restart the service.
3/24/2010 6:35:02 PM, Error: Service Control Manager [7031] - The Task Scheduler service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 60000 milliseconds: Restart the service.
3/24/2010 6:35:02 PM, Error: Service Control Manager [7031] - The System Event

Notification Service service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 120000 milliseconds: Restart the service.
3/24/2010 6:35:02 PM, Error: Service Control Manager [7031] - The Remote Desktop

Configuration service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 60000 milliseconds: Restart the service.
3/24/2010 6:35:02 PM, Error: Service Control Manager [7031] - The Multimedia Class

Scheduler service terminated unexpectedly. It has done this 1 time(s). The following

corrective action will be taken in 120000 milliseconds: Restart the service.
3/24/2010 6:35:01 PM, Error: Service Control Manager [7031] - The Server service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 60000 milliseconds: Restart the service.
3/24/2010 6:35:01 PM, Error: Service Control Manager [7031] - The IP Helper service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 120000 milliseconds: Restart the service.
3/24/2010 6:35:01 PM, Error: Service Control Manager [7031] - The Group Policy Client

service terminated unexpectedly. It has done this 1 time(s). The following corrective

action will be taken in 120000 milliseconds: Restart the service.
3/24/2010 6:35:01 PM, Error: Service Control Manager [7031] - The Computer Browser service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 120000 milliseconds: Restart the service.
3/24/2010 6:35:01 PM, Error: Service Control Manager [7031] - The Certificate Propagation

service terminated unexpectedly. It has done this 1 time(s). The following corrective

action will be taken in 120000 milliseconds: Restart the service.
3/24/2010 6:35:00 PM, Error: Service Control Manager [7031] - The Background Intelligent

Transfer Service service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 60000 milliseconds: Restart the service.
3/24/2010 12:59:39 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a

DCOM Server: {877A5D52-5F6F-4175-907D-A6AC4E8F1171}. The error: "2" Happened while starting

this command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqusgl.exe -Embedding
3/24/2010 11:23:12 PM, Error: Service Control Manager [7011] - A timeout (30000

milliseconds) was reached while waiting for a transaction response from the eventlog

service.
3/22/2010 5:22:05 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection

service terminated unexpectedly. It has done this 1 time(s). The following corrective

action will be taken in 60000 milliseconds: Restart the service.
3/21/2010 5:36:26 PM, Error: cdrom [11] - The driver detected a controller error on

\Device\CdRom2.
3/21/2010 11:25:28 PM, Error: Service Control Manager [7034] - The MBAMService service

terminated unexpectedly. It has done this 1 time(s).
3/21/2010 11:19:55 PM, Error: Service Control Manager [7030] - The Lavasoft Ad-Aware

Service service is marked as an interactive service. However, the system is configured to

not allow interactive services. This service may not function properly.
3/21/2010 11:15:33 PM, Error: Service Control Manager [7009] - A timeout was reached

(30000 milliseconds) while waiting for the Windows Error Reporting Service service to

connect.
3/20/2010 9:07:29 PM, Error: Service Control Manager [7000] - The SASDIFSV service failed

to start due to the following error: Cannot create a file when that file already exists.
3/19/2010 11:33:26 PM, Error: Service Control Manager [7031] - The Print Spooler service

terminated unexpectedly. It has done this 1 time(s). The following corrective action will

be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================

[gringo_pr]

Hello

It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

uninstall some programs

• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• please copy and past the following into the box

Code: Select all

appwiz.cpl

• click ok
• Right click on each of these programs and select uninstall
  
  Ask Toolbar
  AutoUpdate
  Java Auto Updater
  uTorrent
  
  Once finished, close the Programs and Features window

Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run

:run combofix:

You may get a warning that your OS is not compatable - it is ok please continue

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully

Please continue as follows:


• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
• Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the report in your next post:

C:\ComboFix.txt

"information and logs"

In your next post I need the following


1. Log From Combofix
   
2. let me know of any problems you may have had
3. How is the computer doing now?

Gringo

[SantiGasm]

As I was going about uninstalling the progams both AutoUpdate and Java Auto Update do not appear on the list. I did a full search for them on my drive and there was no unistall file for either. Due to this I did not run combofix.

[gringo_pr]

ok please move on to combofix and thanks for letting me know


gringo

[SantiGasm]

It appears that the redirections have ceased.

