[Active] IExplore piggyback virus?

smithno13 · 18th August 2009

Recently I have noticed that internet explorer seems to be going really slow, even when only doing one thing in one tab. I ctrl alt del and look at the processes, there are usually 4+ iexplore.exe processes running, one of them usually taking up 30% CPU and about 250k memory.
DDS logs
i
DDS (Ver_09-07-30.01) - NTFSx86
Run by Compaq_Owner at 20:20:00.40 on Mon 08/17/2009
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3070.2096 [GMT -5:00]

AV: avast! antivirus 4.8.1335 [VPS 090817-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\steam\steam.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\ManyCam 2.4\ManyCam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.gaiaonline.com/
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.30.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! ¤u¨ã¦C: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:\progra~1\yrefre~1\YREFRE~1.DLL
TB: Gaia Online Toolbar: {b3535c18-0e70-4d4b-b36b-bbfe139bb144} - c:\program files\gaia online toolbar\Toolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Steam] "c:\steam\steam.exe" -silent
uRun: [ManyCam] "c:\program files\manycam 2.4\ManyCam.exe"
uRun: [Comrade.exe] c:\program files\gamespy\comrade\Comrade.exe
mRun: [PCDrProfiler]
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [D-Link AirPlus XtremeG] c:\program files\d-link\airplus xtremeg\AirPlusCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\LOGITE~1.LNK -
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - {B119EB0C-C021-46CF-85B0-34A760E0D5FE} - c:\program files\iepro\iepro.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.30.0\gears.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://202.213.247.128/kxhcm10.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {377FF862-62E0-4F33-B6E5-F58E0BC0F209} - hxxp://login.hanbiton.com/cab/NLSnSSO.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} - hxxp://www.acclaim.com/cabs/acclaim_v5.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.11.0.cab
DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://67.154.21.186:8002/bl_camera.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
DPF: {C4F22FDF-697D-4925-A566-FC9CD1CEBD37} - hxxp://www.magnificentgizmosandgadgets.com/ActiveX/methodloader.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - c:\program files\navnetapp\ComUtilities.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\ob6msbu7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\program files\google\google gears\firefox\lib\ff30\gears.dll
FF - plugin: c:\documents and settings\compaq_owner\application data\mozilla\firefox\profiles\ob6msbu7.default\extensions\battlefieldheroes patcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\compaq_owner\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40723.0\npctrl.1.0.21115.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-1-12 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-1-12 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-5-14 138680]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s --> c:\program files\firebird\firebird_1_5\bin\fbguard.exe -s [?]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2005-3-22 450400]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2007-5-14 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-5-14 352920]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s --> c:\program files\firebird\firebird_1_5\bin\fbserver.exe -s [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
S2 gupdate1c99b99b8455d68;Google Update Service (gupdate1c99b99b8455d68);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]
S3 Revolution1;Revolution1;\??\c:\documents and settings\compaq_owner\my documents\program files\shak3.sys --> c:\documents and settings\compaq_owner\my documents\program files\SHAK3.sys [?]

=============== Created Last 30 ================

2009-08-17 01:12 <DIR> --d----- C:\Nexon
2009-08-16 23:52 1,284,710,929 a------- c:\program files\MSSetupv74.exe
2009-08-16 23:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PMB Files
2009-08-16 23:48 <DIR> --d----- c:\program files\Pando Networks
2009-08-16 16:36 <DIR> --d----- c:\docume~1\compaq~1\applic~1\GarageGames
2009-08-13 21:34 22,328 a------- c:\docume~1\compaq~1\applic~1\PnkBstrK.sys
2009-08-13 21:33 669,184 a------- c:\windows\system32\pbsvc.exe
2009-08-12 03:02 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-12 00:53 <DIR> --d----- c:\docume~1\compaq~1\applic~1\.minecraft
2009-08-01 17:52 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Mumble
2009-08-01 17:52 <DIR> --d----- c:\program files\Mumble
2009-07-29 20:56 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-29 20:49 <DIR> --d----- c:\documents and settings\compaq_owner\.SunDownloadManager
2009-07-29 15:38 <DIR> --dsh--- C:\found.001
2009-07-29 09:03 3,284 a------- c:\windows\system32\ANIWZCS{BC318C2C-DB97-43C5-90F1-53631CB24E67}
2009-07-29 00:16 <DIR> --d----- c:\documents and settings\compaq_owner\DoctorWeb
2009-07-28 23:44 <DIR> --ds---- C:\ComboFix
2009-07-24 18:40 <DIR> --d----- C:\addons
2009-07-23 22:59 <DIR> --d----- c:\windows\system32\hanbiton
2009-07-23 22:24 <DIR> --d----- c:\docume~1\compaq~1\applic~1\CBL-Electronics
2009-07-23 22:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CBL-Electronics
2009-07-23 22:22 <DIR> --d----- c:\program files\common files\cbl electronics shared
2009-07-23 22:22 <DIR> --d----- c:\program files\cbl electronics inc
2009-07-23 22:21 <DIR> --d----- c:\program files\DS-MP3 Source
2009-07-23 22:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-07-23 22:16 <DIR> --d----- c:\docume~1\compaq~1\applic~1\AVS4YOU
2009-07-23 22:16 <DIR> --d----- c:\program files\common files\AVSMedia
2009-07-23 22:16 24,576 a------- c:\windows\system32\msxml3a.dll
2009-07-23 22:16 <DIR> --d----- c:\program files\AVS4YOU
2009-07-23 11:23 <DIR> --d----- C:\Load-CF
2009-07-23 11:22 <DIR> --d----- C:\Tools-AV
2009-07-22 20:49 <DIR> --d----- c:\program files\axhslt
2009-07-22 01:02 <DIR> --d----- c:\program files\Universe Sandbox
2009-07-22 00:55 <DIR> --d----- c:\program files\RocketScientists.dk
2009-07-20 22:45 <DIR> --d----- c:\program files\Operation Cleaner 2

==================== Find3M ====================

2009-08-16 22:41 34 a------- c:\documents and settings\compaq_owner\jagex_runescape_preferences.dat
2009-08-13 21:34 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-13 21:33 103,736 a------- c:\windows\system32\PnkBstrB.exe
2009-08-13 21:33 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-08-05 04:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 04:11 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 20:56 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-17 13:55 58,880 a------- c:\windows\system32\dllcache\atl.dll
2009-07-17 13:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 08:42 1,315,328 a------- c:\windows\system32\dllcache\msoe.dll
2009-06-16 18:24 108 a------- c:\docume~1\alluse~1\applic~1\1bd1132a.dat
2009-06-16 09:55 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 09:55 119,808 a------- c:\windows\system32\dllcache\t2embed.dll
2009-06-16 09:55 82,432 a------- c:\windows\system32\fontsub.dll
2009-06-16 09:55 82,432 a------- c:\windows\system32\dllcache\fontsub.dll
2009-06-12 06:50 76,288 a------- c:\windows\system32\telnet.exe
2009-06-12 06:50 76,288 a------- c:\windows\system32\dllcache\telnet.exe
2009-06-10 09:21 84,992 a------- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 09:21 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 01:32 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 01:32 132,096 a------- c:\windows\system32\dllcache\wkssvc.dll
2009-06-05 02:42 655,872 a------- c:\windows\system32\mstscax.dll
2009-06-05 02:42 655,872 a------- c:\windows\system32\dllcache\mstscax.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\quartz.dll
2009-06-03 14:27 1,290,752 a------- c:\windows\system32\dllcache\quartz.dll
2009-01-14 02:55 11,298 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat
2008-06-20 16:19 124,821 a------- c:\program files\Crates.rar
2008-05-08 16:32 390 a------- c:\program files\Shortcut to Program Files.lnk

============= FINISH: 20:21:38.04 ===============

smithno13 · 18th August 2009

attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/23/2007 10:49:00 PM
System Uptime: 8/16/2009 9:33:37 PM (23 hours ago)

Motherboard: ASUSTek Computer INC. | | NAOS
Processor: AMD Sempron(tm) Processor 3400+ | Socket AM2 | 1803/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 104 GiB total, 3.64 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.518 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&273FFFD6&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0269\4&273FFFD6&0&01
Service: NVENETFD

==== System Restore Points ===================

RP707: 8/16/2009 3:00:40 AM - Software Distribution Service 3.0
RP708: 8/17/2009 1:12:42 AM - Installed MapleStory.
RP709: 8/17/2009 3:00:19 AM - Software Distribution Service 3.0
RP710: 8/17/2009 5:26:06 PM - Software Distribution Service 3.0

==== Installed Programs ======================

7-Zip 4.64
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Media Player
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 7.0.5
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIM 6
AIM Toolbar
AIMTunes
AirPlus XtremeG
American McGee's Alice(tm)
ANIO Service
ANIWZCS2 Service
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
avast! Antivirus
AVS Audio Editor version 4.2
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
Azureus Vuze
BASE Demo
Battlefield 2: Deluxe Edition
Battlefield 2142 Deluxe Edition
Battlefield Heroes
Battleracer
BufferChm
CCleaner (remove only)
CDDRV_Installer
Chains Game
Choice Guard
Clonk Rage 4.9.9.2
Compaq Connections (remove only)
Cortex Command Build 19
Counter-Strike: Source
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Crayon Physics Deluxe - release 51
Creative MuVo V100
Creative Software AutoUpdate
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
CryEngine(R)2 Sandbox(TM)2
Crysis(R)
CueTour
Customer Experience Enhancement
D-Link AirPlus Xtreme G Adapter
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
DING!
DivX Web Player
Downhill PAKOON! 2.Many Unlimited 2009
Download Manager 2.3.7
Download Updater (AOL LLC)
DS-MP3 Source 1.30
e-mix 5.5.1 Pro Edition
EA Download Manager
Easy Internet Sign-up
EVE Online (remove only)
EVEMon
FileASSASSIN
FileZilla Client 3.2.3.1
Firebird 1.5.1.4481
Fraps (remove only)
Free Mp3/Wma/Ogg Converter 4.0.1
FullDPAppQFolder
Gabbasoft Cube Demo
Gaia Online Toolbar 1.400
Game Maker 6.1
GameSpy Comrade
Garry's Mod
GCalc 3
GCFScape 1.7.1
GIMP 2.4.5
Gmask 1.70 English
Google Chrome
Google Earth
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Guild Wars
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Hamachi 1.0.2.5
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Boot Optimizer
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Software Update
HP Support Overview
HP Web Helper
HPPhotoSmartExpress
HpSdpAppCoreApp
HyperCam 2
IE7Pro
iHabbix
InstantShareDevices
iTunes
Java(TM) 6 Update 14
JellyVolley
JFK Reloaded 1.1
K-Lite Codec Pack 4.1.7 (Full)
KhalInstallWrapper
LimeWire 4.18.3
Logitech QuickCam Software
Logitech Registration
Logitech SetPoint
Logitech® Camera Driver
Magic ISO Maker v5.5 (build 0271)
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
MapleStory
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003 60 days trial
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft Works
Microsoft XNA Framework Redistributable 1.0 Refresh
Microsoft XNA Framework Redistributable 2.0
mIRC
Modulobe version 2.0.1
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.11)
MSI v2 to redistribute Rigs of Rods
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Mumble and Murmur
MySQL Connector/ODBC 5.1
NavNet
Neo Steam : The Shattered Continent
neroxml
No-IP.com DUC (remove only)
NVIDIA Drivers
NVIDIA PhysX v8.10.17
Ogg Converter
OpenAL
OpenSSL 0.9.8g Light
Opera 9.50
Operation Cleaner 2 v1.2
OptionalContentQFolder
Overland
Pando Media Booster
PC-Doctor 5 for Windows
PDF Settings
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
Player Recovery Drivers
PractiCount and Invoice 3.1 (Standard)
Project64 1.6
PS8100
PSPrinters06
PunkBuster Services
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Python 2.5.4
QQ Games
Quicken 2006
RandMap
RealPlayer
Realtek AC'97 Audio
Realtek High Definition Audio Driver
RegCure 1.5.0.1
Remove WeatherBug Installer
ROBLOX
RollerCoaster Tycoon 3 Platinum
Rumble Fighter
SAM3 (remove only)
Samsung USB Driver (MCCI 4.34) WHQL v3.4
Sandbox
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 8 (KB960714)
Security Update for Windows Internet Explorer 8 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Sentinel Protection Installer 7.4.0
SkinsHP1
Skype™ 3.8
SlideShow
SlideShowMusic
Soldat 1.4.2
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Source SDK
Source SDK Base
Sprint music manager
Steam
Stunt Playground
Synergy
Tag - IGF Professional 2008
Team Fortress 2
TextMagic Messenger 1.0
The Day the World Broke
The PC Timer 4.0
Tidy Start Menu
TortoiseSVN 1.5.0.13316 (32 bit)
TrayApp
Unity Web Player
Universe Sandbox
Unload
Unlocker 1.8.7
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VeohTV BETA
Virtual CRASH 2.2
Wake up News 5.0
Wallbusters SGA Demo
WebFldrs XP
WebReg
Winamp
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8 Beta 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892050
Windows XP Hotfix - KB893066
WinRAR archiver
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! ¤u¨ã¦C
Yrefresher 1.00

==== Event Viewer Messages From Past Week ========

8/16/2009 9:36:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Defender service to connect.
8/16/2009 9:36:08 PM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/12/2009 3:58:21 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8024002d: Office XP Service Pack 3.
8/11/2009 3:02:10 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0ed: Security Update for Windows XP (KB946648).
8/10/2009 3:02:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
8/10/2009 3:02:27 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

==== End Of File ===========================

**broni** · 18th August 2009

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en...kthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

smithno13 · 18th August 2009

Glad to see you on my case again broni. I think this was a problem that I had before the last time, and we just never got rid of it. I'll do the scans in like 30 minutes, I have to deal with some stuff for school.

**broni** · 18th August 2009

No problem

smithno13 · 20th August 2009

I gotta say, some of the websites that the had cookies deleted are sliightly embarrassing... But hey, we all have our bad habits.

Any idea how long the MBAM scan will take? And can I run other things, like internet explorer, during the process?

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/19/2009 at 10:18 PM

Application Version : 4.27.1002

Core Rules Database Version : 4060
Trace Rules Database Version: 2000

Scan type : Complete Scan
Total Scan Time : 01:56:53

Memory items scanned : 226
Memory threats detected : 0
Registry items scanned : 6889
Registry threats detected : 6
File items scanned : 61010
File threats detected : 190

Adware.Tracking Cookie
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@iacas.adbureau[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adultadworld[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.photobucket[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@phillyburbscom.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.bridgetrack[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@axxessads.valuead[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ar.atwola[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@viacom.adbureau[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yadro[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@insightexpressai[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www5.addfreestats[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@imrworldwide[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@crackle[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@a1.interclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adbrite[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@fastclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@oasn04.247realmedia[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@gaiainteractive.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cdn4.specificclick[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstbeacon[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yieldmanager[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.crakmedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstbeacon[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@paypal.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstnet[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnbc.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clicksor[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adrevolver[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cdnh.tremormedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@electronicarts.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.adrevolver[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@videoegg.adbureau[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www7.addfreestats[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bet.burstnet[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@yieldmanager[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@pornhub[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adinterax[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atwola[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tribalfusion[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@timeinc.122.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@kontera[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media6degrees[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ordie.adbureau[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserver.adtechus[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.nexon[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dc.tremormedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@casalemedia[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@collective-media[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@intermundomedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bluestreak[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@realmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ero-advertising[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad1.clickhype[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@eaeacom.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tacoda[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@overture[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clicks.adengage[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.adrevolver[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dmtracker[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@player.mondomedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.pointroll[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@server.cpmstar[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.linktrack66[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@at.atwola[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@bs.serving-sys[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ice.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clicktorrent[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@mediaplex[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@rotator.adjuggler[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@teensluts[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgm.adbureau[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@myroitracking[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@interclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@chitika[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@rccl.bridgetrack[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statse.webtrendslive[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adlegend[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@247realmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[4].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.telegraph.co[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.infinisource[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ibrokemypenis[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.audxch[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@content.yieldmanager[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.ad4game[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@content.yieldmanager[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@newsinternational.122.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.pornhub[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@stats.adbrite[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@msnportal.112.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@optimize.indieclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media6degrees[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adbrite[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstnet[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@chitika[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cracked[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@server.cpmstar[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adbrite[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@questionmarket[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adbrite[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media2.gamook[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.freeporndumpster[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cdn.at.atwola[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@premiumtv.122.2o7[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tacoda[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstnet[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@serving-sys[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstnet[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@revsci[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@tacoda[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cdn4.specificclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.googleadservices[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.habbogroup[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@teenlib[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@webads.hookedmediagroup[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@oasn04.247realmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ero-advertising[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ar.atwola[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@iacas.adbureau[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@clicktorrent[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@teen-shy[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adultswim[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.ad4game[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@advertising[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@doubleclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.teenban[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@specificmedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@zedo[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.ad4game[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.teenbin[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@socialmedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@fastclick[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserver.adtechus[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adserver.adtechus[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@apmebf[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@trafficmp[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@at.atwola[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atwola[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atwola[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adtech[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@invitemedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ad.yieldmanager[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstbeacon[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@burstbeacon[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstbeacon[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.burstbeacon[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@overture[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.createreach[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@freeporndumpster[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adscendmedia[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@cgm.adbureau[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.18teener[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@ads.adultswim[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@a1.interclick[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@media.adrevolver[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@casalemedia[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@eas.apm.emediate[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@adtech.habbo[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.clickonteen[3].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.clickonteen[2].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@statcounter[1].txt
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@teenlib[1].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@adbrite[2].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@ads.adbrite[1].txt
C:\Documents and Settings\Nicholas\Cookies\nicholas@zedo[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\compaq_owner@wmvmedialease[1].txt

Rogue.Component/Trace
HKLM\Software\Microsoft\08783BE4
HKLM\Software\Microsoft\08783BE4#08783be4
HKLM\Software\Microsoft\08783BE4#Version
HKLM\Software\Microsoft\08783BE4#08789664
HKLM\Software\Microsoft\08783BE4#0878ff81

Trojan.Fake-Alert/Trace
HKU\S-1-5-21-3118088493-1253333802-4265547694-1008\SOFTWARE\Microsoft\fias4013

Trojan.Agent/Gen-FakeSpy[Broad]
C:\PROGRAM FILES\AXHSLT\WNRXSYSGUARD.EXE

**broni** · 20th August 2009

My manual suggests, you omit tracking cookies because they're not important.

smithno13 · 20th August 2009

Mustve been fine print, I missed it. Oh well, it did me some good.

**broni** · 20th August 2009

Lol...

smithno13 · 20th August 2009

Either way, MBAM is running now. Can I browse the web while it runs?

**broni** · 20th August 2009

If you're not planning to visit THOSE (

) sites, yes...

smithno13 · 20th August 2009

I havent been to those sites in awhile, no clue why I still had the cookie trackers, I cleared my cookies last week

**broni** · 20th August 2009

I'm not a censor, I'm a malware guy

smithno13 · 20th August 2009

I waited for MBAM to finish for awhile, finally when the scan was at four hours I gave up and went to bed. When I woke up, my computer had been reset and there was no log. Does this mean nothing was found?

**broni** · 21st August 2009

It's hard to say...

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.
This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, select Complete scan.
Click the green arrow http://i154.photobucket.com/albums/s...sy69/drweb.jpg at the right, and the scan will start.
Click Yes to all if it asks if you want to cure/move the file.
When the scan has finished, in the menu, click File and choose Save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Post fresh HijackThis log as well.

Download HijackThis:
http://www.trendsecure.com/portal/en...kthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator