Active Google Re-Direct

Versify · 2009/05/07

[Active] Google Re-Direct

I'm having a google-redirect problem when I click on links. I've tried virus-scanning but it's not getting rid of it. Is there a fix available?

Here is DDS Log:

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 15:45:41.11 on Thu 05/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1534.752 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall Plus *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
\\?\globalroot\systemroot\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {C2BA40A1-74F3-42BD-F434-12345A2C8953} - No File
TB: McAfee VirusScan: {ba52b914-b692-46c4-b683-905236f6f655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\progra~1\flashget\fgiebar.dll
TB: DAP Bar: {62999427-33fc-4baf-9c9c-bce6bd127f08} - c:\progra~1\dap\dapiebar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ASUS SmartDoctor] c:\program files\asus\smartdoctor\SmartDoctor.exe /start
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [MPFEXE] "c:\program files\mcafee.com\personal firewall\MPFTray.exe "
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033 -noicon
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\McAgent.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [autochk] rundll32.exe c:\windows\system32\autochk.dll,_IWMPEvents@16
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [MRT] "c:\windows\system32\MRT.exe" /R
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [autochk] rundll32.exe c:\docume~1\locals~1\protect.dll,_IWMPEvents@16
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\ChkDisk.dll
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\chkdisk.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {669695BC-A811-4A9D-8CDF-BA8C795F261C} - c:\progra~1\dap\DAP.EXE
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - d:\program files\aim\aim.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\progra~1\flashget\flashget.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - {7DD73374-7187-4103-8F29-622AA25E7C40} - c:\program files\mcafee\spamkiller\mcapfbho.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\progra~1\speedb~1\sblsp.dll
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
Trusted Zone: antimalwareguard.com
Trusted Zone: gomyhit.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} - hxxps://wstatic.plaync.co.kr/common/js/UniUpdTool/NCLoader.5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: __c00E37AE - c:\windows\system32\__c00E37AE.dat
SEH: {F60A0B68-AF3A-C1D2-CD09-5A80A136D2BA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\rd3oey6m.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - plugin: c:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-1 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-1 27784]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-1 298776]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [2008-11-25 941784]
R2 E2ECAP;e2eCap - WDM Video Capture;c:\windows\system32\drivers\e2eCap.sys [2008-11-25 124416]
R2 VCAM_WDM;e2eSoft VCam (WDM);c:\windows\system32\drivers\VCam_WDM.sys [2008-11-25 92544]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-5-15 21920]
S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2005-11-7 114464]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 private1;private1;\??\c:\documents and settings\owner\desktop\private_engine\private_engine\private.sys --> c:\documents and settings\owner\desktop\private_engine\private_engine\private.sys [?]
S3 Revolution1;Revolution1;\??\c:\documents and settings\owner\desktop\revolutionengine8.3byshak3\shak3.sys --> c:\documents and settings\owner\desktop\revolutionengine8.3byshak3\SHAK3.sys [?]
S3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\video3d.sys --> c:\windows\system32\drivers\Video3D.sys [?]
S4 Connkper;Connkper; [x]
S4 FlashVideoServer;Moyea Flash Video Server;c:\program files\moyea\flash video server trial\flash stream server.exe [2008-11-25 323584]
S4 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2005-11-7 126976]
S4 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2005-11-7 221184]
S4 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2005-11-7 122368]
S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2005-11-7 245760]
S4 msftesql$SQLEXPRESS;SQL Server FullText Search (SQLEXPRESS);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2006-2-14 92880]
S4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]

=============== Created Last 30 ================

2009-05-07 11:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Stardock
2009-05-07 04:11 27,648 a------- c:\windows\system32\lmn_setup.exe
2009-05-06 20:52 <DIR> --d----- c:\program files\Trend Micro
2009-05-06 12:12 24,064 a--sh--- c:\documents and settings\owner\protect.dll
2009-05-06 12:11 24,064 a--sh--- c:\windows\system32\autochk.dll
2009-05-05 20:11 27,136 a------- c:\windows\system32\__c00E37AE.dat
2009-05-05 12:04 118 a------- c:\windows\system32\MRT.INI
2009-05-01 16:55 22,538 a------- c:\windows\system32\lmppcsetup.exe
2009-05-01 00:39 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-01 00:18 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-01 00:18 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-01 00:18 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-01 00:18 <DIR> --d----- c:\program files\AVG
2009-05-01 00:18 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-30 23:54 <DIR> --d----- c:\docume~1\owner\applic~1\Malwarebytes
2009-04-30 23:54 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-30 23:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 23:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-30 23:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-30 23:24 1 a------- c:\windows\system32\uniq.tll
2009-04-30 22:23 182,911 a------- c:\windows\system32\prnet.tmp
2009-04-30 22:11 862,618 a------- c:\windows\system32\rn.tmp

==================== Find3M ====================

2009-04-30 23:24 104,960 a------- c:\windows\system32\userinit.exe
2009-04-30 22:30 87,552 a--sh--- c:\windows\system32\rutosubu.dll
2009-03-15 04:22 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-03-15 04:22 22,328 a------- c:\docume~1\owner\applic~1\PnkBstrK.sys
2009-03-15 04:22 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-03-15 04:21 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-03-15 04:21 2,246,144 a------- c:\windows\system32\pbsvc.exe
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 10:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-02 20:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 14:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 06:20 723,456 a------- c:\windows\system32\lsasrv.dll
2009-02-09 06:20 399,360 a------- c:\windows\system32\rpcss.dll
2009-02-09 06:20 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 06:20 616,960 a------- c:\windows\system32\advapi32.dll
2009-02-09 06:19 1,846,272 a------- c:\windows\system32\win32k.sys
2007-11-14 18:53 1,155,767 a------- c:\documents and settings\owner\wvp.exe
2007-11-14 18:53 1,803,776 a------- c:\documents and settings\owner\wulfram2.exe
2007-11-14 18:51 640,000 a------- c:\documents and settings\owner\dbghelp.dll
2007-11-14 18:51 162,816 a------- c:\documents and settings\owner\fmod.dll
2007-11-14 18:51 81,920 a------- c:\documents and settings\owner\helper.exe
2007-11-14 18:49 192,576 a------- c:\documents and settings\owner\bwau.exe
2006-12-04 05:17 648 a------- c:\docume~1\owner\applic~1\wklnhst.dat
2005-07-14 15:31 27,648 a--sh--- c:\windows\system32\AVSredirect.dll
2006-07-30 22:30 997,056 a--sh--- c:\windows\system32\metsyS.dat

============= FINISH: 15:46:23.10 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 7/18/2006 8:10:33 AM
System Uptime: 5/5/2009 7:55:11 PM (44 hours ago)

Motherboard: First International Computer, Inc. | | K8MC51G
Processor: AMD Sempron(tm) Processor 3100+ | Socket 940 | 1808/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 88 GiB total, 4.046 GiB free.
D: is FIXED (NTFS) - 37 GiB total, 0.414 GiB free.
E: is FIXED (FAT32) - 5 GiB total, 2.708 GiB free.
F: is CDROM (CDFS)
K: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Loopback Adapter
Device ID: ROOT\NET\0000
Manufacturer: Microsoft
Name: Microsoft Loopback Adapter
PNP Device ID: ROOT\NET\0000
Service: msloop

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Hamachi Network Interface
Device ID: ROOT\NET\0002
Manufacturer: LogMeIn, Inc.
Name: Hamachi Network Interface
PNP Device ID: ROOT\NET\0002
Service: hamachi

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter

==== System Restore Points ===================

RP982: 5/2/2009 4:23:45 PM - Avg8 Update
RP983: 5/5/2009 2:17:07 AM - System Checkpoint
RP984: 5/5/2009 11:58:37 AM - Software Distribution Service 3.0
RP985: 5/5/2009 11:59:30 AM - Software Distribution Service 3.0
RP986: 5/5/2009 6:37:29 PM - Software Distribution Service 3.0
RP987: 5/6/2009 9:44:07 PM - System Checkpoint
RP988: 5/7/2009 2:57:49 PM - Software Distribution Service 3.0