ComboFix 10-03-26.02 - Luke 03/26/2010 18:57:01.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1023.490 [GMT -4:00]
Running from: C:\Users\Luke\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\$RECYCLE.BIN\S-1-5-21-3273455095-3707038803-153338724-1001
C:\Program Files\Cheat Engine\dbk32.sys
C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
C:\Windows\system32\SIntf16.dll

Infected copy of C:\Windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-02-26 to 2010-03-26 )))))))))))))))))))))))))))))))
.

2010-03-26 23:09:21 . 2010-03-26 23:19:38 -------- d-----w- C:\Users\Luke\AppData\Local\temp
2010-03-26 23:09:21 . 2010-03-26 23:09:21 -------- d-----w- C:\Users\Mcx1-LUKE-PC\AppData\Local\temp
2010-03-26 23:09:21 . 2010-03-26 23:09:21 -------- d-----w- C:\Users\Guest\AppData\Local\temp
2010-03-26 23:09:21 . 2010-03-26 23:09:21 -------- d-----w- C:\Users\Default\AppData\Local\temp
2010-03-25 23:51:09 . 2010-02-10 17:13:48 165376 ----a-w- C:\Windows\system32\unrar.dll
2010-03-25 23:51:06 . 2004-01-25 16:18:44 217088 ----a-w- C:\Windows\system32\yv12vfw.dll
2010-03-25 23:51:05 . 2009-05-29 21:37:40 205824 ----a-w- C:\Windows\system32\xvidvfw.dll
2010-03-25 23:51:05 . 2009-05-29 21:31:52 881664 ----a-w- C:\Windows\system32\xvidcore.dll
2010-03-25 23:50:57 . 2010-03-14 18:00:00 85504 ----a-w- C:\Windows\system32\ff_vfw.dll
2010-03-25 23:50:53 . 2010-03-25 23:51:50 -------- d-----w- C:\Program Files\K-Lite Codec Pack
2010-03-23 01:13:36 . 2010-03-23 01:13:51 -------- d-----w- C:\Program Files\R4
2010-03-22 22:48:03 . 2010-03-22 22:48:43 -------- d-----w- C:\Program Files\QuickTime
2010-03-22 03:21:30 . 2010-03-22 03:21:27 95024 ----a-w- C:\Windows\system32\drivers\SBREDrv.sys
2010-03-22 03:18:26 . 2010-03-25 21:52:14 -------- d-----w- C:\ProgramData\Lavasoft
2010-03-21 22:06:28 . 2010-03-21 22:06:28 -------- d-----w- C:\Users\Luke\AppData\Roaming\ImgBurn
2010-03-21 21:59:56 . 2010-03-21 22:00:02 -------- d-----w- C:\Program Files\ImgBurn
2010-03-21 05:43:37 . 2010-03-24 04:43:46 -------- d-----w- C:\Downloads
2010-03-21 01:14:48 . 2010-03-21 01:14:48 -------- d-----w- C:\Program Files\Trend Micro
2010-03-20 21:13:12 . 2010-03-20 21:13:12 1022544 ----a-w- C:\Users\Luke\AppData\Roaming\DisplayFusion\DisplayFusionSetup.exe
2010-03-20 20:24:12 . 2010-03-20 20:24:16 -------- d-----w- C:\Windows\A8B9466986544126BD28D0D2412CDED6.TMP
2010-03-20 19:55:34 . 2010-03-20 19:55:39 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2010-03-19 02:37:47 . 2010-03-19 02:37:47 -------- d-----w- C:\Users\Luke\AppData\Roaming\Malwarebytes
2010-03-19 02:37:19 . 2010-03-19 02:37:19 -------- d-----w- C:\ProgramData\Malwarebytes
2010-03-19 02:06:13 . 2010-03-19 02:08:16 -------- d-----w- C:\Users\Luke\AppData\Roaming\TrueCrypt
2010-03-19 02:05:44 . 2010-03-19 02:05:44 -------- d-----w- C:\ProgramData\TrueCrypt
2010-03-19 02:05:36 . 2010-03-19 02:05:36 223440 ----a-w- C:\Windows\system32\drivers\truecrypt.sys
2010-03-19 02:05:35 . 2010-03-19 02:05:36 -------- d-----w- C:\Program Files\TrueCrypt
2010-03-17 00:58:03 . 2010-03-17 00:58:03 -------- d-----w- C:\Users\Luke\AppData\Local\Opera
2010-03-17 00:57:46 . 2010-03-17 00:57:50 -------- d-----w- C:\Program Files\Opera
2010-03-16 23:47:04 . 2010-03-16 23:47:04 7168 ----a-w- C:\Users\Luke\AppData\Roaming\Thinstall\CuteFTP 8 Professional\40000035700002i\cuteftppro.exe
2010-03-16 23:18:20 . 2010-03-16 23:18:20 -------- d-----w- C:\Users\Luke\AppData\Roaming\Thinstall
2010-03-16 23:18:20 . 2010-03-16 23:18:20 -------- d-----w- C:\Users\Luke\AppData\Local\Thinstall
2010-03-16 23:07:52 . 2010-03-21 14:20:34 -------- d-----w- C:\Program Files\Xlight
2010-03-16 23:07:52 . 2010-03-16 23:07:52 -------- d-----w- C:\Windows\system32\embedded
2010-03-16 20:33:58 . 2010-03-16 23:10:30 -------- d-----w- C:\Users\Luke\AppData\Roaming\FileZilla
2010-03-16 17:48:52 . 2010-03-16 17:48:52 -------- d-----w- C:\Users\Luke\AppData\Roaming\TightVNC
2010-03-06 22:12:19 . 2010-03-06 22:12:19 -------- d-----w- C:\Users\Luke\AppData\Roaming\dBpoweramp
2010-03-06 16:47:22 . 2010-03-06 16:47:22 177024 ----a-w- C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\f1l2kbu1.default\FlashGot.exe
2010-03-06 15:38:25 . 2010-03-26 22:53:35 -------- d-----w- C:\Users\Luke\AppData\Roaming\Free Download Manager
2010-03-06 15:38:21 . 2010-03-06 15:38:21 -------- d-----w- C:\ProgramData\FreeDownloadManager.ORG
2010-03-06 15:38:20 . 2010-03-06 15:42:12 -------- d-----w- C:\Program Files\Free Download Manager
2010-03-06 15:03:50 . 2010-03-06 15:04:30 -------- d-----w- C:\Program Files\Common Files\DivX Shared
2010-03-06 15:03:49 . 2010-03-06 15:04:44 -------- d-----w- C:\Program Files\DivX
2010-03-05 21:16:55 . 2010-03-05 21:35:25 -------- d-----w- C:\Users\Luke\AppData\Roaming\CD Art Display
2010-03-05 21:16:50 . 2009-09-06 01:28:40 69632 ----a-w- C:\Windows\cadSSaver.scr
2010-03-05 21:16:50 . 2003-01-27 19:27:26 94208 ----a-w- C:\Windows\system32\wmpuice.dll
2010-03-05 21:16:48 . 2010-03-05 21:55:17 -------- d-----w- C:\Program Files\CD Art Display
2010-03-04 02:41:08 . 2010-03-04 02:46:12 -------- d-----w- C:\Users\Luke\AppData\Roaming\Mp3tag
2010-03-04 02:41:02 . 2010-03-04 02:41:04 -------- d-----w- C:\Program Files\Mp3tag
2010-03-03 04:11:24 . 2010-03-03 04:11:58 -------- d-----w- C:\Users\Luke\AppData\Roaming\HpUpdate
2010-03-03 04:11:10 . 2010-03-03 04:11:10 -------- d-----w- C:\Windows\Hewlett-Packard
2010-03-02 02:18:59 . 2010-03-02 02:55:15 2613248 ----a-w- C:\Windows\explorer.exe
2010-03-02 02:18:59 . 2009-11-16 16:01:24 2613248 ----a-w- C:\Windows\explorer Backup.exe
2010-03-02 02:17:49 . 2009-07-14 01:14:20 2613248 ----a-w- C:\Windows\explorer - Copy.exe
2010-03-01 21:00:31 . 2010-03-01 21:00:31 -------- d-----w- C:\Program Files\RocketDock1
2010-03-01 03:42:36 . 2010-03-01 03:42:49 -------- d-----w- C:\Users\Luke\AppData\Roaming\Launchy
2010-03-01 03:29:07 . 2010-03-01 03:29:07 -------- d-----w- C:\Program Files\StartKiller
2010-02-28 23:46:26 . 2010-02-28 23:46:26 495104 ----a-w- C:\Windows\system32\sqlite3.dll
2010-02-28 23:42:35 . 2010-03-01 02:12:54 -------- d-----w- C:\Users\Luke\AppData\Roaming\Rainmeter
2010-02-28 22:56:34 . 2010-02-28 22:56:34 -------- d-----w- C:\Program Files\Microsoft
2010-02-28 19:24:57 . 2010-03-01 21:00:02 -------- d-----w- C:\Program Files\RocketDock
2010-02-28 18:32:35 . 2010-02-28 18:32:35 -------- d-----w- C:\Users\Luke\AppData\Local\Frameworkx.com
2010-02-26 22:15:50 . 2010-02-26 22:35:22 -------- d-----w- C:\Users\Luke\AppData\Local\Microsoft Games
2010-02-26 22:05:41 . 2010-02-26 22:05:41 -------- d-----w- C:\Users\Luke\AppData\Roaming\My Games
2010-02-26 19:58:19 . 2010-02-26 19:58:19 -------- d-----w- C:\Users\Luke\AppData\Roaming\InstallShield Installation Information
2010-02-26 19:58:19 . 2006-12-19 17:22:42 552214 ----a-w- C:\Users\Luke\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\ISSetup.dll
2010-02-26 19:58:19 . 2006-05-24 17:10:42 455600 ----a-w- C:\Users\Luke\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe
2010-02-26 19:58:19 . 2006-05-17 16:21:08 373680 ----a-w- C:\Users\Luke\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\_setup.dll
2010-02-26 19:58:18 . 2010-02-26 19:58:18 -------- d-----w- C:\Program Files\Firaxis Games
2010-02-26 19:57:56 . 2010-02-26 19:57:56 -------- d-----w- C:\Users\Luke\AppData\Roaming\InstallShield
2010-02-26 01:11:03 . 2010-03-01 20:43:30 -------- d-----w- C:\Users\Luke\AppData\Local\Stardock
2010-02-26 01:04:48 . 2003-03-19 03:05:50 89088 ----a-w- C:\Windows\system32\atl71.dll
2010-02-26 01:01:07 . 2010-03-01 20:42:05 -------- d-----w- C:\Program Files\Common Files\Stardock
2010-02-26 01:01:06 . 2010-02-26 01:01:08 -------- d-----w- C:\Program Files\Object Desktop

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-26 23:15:03 . 2009-10-18 20:21:46 -------- d-----w- C:\ProgramData\VMware
2010-03-26 23:08:43 . 2010-01-17 18:28:42 -------- d-----w- C:\Program Files\Cheat Engine
2010-03-24 02:36:06 . 2009-10-21 04:12:37 -------- d-----w- C:\Users\Luke\AppData\Roaming\DisplayFusion
2010-03-23 01:22:01 . 2009-10-18 18:20:48 -------- d-----w- C:\Program Files\Winamp
2010-03-22 22:46:10 . 2009-10-19 00:43:47 -------- d-----w- C:\Program Files\Common Files\Apple
2010-03-21 21:21:39 . 2009-10-18 19:11:03 1392304 ----a-w- C:\Windows\system32\AutoPartNt.exe
2010-03-21 01:07:49 . 2009-10-23 23:28:06 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2010-03-20 21:13:40 . 2009-10-21 04:35:49 -------- d-----w- C:\Program Files\DisplayFusion
2010-03-20 20:30:17 . 2009-10-18 17:53:47 -------- d-----w- C:\Program Files\Viewpoint
2010-03-20 20:29:32 . 2009-11-23 11:04:53 -------- d-----w- C:\ProgramData\River Past G5
2010-03-20 20:27:42 . 2009-10-25 01:12:56 -------- d-----w- C:\Program Files\Common Files\AVSMedia
2010-03-20 20:27:34 . 2009-10-25 01:12:33 -------- d-----w- C:\Program Files\AVS4YOU
2010-03-20 20:14:18 . 2010-02-17 21:23:09 -------- d-----w- C:\Program Files\PurgeIE
2010-03-20 14:53:54 . 2009-11-12 03:50:10 -------- d-----w- C:\Program Files\HP
2010-03-20 14:41:08 . 2009-11-12 03:57:28 -------- d-----w- C:\Program Files\Common Files\HP
2010-03-10 03:03:36 . 2009-10-18 18:20:48 -------- d-----w- C:\Users\Luke\AppData\Roaming\Winamp
2010-03-05 23:43:05 . 2009-10-19 00:08:26 -------- d-----w- C:\Users\Luke\AppData\Roaming\VMware
2010-03-05 21:56:27 . 2009-10-18 23:56:41 91616 ----a-w- C:\Users\Luke\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-02 02:00:41 . 2009-07-13 23:40:46 249856 ----a-w- C:\Windows\system32\uxtheme.dll
2010-03-02 02:00:39 . 2009-07-13 23:39:20 2755072 ----a-w- C:\Windows\system32\themeui.dll
2010-03-02 02:00:36 . 2009-07-13 23:39:00 37376 ----a-w- C:\Windows\system32\themeservice.dll
2010-03-01 20:42:05 . 2009-10-19 00:26:12 -------- d-----w- C:\Program Files\Stardock
2010-02-24 23:02:26 . 2010-02-24 23:02:26 -------- d-----w- C:\Program Files\Winamp Detect
2010-02-23 04:04:23 . 2010-02-23 04:04:23 3065 ----a-w- C:\Windows\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
2010-02-23 04:04:17 . 2010-02-23 04:02:15 652152 ----a-w- C:\Windows\system32\SpoonUninstall.exe
2010-02-23 04:04:14 . 2010-02-23 04:04:14 3153 ----a-w- C:\Windows\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
2010-02-23 04:04:06 . 2010-02-23 04:04:06 3107 ----a-w- C:\Windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2010-02-23 04:03:57 . 2010-02-23 04:03:57 2987 ----a-w- C:\Windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-02-23 04:03:49 . 2010-02-23 04:03:49 2843 ----a-w- C:\Windows\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
2010-02-23 04:03:31 . 2010-02-23 04:02:23 11024 ----a-w- C:\Windows\system32\SpoonUninstall-dBpoweramp DSP Effects.dat
2010-02-23 04:02:15 . 2010-02-23 04:02:15 15607 ----a-w- C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-02-23 04:02:11 . 2010-02-23 04:02:11 -------- d-----w- C:\Program Files\Illustrate
2010-02-21 23:17:28 . 2010-02-21 23:04:06 -------- d-----w- C:\Program Files\FlacSquisher
2010-02-21 22:25:16 . 2010-02-21 22:25:14 -------- d-----w- C:\Program Files\FLAC
2010-02-21 22:04:11 . 2010-02-21 22:04:11 -------- d-----w- C:\Program Files\lame3.99.a1
2010-02-21 20:24:34 . 2010-02-21 20:24:34 -------- d-----w- C:\Program Files\Emerald Editor Community
2010-02-21 19:11:20 . 2010-02-21 19:07:09 -------- d-----w- C:\Program Files\Mr QuestionMan
2010-02-21 00:31:41 . 2010-02-21 00:16:03 -------- d-----w- C:\Users\Luke\AppData\Roaming\AccurateRip
2010-02-21 00:16:09 . 2010-02-21 00:15:52 -------- d-----w- C:\Program Files\Exact Audio Copy
2010-02-20 21:35:10 . 2010-02-20 20:59:04 -------- d-----w- C:\Users\Luke\AppData\Roaming\mIRC
2010-02-18 21:32:24 . 2010-02-18 21:31:20 -------- d-----w- C:\ProgramData\Paragon
2010-02-18 21:24:36 . 2010-02-18 21:24:36 -------- d-----w- C:\Program Files\Paragon Software
2010-02-17 23:33:15 . 2010-02-17 23:33:15 -------- d-----w- C:\ProgramData\Reflexive
2010-02-17 23:29:53 . 2010-02-17 23:29:53 -------- d-----w- C:\Program Files\ReflexiveArcade
2010-02-17 23:17:56 . 2010-01-26 20:50:11 -------- d-----w- C:\Program Files\SystemRequirementsLab
2010-02-17 23:17:54 . 2010-02-17 23:17:54 84480 ----a-w- C:\Users\Luke\AppData\Roaming\SystemRequirementsLab\srlproxy_cyri_4.1.64.0A.dll
2010-02-17 23:17:54 . 2010-02-17 23:17:54 -------- d-----w- C:\Users\Luke\AppData\Roaming\SystemRequirementsLab
2010-02-17 21:23:11 . 2010-02-17 21:23:11 -------- d-----w- C:\Users\Luke\AppData\Roaming\DelinvFile
2010-02-17 21:23:11 . 2010-02-17 21:23:11 -------- d-----w- C:\ProgramData\DelinvFile
2010-02-17 02:49:22 . 2010-02-17 02:48:08 -------- d-----w- C:\Program Files\wamp
2010-02-15 23:58:33 . 2010-02-15 23:58:33 -------- d-----w- C:\Program Files\Common Files\Java
2010-02-15 23:57:38 . 2010-02-15 23:57:53 411368 ----a-w- C:\Windows\system32\deploytk.dll
2010-02-15 23:57:37 . 2010-02-15 23:57:37 -------- d-----w- C:\Program Files\Java
2010-02-15 04:04:35 . 2009-12-26 00:17:15 -------- d-----w- C:\Users\Luke\AppData\Roaming\Skype
2010-02-15 00:46:59 . 2009-12-26 00:21:10 -------- d-----w- C:\Users\Luke\AppData\Roaming\skypePM
2010-02-10 23:01:30 . 2010-02-10 23:01:30 -------- d-----w- C:\Users\Luke\AppData\Roaming\Realtime Soft
2010-02-10 23:01:23 . 2010-02-10 23:01:23 -------- d-----w- C:\Program Files\Common Files\Realtime Soft
2010-02-10 23:01:22 . 2010-02-10 23:01:21 -------- d-----w- C:\Program Files\UltraMon
2010-02-10 23:01:21 . 2010-02-10 23:01:21 -------- d-----w- C:\ProgramData\Realtime Soft
2010-02-10 18:08:32 . 2010-01-23 04:42:48 -------- d-----w- C:\Users\Luke\AppData\Roaming\vlc
2010-02-10 02:20:49 . 2010-02-10 02:10:22 -------- d-----w- C:\Users\Luke\AppData\Roaming\gtk-2.0
2010-02-10 02:08:47 . 2010-02-10 02:08:47 -------- d-----w- C:\Users\Luke\AppData\Roaming\Participatory Culture Foundation
2010-02-10 01:28:46 . 2010-02-09 22:17:36 -------- d-----w- C:\Program Files\NO$GBA.2.6a
2010-02-07 00:37:23 . 2010-02-07 00:33:09 21840 ----atw- C:\Windows\system32\SIntfNT.dll
2010-02-07 00:37:23 . 2010-02-07 00:33:09 17212 ----atw- C:\Windows\system32\SIntf32.dll
2010-02-02 11:31:20 . 2009-10-25 00:15:47 91608 ----a-w- C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-26 22:16:00 . 2009-12-25 23:41:14 -------- d-----r- C:\Program Files\Skype
2010-01-20 00:45:13 . 2010-01-20 00:45:13 2678 ----a-w- C:\Windows\Java\Packages\Data\PJ3NBL73.DAT
2010-01-20 00:45:12 . 2010-01-20 00:45:12 2678 ----a-w- C:\Windows\Java\Packages\Data\YPJDZ7BZ.DAT
2010-01-20 00:45:12 . 2010-01-20 00:45:12 2678 ----a-w- C:\Windows\Java\Packages\Data\S1JJHJJL.DAT
2010-01-20 00:45:12 . 2010-01-20 00:45:12 2678 ----a-w- C:\Windows\Java\Packages\Data\O2TVB5RZ.DAT
2010-01-19 22:12:18 . 2010-01-23 22:55:09 21704 ----a-w- C:\Windows\system32\dopdfmn7.dll
2010-01-19 22:12:16 . 2010-01-23 22:55:09 18632 ----a-w- C:\Windows\system32\dopdfmi7.dll
2010-01-15 06:03:38 . 2010-01-15 06:03:38 239104 ----a-w- C:\Windows\UltraMon.scr
2010-01-14 22:23:40 . 2010-01-14 22:23:40 219648 ----a-w- C:\Windows\system32\UltraMonIndDisp.exe
2010-01-14 22:23:32 . 2010-01-14 22:23:32 320512 ----a-w- C:\Windows\system32\UltraMon.dll
2010-01-14 22:23:14 . 2010-01-14 22:23:14 87552 ----a-w- C:\Windows\system32\UltraMonHook.dll
2010-01-14 22:23:12 . 2010-01-14 22:23:12 81920 ----a-w- C:\Windows\system32\UltraMonIndDispHook.dll
2009-06-10 21:26:35 . 2009-07-14 02:04:20 9633792 --sha-r- C:\Windows\Fonts\StaticCache.dat
2009-07-14 01:14:45 . 2009-07-13 23:42:17 396800 --sha-w- C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-03-02 02:55:15 . C180E652E3C911D177953A976913A856 . 2613248 . . [6.1.7600.16385 (win7_rtm.090713-1255)] . . C:\Windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-07-14 01:14:38 1173504]
"DisplayFusion"="C:\Program Files\DisplayFusion\DisplayFusion.exe" [2010-03-17 22:17:28 800944]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 18:58:52 495616]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2009-01-31 07:45:14 3399727]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 22:43:42 604704]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2010-01-13 22:44:52 37888]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 11:08:38 35696]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 19:08:30 935288]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 20:21:52 246504]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-02-15 22:50:12 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "C:\Program Files\Stardock\Fences\FencesMenu.dll" [2009-10-02 17:38:46 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 20:13:38 49152 ----a-w- C:\PROGRA~1\COMMON~1\Stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Rainmeter.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
backup=C:\Windows\pss\Rainmeter.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
backup=C:\Windows\pss\UltraMon.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Luke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=C:\Windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Luke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Taskbar Eliminator.lnk]
path=C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Taskbar Eliminator.lnk
backup=C:\Windows\pss\Taskbar Eliminator.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-19 00:32:44 133104 ----atw- C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 20:50:04 54576 ----a-w- C:\Program Files\HP\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 23:36:12 305440 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 23:05:24 118640 ----a-w- C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
2009-07-24 23:05:26 764256 ----a-w- C:\Windows\vVX6000.exe

R3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys [2009-07-24 23:05:26 2074464]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 00:18:07 17920]
S2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [2008-11-14 07:11:30 17184]
S2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 21:38:08 24652]
S2 vmci;VMware vmci;C:\Windows\system32\Drivers\vmci.sys [2008-10-29 06:08:58 54960]
S2 Xlight FTP Server;Xlight FTP Server;C:\Program Files\Xlight\xlight.exe [2009-11-11 03:13:30 527360]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-25 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1244716592-558563257-1463856194-1002Core.job
- C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-19 00:32:45 . 2009-10-19 00:32:44]

2010-03-26 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1244716592-558563257-1463856194-1002UA.job
- C:\Users\Luke\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-19 00:32:45 . 2009-10-19 00:32:44]
.
.
------- Supplementary Scan -------
.
IE: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: C:\Program Files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\f1l2kbu1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ThePirateBay.org
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&o ... &gfns=1&q=
FF - component: C:\Program Files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\f1l2kbu1.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Users\Luke\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Users\Luke\AppData\Roaming\Mozilla\Firefox\Profiles\f1l2kbu1.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Aim6 - (no file)
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
MSConfigStartUp-Taskbar Shuffle - C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
AddRemove-DelinvFile_is1 - C:\PurgeIE\unins000.exe
AddRemove-Rainmeter - C:\Program Files\Rainmeter\uninst.exe
AddRemove-WampServer 2_is1 - c:\wamp\unins000.exe

[gringo_pr]

Hello

The log you sent me is incomplete please send me the full log please


extra combofix report

I need to see one of the extra reports combofix makes

• push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
• please copy and past the following into the box

Code: Select all

C:\ComboFix.txt

• click ok
• copy and paste the report into this topic for me to review

thanks gringo

[SantiGasm]

The one I sent you is the ComboFix.txt. I don't know exactly why it didn't save it to my C drive but I did run if off the desktop.

[gringo_pr]

good evening

the one you sent was cut off in the middle can you please send me the complete log


thanks

gringo

[SantiGasm]

That is the exact file it gave me so if its not there I don't know whats wrong.

[gringo_pr]

Hello

These logs are looking good. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run

TFC(Temp File Cleaner):

• Please download TFC to your desktop,
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.


• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
• When completed, a log will open in Notepad. please copy and paste the log into your next reply
  
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

:Kaspersky scan:

Please go to Kaspersky website and perform an online antivirus scan.


• Read through the requirements and privacy statement and click on Accept button.
  
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

"information and logs"

In your next post I need the following


1. Log From MBAM
   
2. Log From Kaspersky
3. let me know of any problems you may have had
4. How is the computer doing now?

Gringo

[gringo_pr]

Hello

three day bump

It has been Three days since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

[SantiGasm]

Malwarebytes' Anti-Malware 1.44
Database version: 3923
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/28/2010 1:00:19 PM
mbam-log-2010-03-28 (13-00-19).txt

Scan type: Quick Scan
Objects scanned: 131198
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


The internet stalled whenever I tried to save the online scan log.