==== Installed Programs ======================

Aarons Cliker Version 2.85
Adobe Common File Installer
Adobe Flash Media Live Encoder 3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Help Center 2.1
Adobe Illustrator CS2
Adobe Photoshop CS
Adobe Premiere Elements 3.0
Adobe Reader 7.0
Adobe SVG Viewer 3.0
AGEIA PhysX v7.11.13
AION
AmazingMIDI
AMD Processor Driver
AOL Instant Messenger
Apple Software Update
ASUS ATI Driver
ASUS Enhanced Display Driver
ASUS Smart Doctor
ASUS Utilities
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AutoIt v3.2.6.0
AutoUpdate
AVG 8.5
AVIVO Codecs
BaboViolent 2.11
BigFix
BitLord 1.1
BlackWidow
Blender (remove only)
Bome's Mouse Keyboard 2.0beta6
Bome's Mouse Keyboard Reason Integration 1.0
Bots
Cavaj Java Decompiler
CDDRV_Installer
Cheat Engine 5.3
Continuum 0.40
Cool Edit Pro 2.0
Dev-C++ 5 beta 9 release (4.9.9.2)
Digital Media Reader
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Accelerator Plus (DAP)
doxygen 1.5.1-p1
Dynasty Warriors 4 Hyper
e2eSoft VCam v4.2
Enemy Territory - QUAKE Wars(TM) Demo 1.1 Patch
Ethereal 0.99.0
EVEREST Home Edition v2.20
FileZilla Client 3.2.1
Flash Video Server Trial 1.0
FlashGet(JetCar)
FLV Player 1.3.3
FlvRecorder
Fraps (remove only)
Game Cam v1.4
Google Toolbar for Internet Explorer
Google Video Player
Google Video Uploader
Graboid Video 1.4
Half-Life 2
Half-Life 2: Episode One
Half-Life SDK v2.3
Hamachi 1.0.3.0
HijackThis 2.0.2
Hot Potato Online
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotspot Shield 1.10
HTML and XHTML Step by Step
IceChat 7.61 (Build 20071230)
ijji FireFox Launcher 1.0
ImTOO FLV Converter
Indeo® Software
Inno Setup version 5.1.9
InstallShield for Microsoft Visual C++ 6
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 9
JA+2.3 mod with JA+ Pluginv1.3
Java 2 Runtime Environment, SE v1.4.2_12
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Joost (tm) 0.10.8
KhalInstallWrapper
KSignAccessToolkit v1.0
LimeWire PRO 5.0.11
Live Midi Keyboard 1.0.3
Logitech Registration
Logitech SetPoint
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes' Anti-Malware
McAfee Uninstall Wizard
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft DirectX SDK (June 2006)
Microsoft FrontPage Client - English
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office Live Meeting 2005 Replay Wrapper
Microsoft Office Standard Edition 2003
Microsoft Reader
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 (SQLEXPRESS)
Microsoft SQL Server 2005 Tools
Microsoft SQL Server Management Studio Express
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Visual Studio .NET Enterprise Architect 2003 - English
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Microsoft Works
Microsoft XNA Framework (Beta)
Microsoft XNA Game Studio Express (Beta)
MIDI Yoke
MinGW 3.1.0
mIRC
MorphVOX Pro
Moyea FLV Downloader version 1.15.0.15
Moyea FLV Player version 1.5.2.7
Mozilla Firefox (3.0.10)
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MySQL Server 5.0
Need for Speed™ Most Wanted
Nero BurnRights
Nero OEM
NetBeans IDE 5.5
Nokia Connectivity Cable Driver
Nokia Multimedia Converter 2.0
Nokia PC Suite
nProtect Netizen(remove only)
NVIDIA Drivers
OGRE SDK 1.2.4 for Visual C++.Net 2003
OpenAL
PC Connectivity Solution
plaync·±Ãƒ³
PowerDVD
Proxifier version 2.7
PSGame_CB
PunkBuster Services
Python 2.5
Python 2.5 PIL-1.1.6
Quake Live Mozilla Plugin
QuickTime
Ready to Program with Java Technology
RealPlayer
Realtek AC'97 Audio
Reason 3.0
Recovery Software Suite eMachines
Remote Support System
Replay AV 8
Riva FLV Encoder 2.0
S4 League
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Savage 2 - A Tortured Soul
Savage: The Battle For Newerth (Version: 1.0)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Shareaza version 2.2.5.0
Silkroad
Skype 3.0
Skype Plugin Manager
SoftV92 Data Fax Modem with SmartCP
Sony ACID 4.0f
Sony Vegas Pro 8.0
Source SDK
Source SDK Base
SpeedBit Video Accelerator
Steam
SurfOffline Professional 2
Team Fortress 2
The Driver's Permit Study Guide
The Last Days 2.2.1
Trillian
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
UTSC Remote Access 1.0
Ventrilo Client
Veoh Web Player Beta
VeohTV BETA
VH Toolkit 1.0.23.0
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
Virtual DJ - Atomix Productions
VirtualCamera
Visual Studio .NET Enterprise Architect 2003 - English
Visual Studio.NET Baseline - English
VMware Workstation
VNC Personal Edition P4.2.8
VobSub v2.23 (Remove Only)
Warhammer Online - Age of Reckoning
WebcamMax
WebFldrs XP
WeGame Client Public Beta 1.0.6
Winamp
Windows Backup Utility
Windows Communication Foundation
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows Movie Maker 2.0
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Wing IDE 101 3.0.0-b2
WinHTTrack Website Copier 3.41-3
WinPcap 3.1
WinRAR archiver
Woopra 1.2
Xilisoft Video Converter Standard
XML Paper Specification Shared Components Pack 1.0
XviD 1.1 final uninstall
YouTube Video Downloader V1.1.1

==== Event Viewer Messages From Past Week ========

5/6/2009 8:59:59 AM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402
5/6/2009 8:59:59 AM, error: Schedule [7901] - The At10.job command failed to start due to the following error: %%2147942402
5/6/2009 8:00:00 AM, error: Schedule [7901] - The At9.job command failed to start due to the following error: %%2147942402
5/6/2009 8:00:00 AM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402
5/6/2009 7:00:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402
5/6/2009 7:00:00 PM, error: Schedule [7901] - The At20.job command failed to start due to the following error: %%2147942402
5/6/2009 7:00:00 AM, error: Schedule [7901] - The At8.job command failed to start due to the following error: %%2147942402
5/6/2009 7:00:00 AM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402
5/6/2009 6:00:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402
5/6/2009 6:00:00 PM, error: Schedule [7901] - The At19.job command failed to start due to the following error: %%2147942402
5/6/2009 6:00:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
5/6/2009 6:00:00 AM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402
5/6/2009 5:00:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402
5/6/2009 5:00:00 PM, error: Schedule [7901] - The At18.job command failed to start due to the following error: %%2147942402
5/6/2009 5:00:00 AM, error: Schedule [7901] - The At6.job command failed to start due to the following error: %%2147942402
5/6/2009 5:00:00 AM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402
5/6/2009 4:00:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402
5/6/2009 4:00:00 PM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
5/6/2009 4:00:00 AM, error: Schedule [7901] - The At5.job command failed to start due to the following error: %%2147942402
5/6/2009 4:00:00 AM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402
5/6/2009 3:00:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402
5/6/2009 3:00:00 PM, error: Schedule [7901] - The At16.job command failed to start due to the following error: %%2147942402
5/6/2009 3:00:00 AM, error: Schedule [7901] - The At4.job command failed to start due to the following error: %%2147942402
5/6/2009 3:00:00 AM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402
5/6/2009 2:00:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402
5/6/2009 2:00:00 PM, error: Schedule [7901] - The At15.job command failed to start due to the following error: %%2147942402
5/6/2009 2:00:00 AM, error: Schedule [7901] - The At3.job command failed to start due to the following error: %%2147942402
5/6/2009 2:00:00 AM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
5/6/2009 12:35:00 AM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
5/6/2009 12:08:00 AM, error: Schedule [7901] - The At1.job command failed to start due to the following error: %%2147942402
5/6/2009 11:59:59 AM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402
5/6/2009 11:59:59 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
5/6/2009 11:00:00 AM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402
5/6/2009 11:00:00 AM, error: Schedule [7901] - The At12.job command failed to start due to the following error: %%2147942402
5/6/2009 10:00:00 AM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402
5/6/2009 10:00:00 AM, error: Schedule [7901] - The At11.job command failed to start due to the following error: %%2147942402
5/6/2009 1:56:54 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service usnjsvc with arguments " " in order to run the server: {98AC5C33-EE18-4EC2-BE25-3B16EE8F75F1}
5/6/2009 1:00:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402
5/6/2009 1:00:00 PM, error: Schedule [7901] - The At14.job command failed to start due to the following error: %%2147942402
5/6/2009 1:00:00 AM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402
5/6/2009 1:00:00 AM, error: Schedule [7901] - The At2.job command failed to start due to the following error: %%2147942402
5/5/2009 9:00:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402
5/5/2009 9:00:00 PM, error: Schedule [7901] - The At22.job command failed to start due to the following error: %%2147942402
5/5/2009 8:56:54 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service McUpdMgr.Exe with arguments "/Embedding" in order to run the server: {C3A036FA-DA7D-45E2-AE16-6CADAAE5D75E}
5/5/2009 8:56:27 PM, error: System Error [1003] - Error code 1000000a, parameter1 0800eaf0, parameter2 00000002, parameter3 00000000, parameter4 804e16f3.
5/5/2009 8:01:35 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
5/5/2009 8:00:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
5/5/2009 8:00:00 PM, error: Schedule [7901] - The At21.job command failed to start due to the following error: %%2147942402
5/5/2009 11:00:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402
5/5/2009 11:00:00 PM, error: Schedule [7901] - The At24.job command failed to start due to the following error: %%2147942402
5/5/2009 10:00:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402
5/5/2009 10:00:00 PM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
4/30/2009 11:32:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/30/2009 11:29:08 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 asuskbnt EIO Fips oreans32 StarOpen

==== End Of File ===========================

broni · 2009/05/15

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies may be omitted from the log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackThis log.
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Versify · 2009/05/19

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/19/2009 at 09:15 AM

Application Version : 4.26.1002

Core Rules Database Version : 3900
Trace Rules Database Version: 1846

Scan type : Complete Scan
Total Scan Time : 07:56:15

Memory items scanned : 242
Memory threats detected : 2
Registry items scanned : 9516
Registry threats detected : 54
File items scanned : 461206
File threats detected : 498

Trojan.Unclassified/C00-WL/G
C:\WINDOWS\SYSTEM32\__C00AB4E6.DAT
C:\WINDOWS\SYSTEM32\__C00AB4E6.DAT

Trojan.Smitfraud Variant-Gen/Bensorty
C:\WINDOWS\SYSTEM32\AFNOINKDSFE.DLL
C:\WINDOWS\SYSTEM32\AFNOINKDSFE.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2BA40A1-74F3-42BD-F434-12345A2C8953}
HKCR\CLSID\{C2BA40A1-74F3-42BD-F434-12345A2C8953}
HKCR\CLSID\{C2BA40A1-74F3-42BD-F434-12345A2C8953}
HKCR\CLSID\{C2BA40A1-74F3-42BD-F434-12345A2C8953}#ThreadingModel
HKCR\CLSID\{C2BA40A1-74F3-42BD-F434-12345A2C8953}\InProcServer32
HKCR\CLSID\{C2BA40A1-74F3-42BD-F434-12345A2C8953}\InProcServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{C2BA40A1-74F3-42BD-F434-12345A2C8953}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2BA40A1-74F3-42BD-F434-12345A2C8953}
HKU\S-1-5-21-3291786437-1093556625-2386094360-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2BA40A1-74F3-42BD-F434-12345A2C8953}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2BA40A1-74F3-42BD-F434-12345A2C8953}

Trojan.Unknown Origin
[autochk] C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
C:\WINDOWS\SYSTEM32\AUTOCHK.DLL
[autochk] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\PROTECT.DLL
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\PROTECT.DLL
[autochk] C:\DOCUME~1\OWNER\PROTECT.DLL
C:\DOCUME~1\OWNER\PROTECT.DLL
[autochk] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\PROTECT.DLL
C:\DOCUMENTS AND SETTINGS\OWNER\PROTECT.DLL
C:\DOCUMENTS AND SETTINGS\OWNER\START MENU\PROGRAMS\STARTUP\CHKDISK.DLL
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\PROTECT.DLL
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\START MENU\PROGRAMS\STARTUP\CHKDISK.DLL
C:\WINDOWS\TEMP\MSB.DLL

Trojan.Agent/Gen-FraudLoad
[] C:\WINDOWS\TEMP\OPTNX4Q6LO.EXE
C:\WINDOWS\TEMP\OPTNX4Q6LO.EXE
[uidenhiufgsduiazghs] C:\WINDOWS\TEMP\OPTNX4Q6LO.EXE
[] C:\WINDOWS\TEMP\OPTNX4Q6LO.EXE
[uidenhiufgsduiazghs] C:\WINDOWS\TEMP\OPTNX4Q6LO.EXE
C:\WINDOWS\SYSTEM32\AK1.EXE
C:\WINDOWS\TEMP\SFSDFDF.EXE

Trojan.Agent/Gen-FakeAlert
[Diagnostic Manager] C:\WINDOWS\TEMP\547228944.EXE
C:\WINDOWS\TEMP\547228944.EXE
[Diagnostic Manager] C:\DOCUME~1\OWNER\LOCALS~1\TEMP\1715376384.EXE
C:\DOCUME~1\OWNER\LOCALS~1\TEMP\1715376384.EXE
[Diagnostic Manager] C:\WINDOWS\TEMP\547228944.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\1015996528.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\111327984.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\1361774112.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\1601027104.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\1644574416.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\1674981280.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\1715376384.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\200709296.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\223894560.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\2324826608.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\3416517632.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\3655069616.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\3698516784.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\382912160.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\4045996816.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\4292159744.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\735699824.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\877909024.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\988071680.EXE
C:\WINDOWS\TEMP\1432210320.EXE
C:\WINDOWS\TEMP\1771944416.EXE
C:\WINDOWS\TEMP\3053724544.EXE
C:\WINDOWS\TEMP\3502850736.EXE
C:\WINDOWS\TEMP\3505554624.EXE
C:\WINDOWS\TEMP\3681407488.EXE
C:\WINDOWS\TEMP\490064144.EXE
C:\WINDOWS\TEMP\881063392.EXE
C:\WINDOWS\Prefetch\1715376384.EXE-2E57030F.pf

Trojan.Unclassified/C00-Installer
[A00F1C60BB1.exe] C:\WINDOWS\TEMP\_A00F1C60BB1.EXE
C:\WINDOWS\TEMP\_A00F1C60BB1.EXE
[A00F1C60BB1.exe] C:\WINDOWS\TEMP\_A00F1C60BB1.EXE

Spyware.PWS-KernDDrv
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{F60A0B68-AF3A-C1D2-CD09-5A80A136D2BA}

Trojan.CWS/HWY
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
HKU\S-1-5-21-3291786437-1093556625-2386094360-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{669695BC-A811-4A9D-8CDF-BA8C795F261C}
HKLM\Software\Microsoft\Internet Explorer\Extensions\{669695BC-A811-4A9D-8CDF-BA8C795F261C}

Trojan.Sino-PWS/Gen
HKU\S-1-5-21-3291786437-1093556625-2386094360-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BA40A2-74F0-42BD-F434-12345A2C8953}

Trojan.Unclassified/C00-WL/B
Software\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\__c00AB4E6

Adware.Tracking Cookie
[tracking cookies deleted by Broni]

Unclassified.Oreans32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf

Versify · 2009/05/19

Trojan.Unclassified/C00-WL
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00AB4E6
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00AB4E6#Asynchronous
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00AB4E6#DllName
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00AB4E6#Impersonate
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00AB4E6#Startup
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00AB4E6#Logon
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E37AE
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E37AE#Asynchronous
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E37AE#DllName
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E37AE#Impersonate
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E37AE#Startup
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\__C00E37AE#Logon

Trojan.Unclassified/Loader-Suspicious
D:\CODING\ADD_PLUGIN\ADVANCED\LOADER\DEBUG\LOADER.EXE
D:\CODING\ADD_PLUGIN\SIMPLE\LOADER\DEBUG\LOADER.EXE

Adware.TV Media
D:\DOCUMENTS AND SETTINGS\ADA\LOCAL SETTINGS\TEMP\TVMUPDATER.EXE

Adware.eZula
D:\WINDOWS\WOINSTALL.EXE

Trace.Known Threat Sources
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\X3RL3MPM\onlinescanxpp_com[1].htm
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\G5Y38DAZ\line-divider[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\4HERCTYN\icon[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\G5Y38DAZ\maincat[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\MTE6KTVJ\bottomleftgraybox[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\4HERCTYN\bottomrightclickbox[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3273YTRH\toprightinsidebox[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\4HERCTYN\topleftclickbox[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\G5Y38DAZ\go[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\G5Y38DAZ\toprightclickbox[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\MTE6KTVJ\bottomtitleheader[1].jpg
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\4HERCTYN\bullet-arrow[2].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\MTE6KTVJ\image-bottom[1].jpg
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3273YTRH\bottomleftclickbox[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\4HERCTYN\image-top[1].jpg
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\G5Y38DAZ\bottomleftinsidebox[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\4HERCTYN\bullet-arrow[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\MTE6KTVJ\popularsearches1[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3273YTRH\titleheaderbg[1].jpg
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\3273YTRH\toprightgraybox[1].gif
D:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\G5Y38DAZ\divider[1].gif

Malwarebytes' Anti-Malware 1.36
Database version: 2153
Windows 5.1.2600 Service Pack 3

5/19/2009 2:02:57 PM
mbam-log-2009-05-19 (14-02-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 607183
Time elapsed: 4 hour(s), 10 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 6
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\__c00AB4E6.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\msb.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00ab4e6 (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00e37ae (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c2ba40a1-74f3-42bd-f434-12345a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\diagnostic manager (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\glsetup.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmn_setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\memman.vxd (Rogue.SysCleanerPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00AB4E6.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\win32hlp.cnf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Temp\msb.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\lmppcsetup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-19 20:27:25
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

Code 8A3201B0 ZwEnumerateKey
Code 8A363230 ZwFlushInstructionCache
Code 8A35D18E IofCallDriver
Code 8A3850B6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 8A35D193
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 8A3850BB
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 8A363234
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP 8A3201B4
? mgcecib.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD5117.SYS The process cannot access the file because it is being used by another process.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 B8DDE4D0 15 Bytes CALL 54E2A916
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 B8DDE4E1 31 Bytes [D0, DD, B8, 75, 5C, 9F, A3, ...]
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED7A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED7B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED7AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED86CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED85A2] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EFABBC] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A693C78
Device \FileSystem\Fastfat \FatCdrom 8940C7E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D108EB0-ED30-40BE-A417-6E42D8C6A65F} 8A3B2720

AttachedDevice \Driver\Tcpip \Device\Ip MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A696C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A696C78
Device \Driver\Cdrom \Device\CdRom0 8A64BEB0
Device \FileSystem\Rdbss \Device\FsWrap 8941E7E0
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A696C78
Device \Driver\Cdrom \Device\CdRom1 8A64BEB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{DEA5FE88-4632-42A3-856B-00C142AB673D} 8A3B2720
Device \Driver\USBSTOR \Device\000000c0 8A3AD450
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3B2720
Device \Driver\usbhub \Device\000000b6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\NetBT \Device\NetbiosSmb 8A3B2720
Device \Driver\usbhub \Device\000000b7 hcmon.sys (VMware USB monitor/VMware, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\00000079 \Device\00000089 sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 8A693EB0

AttachedDevice \Driver\Tcpip \Device\RawIp MpFirewall.sys (McAfee Personal Firewall Driver/McAfee)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

Device \Driver\Disk \Device\Harddisk1\DR1 8A693EB0
Device \Driver\usbohci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Disk \Device\Harddisk2\DR5 8A693EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 8A693EB0
Device \Driver\usbehci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a 8A693EB0
Device \Driver\Disk \Device\Harddisk3\DR6 8A693EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8941B7E0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b 8A693EB0
Device \Driver\Disk \Device\Harddisk4\DR7 8A693EB0
Device \Driver\Disk \Device\Harddisk5\DP(1)0-0+c 8A693EB0
Device \Driver\Disk \Device\Harddisk5\DR8 8A693EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8941B7E0
Device \Driver\USBSTOR \Device\000000ba 8A3AD450
Device \FileSystem\Npfs \Device\NamedPipe 8A696A40
Device \Driver\Ftdisk \Device\FtControl 8A696C78
Device \FileSystem\Msfs \Device\Mailslot 8A696550
Device \Driver\USBSTOR \Device\000000bd 8A3AD450
Device \Driver\USBSTOR \Device\000000be 8A3AD450
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 8A64B0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A64B0E8
Device \Driver\USBSTOR \Device\000000bf 8A3AD450
Device \FileSystem\Fastfat \Fat 8940C7E0

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A5670E8

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\ovfsthvqmsosauumrkjkwqayeardjdbsitqmtj.sys (*** hidden *** ) [SYSTEM] ovfsthboyoyixpugpoepvechliefnbgdkadaog <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@imagepath \systemroot\system32\drivers\ovfsthvqmsosauumrkjkwqayeardjdbsitqmtj.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@inst 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@ver sni060409
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@cid 01
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@bid 8399876-3291786437-1093556625-2386094360
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@aid 998
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@sid 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@feed 0x22 0x64 0x78 0x36 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@cmddelay 28801
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@logoffset 123201
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\ff
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\ff@extension \\?\C:\Program Files\Mozilla Firefox\extensions\{1C138E0F-A7DA-4C6D-824D-805E82104410}
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\ff@version 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\injector@iexplore.exe ovfsthwi.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\injector@explorer.exe ovfsthff.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\tasks\0000000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\tasks\0000000001@fn (null)
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\tasks\0000000001@url http://212.117.174.14/lmn_setup.exe
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\tasks\0000000001@timeout 900
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\tasks\0000000001@type 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\tasks\0000000001@count 10
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsth.sys \systemroot\system32\drivers\ovfsthvqmsosauumrkjkwqayeardjdbsitqmtj.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsth.dll \systemroot\system32\ovfsthcvjxaplmxgtfapppjeclkdmnyowykwpp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsthlog.dat \systemroot\system32\ovfsthsafvuxndggsapcmjowcyggvueyqqlyhy.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsthwi.dll \systemroot\system32\ovfsthedygfbmlnkhnakrcfcihdruqblyvfjal.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsthff.dll \systemroot\system32\ovfsthlwsnxlosxyifqsptyjltylxrxwhyqsun.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsth.dat \systemroot\system32\ovfsthvqcoajcnnulityykkuwrdrjnyaivbboo.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0E 0x59 0x30 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0xC3 0x1F 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDC 0x92 0xB7 0x01 ...
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@imagepath \systemroot\system32\drivers\ovfsthvqmsosauumrkjkwqayeardjdbsitqmtj.sys
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@inst 0
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@ver sni060409
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@cid 01
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@bid 8399876-3291786437-1093556625-2386094360
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@aid 998
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@sid 3
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@feed 0x22 0x64 0x78 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@cmddelay 28801
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@logoffset 123201
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\ff
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\ff@extension \\?\C:\Program Files\Mozilla Firefox\extensions\{1C138E0F-A7DA-4C6D-824D-805E82104410}
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\ff@version 1
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\injector@iexplore.exe ovfsthwi.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\injector@explorer.exe ovfsthff.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsth.sys \systemroot\system32\drivers\ovfsthvqmsosauumrkjkwqayeardjdbsitqmtj.sys
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsth.dll \systemroot\system32\ovfsthcvjxaplmxgtfapppjeclkdmnyowykwpp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsthlog.dat \systemroot\system32\ovfsthsafvuxndggsapcmjowcyggvueyqqlyhy.dat
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsthwi.dll \systemroot\system32\ovfsthedygfbmlnkhnakrcfcihdruqblyvfjal.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsthff.dll \systemroot\system32\ovfsthlwsnxlosxyifqsptyjltylxrxwhyqsun.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsth.dat \systemroot\system32\ovfsthvqcoajcnnulityykkuwrdrjnyaivbboo.dat
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0E 0x59 0x30 0x2A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0xC3 0x1F 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDC 0x92 0xB7 0x01 ...
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@imagepath \systemroot\system32\drivers\ovfsthvqmsosauumrkjkwqayeardjdbsitqmtj.sys
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog@inst 0
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@ver sni060409
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@cid 01
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@bid 8399876-3291786437-1093556625-2386094360
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@aid 998
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@sid 3
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@feed 0x22 0x64 0x78 0x36 ...
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@cmddelay 28801
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main@logoffset 123201
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\delete
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\ff
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\ff@extension \\?\C:\Program Files\Mozilla Firefox\extensions\{1C138E0F-A7DA-4C6D-824D-805E82104410}
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\ff@version 1
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\injector
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\injector@iexplore.exe ovfsthwi.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\injector@explorer.exe ovfsthff.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\main\tasks
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsth.sys \systemroot\system32\drivers\ovfsthvqmsosauumrkjkwqayeardjdbsitqmtj.sys
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsth.dll \systemroot\system32\ovfsthcvjxaplmxgtfapppjeclkdmnyowykwpp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsthlog.dat \systemroot\system32\ovfsthsafvuxndggsapcmjowcyggvueyqqlyhy.dat
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsthwi.dll \systemroot\system32\ovfsthedygfbmlnkhnakrcfcihdruqblyvfjal.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsthff.dll \systemroot\system32\ovfsthlwsnxlosxyifqsptyjltylxrxwhyqsun.dll
Reg HKLM\SYSTEM\ControlSet003\Services\ovfsthboyoyixpugpoepvechliefnbgdkadaog\modules@ovfsth.dat \systemroot\system32\ovfsthvqcoajcnnulityykkuwrdrjnyaivbboo.dat
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x0E 0x59 0x30 0x2A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB4 0xC3 0x1F 0x17 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDC 0x92 0xB7 0x01 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Scions of Fate\datas\NCSData\sky\Ã‡Ã˜\xbfÃ€\xb6Ã³\xb1Ã¢\skyday.d2s 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Scions of Fate\datas\NCSData\sky\Ã‡Ã˜\xbfÃ€\xb6Ã³\xb1Ã¢\skyday_back.d2s 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Scions of Fate\datas\NCSData\sky\Ã‡Ã˜\xbfÃ€\xb6Ã³\xb1Ã¢\skyday_bottom.d2s 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Scions of Fate\datas\NCSData\sky\Ã‡Ã˜\xbfÃ€\xb6Ã³\xb1Ã¢\skyday_front.d2s 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Scions of Fate\datas\NCSData\sky\Ã‡Ã˜\xbfÃ€\xb6Ã³\xb1Ã¢\skyday_left.d2s 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Scions of Fate\datas\NCSData\sky\Ã‡Ã˜\xbfÃ€\xb6Ã³\xb1Ã¢\skyday_right.d2s 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Scions of Fate\datas\NCSData\sky\Ã‡Ã˜\xbfÃ€\xb6Ã³\xb1Ã¢\skyday_top.d2s 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\ovfsthvqmsosauumrkjkwqayeardjdbsitqmtj.sys 83968 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\ovfsthcvjxaplmxgtfapppjeclkdmnyowykwpp.dll 60928 bytes executable
File C:\WINDOWS\system32\ovfsthedygfbmlnkhnakrcfcihdruqblyvfjal.dll 18432 bytes executable
File C:\WINDOWS\system32\ovfsthlwsnxlosxyifqsptyjltylxrxwhyqsun.dll 18944 bytes executable
File C:\WINDOWS\system32\ovfsthsafvuxndggsapcmjowcyggvueyqqlyhy.dat 267555 bytes
File C:\WINDOWS\system32\ovfsthvqcoajcnnulityykkuwrdrjnyaivbboo.dat 43 bytes

---- EOF - GMER 1.0.15 ----

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:47:43 PM, on 5/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
\?\globalroot\C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

Versify · 2009/05/19

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\PROGRA~1\DAP\dapiebar.dll (file missing)
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe "
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\Owner\protect.dll,_IWMPEvents@16
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\optnx4q6lo.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\optnx4q6lo.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\547228944.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [A00F1C60BB1.exe] C:\WINDOWS\TEMP\_A00F1C60BB1.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
O16 - DPF: {60F33B36-3E89-48EF-BE77-ACC23A366C2A} (NCLoaderCtl Class) - https://wstatic.plaync.co.kr/common/js/UniUpdTool/NCLoader.5.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

--
End of file - 8332 bytes

broni · 2009/05/19

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Log in or Sign up

Active Google Re-Direct

Versify Inactive Thread Starter

broni Moderator Malware Analyst

Versify Inactive Thread Starter

Versify Inactive Thread Starter

Versify Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Active Google Re-Direct

Versify Inactive Thread Starter

broni Moderator Malware Analyst

Versify Inactive Thread Starter

Versify Inactive Thread Starter

Versify Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches