also @ TechSpot: Exploit allows command prompt to launch at Windows 7 login screen

TechSpot

[Inactive] Help with Family Computer

Discussion in 'Virus and Malware Removal' started by raguv2000, Nov 30, 2010.

Thread Status:
Not open for further replies.

  1. raguv2000 Newcomer, in training

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5220

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    30/11/2010 2:53:23 PM
    mbam-log-2010-11-30 (14-53-23).txt

    Scan type: Quick scan
    Objects scanned: 317863
    Time elapsed: 6 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 108
    Registry Values Infected: 5
    Registry Data Items Infected: 0
    Folders Infected: 47
    Files Infected: 39

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1D74E9DD-8987-448b-B2CB-67FFF2B8A932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{565DD573-549E-4da9-8CD7-6AE3DF25339A} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{877F3EAB-4462-44DF-8475-6064EAFD7FBF} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerBar.FunExplorer (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{3DE88BEB-F271-484A-BA71-01D30F439F0C} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{42C7C39F-3128-4a17-BDB7-91C46032B5B9} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{AC5AB953-ED25-4f9c-87F0-B086B0178FFA} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{6160F76A-1992-4B17-A32D-0C706D159105} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{50AD41D2-B1F0-47CC-9EA7-395355EAEEBD} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{70880CE6-308C-4204-A89E-B266C3F7B7FA} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{03D7FF6E-9781-40B5-BB7F-94291A361604} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8CEB185E-81A5-46D3-BC20-C555D605AFBD} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{CDC73256-A88D-4642-844E-A8F20B76789C} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{D1063603-F045-475F-AFBC-8CBA7D5797FB} (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HotbarWeather.WeatherController.1 (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\HotbarWeather.WeatherController (Adware.Softomate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{A72522BA-9FF3-4C83-ABC6-9B476728A396} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{B72681C0-A222-4b21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{F5B8C69C-9B45-4a6a-9380-DF225C546AE7} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{629CD6C2-E4C5-4554-AEB8-12E4E2CD40FF} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerBar.CMW.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerBar.CMW (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B72681C0-A222-4B21-A0E2-53A5A5CA3D41} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{C5762628-AE15-4ca6-96C4-B00DD17F3419} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{2A743834-05F4-4ed4-8A1C-41332B10AC0C} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1081D532-7DE4-40BD-B912-388FA6B27C78} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerBar.TCP.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerBar.TCP (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAC89FF9-34A9-4431-8CFE-292A47F843BC} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{D062E03E-65CA-49E4-9B15-31938BA98922} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{EB4A577D-BCAD-4b1c-8AF2-9A74B8DD3431} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{883DFC00-8A21-411D-956C-73A4E4B7D16F} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{480098C6-F6AD-4C61-9B5C-2BAE228A34D1} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector.1 (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\ExplorerBar.FunRedirector (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A3E67DAA-DA01-4da5-98BE-3088B554A11E} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D95C7240-0282-4c01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Media Access Startup (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\QueryExplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Seekdns (Adware.Zwangi) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Web Search Operator (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\AppDataLow\SOFTWARE\Internet Today (Adware.DoubleD) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekdns (Adware.Zwangi) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\QuestService Service (Adware.DoubleD) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Value: {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790375B376555234AB96 (Malware.Trace) -> Value: SRS_IT_E8790375B376555234AB96 -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\programdata\queryexplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    c:\programdata\Seekdns (Adware.Zwangi) -> Quarantined and deleted successfully.
    c:\program files\automated content enhancer (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\automated content enhancer\4.1.0.5240 (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\automated content enhancer\4.1.0.5240\FF (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\automated content enhancer\4.1.0.5240\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\automated content enhancer\4.1.0.5240\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\automated content enhancer\4.1.0.5240\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\content management wizard (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\content management wizard\1.1.0.1880 (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\customized platform advancer (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\customized platform advancer\4.1.0.1800 (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\customized platform advancer\4.1.0.1800\FF (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\customized platform advancer\4.1.0.1800\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\customized platform advancer\4.1.0.1800\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\customized platform advancer\4.1.0.1800\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\gameztar toolbar (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files\internet today (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\internet today\1.1.0.1230 (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464} (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    c:\program files\queryexplorer (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    c:\program files\questservice (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files\questservice\questservice_deleted_ (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\program files\Seekdns (Adware.Zwangi) -> Quarantined and deleted successfully.
    c:\program files\textual content provider (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\textual content provider\1.1.0.1610 (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\textual content provider\1.1.0.1610\for_anti_av (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\textual content provider\1.1.0.1610\for_anti_av\1.1.0.1610 (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\web search operator (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\web search operator\3.1.0.1840 (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\web search operator\3.1.0.1840\FF (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\web search operator\3.1.0.1840\FF\chrome (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\web search operator\3.1.0.1840\FF\chrome\content (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\web search operator\3.1.0.1840\FF\components (Adware.Agent) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\Users\Guest\local settings\application data\internet today (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\subhanee.supangan-pc.003\local settings\application data\internet today (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\subhanee.supangan-pc.003\local settings\application data\textual content provider (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\subhanee.supangan-pc.003\local settings\application data\textual content provider\1.1.0.1610 (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\subhanee.supangan-pc.003\local settings\application data\textual content provider\1.1.0.1610\Data (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\Guest\local settings\application data\web search operator (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\Guest\local settings\application data\web search operator\3.1.0.1840 (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\subhanee.supangan-pc.003\local settings\application data\web search operator (Adware.DoubleD) -> Quarantined and deleted successfully.
    c:\Users\subhanee.supangan-pc.003\local settings\application data\web search operator\3.1.0.1840 (Adware.DoubleD) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\web search operator\3.1.0.1840\WSO.dll (Adware.Agent) -> Quarantined and deleted successfully.
    c:\Users\supansan\documents\downloads\popularscreensaverssetup2.3.67.1.zrman000 (1).exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\Users\supansan\documents\downloads\popularscreensaverssetup2.3.67.1.zrman000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    c:\Users\subhanee1\downloads\narutouzumakichronicles2pri-dm.exe (Adware.TryMedia) -> Quarantined and deleted successfully.
    c:\Users\supansan\downloads\setup(2).exe (Rogue.Installer) -> Quarantined and deleted successfully.
    c:\Users\supansan\downloads\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    c:\Users\supangan 1\local settings\application data\opRSK (Malware.Trace) -> Quarantined and deleted successfully.
    c:\programdata\Seekdns\seekdns122.exe (Adware.Zwangi) -> Quarantined and deleted successfully.
    c:\program files\automated content enhancer\4.1.0.5240\acecommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\automated content enhancer\4.1.0.5240\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\automated content enhancer\4.1.0.5240\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\automated content enhancer\4.1.0.5240\FF\chrome\content\ACEAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\automated content enhancer\4.1.0.5240\FF\components\aceffhelpercomponent.js (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\content management wizard\1.1.0.1880\cmwsh.dll (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\customized platform advancer\4.1.0.1800\cpacommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\customized platform advancer\4.1.0.1800\lri.dll (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\customized platform advancer\4.1.0.1800\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\customized platform advancer\4.1.0.1800\FF\chrome\content\CPAAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\customized platform advancer\4.1.0.1800\FF\components\cpaffhelpercomponent.js (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\internet today\1.1.0.1230\internettoday.ico (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\internet today\1.1.0.1230\microsoft.vc80.mfc.manifest (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\internet today\1.1.0.1230\skincrafterdll.dll (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome.manifest (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\install.rdf (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\chrome\queryexplorer.jar (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    c:\program files\mozilla firefox\extensions\{27e679cc-6aab-4b2a-bb87-096fe4178464}\defaults\preferences\prefs.js (Adware.QueryExplorer) -> Quarantined and deleted successfully.
    c:\program files\Seekdns\seekdns.exe (Adware.Zwangi) -> Quarantined and deleted successfully.
    c:\program files\web search operator\3.1.0.1840\wsocommon.dll (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\web search operator\3.1.0.1840\FF\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\web search operator\3.1.0.1840\FF\chrome\content\WSOAddOn.js (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\web search operator\3.1.0.1840\FF\components\wsoffaddon.dll (Adware.Agent) -> Quarantined and deleted successfully.
    c:\program files\web search operator\3.1.0.1840\FF\components\wsoffhelpercomponent.js (Adware.Agent) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\about hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar customer support center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar games!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar uninstall instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\hotbar videos!.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\reset cursor.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    c:\programdata\microsoft\Windows\start menu\Programs\Hotbar\Weather.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
    raguv2000, Nov 30, 2010
    #1

  2. raguv2000 Newcomer, in training

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-11-30 15:18:31
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-75A7B2 rev.01.03B01
    Running: 3tqi8szv.exe; Driver: C:\Users\SUBHAN~1.003\AppData\Local\Temp\pwlyrkow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
    raguv2000, Nov 30, 2010
    #2

  3. raguv2000 Newcomer, in training

    DDS (Ver_10-11-27.01) - NTFSx86
    Run by subhanee at 15:19:03.11 on 30/11/2010
    Internet Explorer: 8.0.6001.18975
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.3036.1993 [GMT -5:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\conime.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\subhanee.supangan-PC.003\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page =
    uStart Page = hxxp://www.theprizeday.com/today.php
    uDefault_Page_URL = hxxp://everythingy.com/ie/home
    uSearch Bar =
    mStart Page = hxxp://www.myfastwebsearch.com/
    mSearch Page = ${URL_SEARCHPAGE}
    uInternet Settings,ProxyOverride = <local>;*.local
    mSearchAssistant = hxxp://www.myfastwebsearch.com/
    mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80228
    uURLSearchHooks: N/A: {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\toolbar\ctbr.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\toolbar\ctbr.dll
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [RebateInformer] c:\progra~1\rebate~1\REBATE~1.EXE /STARTUP
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [RGSC] c:\program files\rockstar games\rockstar games social club\RGSCLauncher.exe /silent
    uRun: [Google Update] "c:\users\subhanee.supangan-pc.003\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\users\subhan~1.003\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Crawler Search - tbr:iemenu
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {15BE8BEE-4105-4A79-B385-25068AA967DB} - hxxp://us1.iradiopop.com/IRD/pages/VBIMDPlayer.CAB
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} -
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\subhan~1.003\appdata\roaming\mozilla\firefox\profiles\dm2ge96q.default\
    FF - prefs.js: browser.search.selectedEngine - MyWebSearch
    FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
    FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm491YECA&fl=0&ptb=Aa_F_69IO8DVyre0pSA.hQ&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77c0c093&searchfor=
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\nppanda3d.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\subhanee.supangan-pc.003\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\subhan~1.003\appdata\roaming\mozilla\firefox\profiles\dm2ge96q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

    ============= SERVICES / DRIVERS ===============

    R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2009-6-13 81920]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-30 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-30 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-30 60936]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
    R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1ca6538101039a3;Google Update Service (gupdate1ca6538101039a3);c:\program files\google\update\GoogleUpdate.exe [2009-11-14 133104]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
    S3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\drivers\mr97310c.sys [2008-3-27 116992]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 TridVidx86;Trident TVMaster TM6000 Analog plus Digital Video Service x86;c:\windows\system32\drivers\TridVidx86.sys [2007-7-31 163456]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-11-30 06:38:41 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
    2010-11-30 06:38:39 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b16cbe82-99b8-48d4-9a67-022e29fdd6c8}\mpengine.dll
    2010-11-30 06:38:39 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-11-30 06:28:22 -------- d-----w- c:\windows\en
    2010-11-30 06:18:11 15712 ----a-w- c:\program files\common files\windows live\.cache\5c80be4c1cb905601\MeshBetaRemover.exe
    2010-11-30 06:09:35 2048 ----a-w- c:\windows\system32\winrsmgr.dll
    2010-11-30 05:34:29 -------- d-----w- c:\program files\Windows Portable Devices
    2010-11-30 05:31:12 -------- d-----w- c:\users\subhan~1.003\appdata\roaming\Avira
    2010-11-30 05:24:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-11-30 05:24:09 -------- d-----w- c:\program files\Avira
    2010-11-30 05:24:09 -------- d-----w- c:\progra~2\Avira
    2010-11-30 05:19:55 -------- d-----w- c:\users\subhan~1.003\appdata\roaming\Multi File Downloader
    2010-11-30 05:17:10 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-11-30 05:17:10 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-11-30 05:17:10 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-11-30 05:17:06 469256 ----a-w- c:\program files\common files\windows live\.cache\d2f6e9ad1cb904d08\InstallManager_WLE_WLE.exe
    2010-11-30 05:16:56 94040 ----a-w- c:\program files\common files\windows live\.cache\cc2adc8d1cb904d06\DSETUP.dll
    2010-11-30 05:16:56 525656 ----a-w- c:\program files\common files\windows live\.cache\cc2adc8d1cb904d06\DXSETUP.exe
    2010-11-30 05:16:56 1691480 ----a-w- c:\program files\common files\windows live\.cache\cc2adc8d1cb904d06\dsetup32.dll
    2010-11-30 05:16:48 94040 ----a-w- c:\program files\common files\windows live\.cache\c8e759ed1cb904d03\DSETUP.dll
    2010-11-30 05:16:48 525656 ----a-w- c:\program files\common files\windows live\.cache\c8e759ed1cb904d03\DXSETUP.exe
    2010-11-30 05:16:48 1691480 ----a-w- c:\program files\common files\windows live\.cache\c8e759ed1cb904d03\dsetup32.dll
    2010-11-30 05:16:34 -------- d-----w- c:\users\subhan~1.003\appdata\local\Windows Live
    2010-11-30 05:15:45 754688 ----a-w- c:\windows\system32\webservices.dll
    2010-11-30 05:15:19 92672 ----a-w- c:\windows\system32\UIAnimation.dll
    2010-11-30 05:15:19 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2010-11-30 05:15:18 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
    2010-11-30 05:13:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
    2010-11-30 05:12:37 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2010-11-30 05:12:37 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    2010-11-30 05:12:37 234496 ----a-w- c:\windows\system32\oleacc.dll
    2010-11-30 04:59:43 -------- d-----w- c:\users\subhan~1.003\appdata\roaming\Malwarebytes
    2010-11-30 04:59:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-30 04:59:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-11-30 03:37:26 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-11-29 22:33:27 -------- d-----w- c:\windows\system32\vi-VN
    2010-11-29 22:33:27 -------- d-----w- c:\windows\system32\eu-ES
    2010-11-29 22:33:27 -------- d-----w- c:\windows\system32\ca-ES
    2010-11-29 21:22:19 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-11-29 21:21:23 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-11-06 16:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-11-06 16:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

    ==================== Find3M ====================

    2010-09-23 05:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-23 05:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
    2009-12-11 01:48:57 1974352 ----a-w- c:\program files\VisualBoyAdvance.exe

    ============= FINISH: 15:20:15.29 ===============
    raguv2000, Nov 30, 2010
    #3

  4. raguv2000 Newcomer, in training

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-27.01)

    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume3
    Install Date: 13/06/2009 11:02:24 AM
    System Uptime: 30/11/2010 2:55:50 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0U880P
    Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2500/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 451 GiB total, 255.841 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 10.185 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    100% Free Chess 7.30
    1912 Titanic Mystery
    AAC Decoder
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft PhotoImpression 4
    AREA-51 (remove only)
    Ares 2.1.2
    AutoUpdate
    Avira AntiVir Personal - Free Antivirus
    BigFoot 4x4 Challenge
    Bonjour
    Cheat Engine 5.5
    Combat Wings - Battle of Britain Arcade Edition (remove only)
    Combined Community Codec Pack 2008-01-24
    Compatibility Pack for the 2007 Office system
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726)
    Dell-eBay
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Resource CD
    DigimonBattle Beta
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Plus Web Player
    DivX Version Checker
    Duelpro 2009
    EA SPORTS online 2006
    GameSpy Arcade
    Google Chrome
    Google Earth
    Google Update Helper
    Grand Theft Auto IV
    GTA2
    gtaTournament Client
    gtaTournament Server
    H.264 Decoder
    Heroes In the Sky
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    iTunes
    Java(TM) 6 Update 11
    Junk Mail filter update
    Kaiba Corp Virtual Duel System 1.14
    Kill Deal
    KingMania
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Halo Trial
    Microsoft Interactive Training
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    MKV Splitter
    MLB.com Shuffle 07 (remove only)
    Monopoly Here & Now Edition (remove only)
    Monopoly Tycoon
    Mozilla Firefox (3.6.12)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MY CAMERA
    Nanovor
    Naruto Uzumaki Chronicles 2 Prima Official eGuide (remove only)
    NHL06
    Norton Security Scan
    ONIMUSHA3 PC
    Operation
    Panda3D Game Engine
    Pando Media Booster
    PCTuneUp
    Pokedexer
    Pokemon Light
    Pokemon PC 1.8
    Pokemon World Online 1.52
    POKéMON Simulator 4.5
    PowerDVD
    Princess Isabella
    Project64 1.6
    QuickTime
    Realtek High Definition Audio Driver
    Rockstar Games Social Club
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Sacred
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Segoe UI
    Shockwave
    Shoddy Battle (a FREE GNU licensed Online Pokemon Battle Simula
    Sketchpad
    Skype web features
    Skype™ 4.1
    SoulMaster
    Spelling Dictionaries Support For Adobe Reader 9
    TV
    U3Launcher
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC80CRTRedist - 8.0.50727.4053
    Winamp
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    Xvid 1.2.1 final uninstall
    Yu-Gi-Oh! ONLINE 2

    ==== End Of File ===========================
    raguv2000, Nov 30, 2010
    #4

  5. raguv2000 Newcomer, in training

    Thanks a lot...cousins filled it with malware... just trying to clean it up
    raguv2000, Nov 30, 2010
    #5

  6. Broni Malware Annihilator

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
    Broni, Dec 1, 2010
    #6

  7. raguv2000 Newcomer, in training

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Basic Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Inspiron 537s
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 134):
    0x81E1E000 \SystemRoot\system32\ntkrnlpa.exe
    0x821D7000 \SystemRoot\system32\hal.dll
    0x80401000 \SystemRoot\system32\kdcom.dll
    0x80408000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80478000 \SystemRoot\system32\PSHED.dll
    0x80489000 \SystemRoot\system32\BOOTVID.dll
    0x80491000 \SystemRoot\system32\CLFS.SYS
    0x804D2000 \SystemRoot\system32\CI.dll
    0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80689000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80696000 \SystemRoot\system32\drivers\acpi.sys
    0x806DC000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x806E5000 \SystemRoot\system32\drivers\msisadrv.sys
    0x806ED000 \SystemRoot\system32\drivers\pci.sys
    0x80714000 \SystemRoot\System32\drivers\partmgr.sys
    0x80723000 \SystemRoot\system32\drivers\volmgr.sys
    0x80732000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8077C000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x80783000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x80791000 \SystemRoot\system32\drivers\pciide.sys
    0x80798000 \SystemRoot\System32\drivers\mountmgr.sys
    0x807A8000 \SystemRoot\system32\drivers\atapi.sys
    0x807B0000 \SystemRoot\system32\drivers\ataport.SYS
    0x807CE000 \SystemRoot\system32\drivers\fltmgr.sys
    0x805B2000 \SystemRoot\system32\drivers\fileinfo.sys
    0x80600000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x89C05000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x89C76000 \SystemRoot\system32\drivers\ndis.sys
    0x89D81000 \SystemRoot\system32\drivers\msrpc.sys
    0x89DAC000 \SystemRoot\system32\drivers\NETIO.SYS
    0x89E07000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x89F17000 \SystemRoot\system32\drivers\volsnap.sys
    0x89F50000 \SystemRoot\System32\Drivers\spldr.sys
    0x89F58000 \SystemRoot\System32\Drivers\mup.sys
    0x89F67000 \SystemRoot\System32\drivers\ecache.sys
    0x89F8E000 \SystemRoot\system32\drivers\disk.sys
    0x89F9F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x89FC0000 \SystemRoot\system32\drivers\crcdisk.sys
    0x89FE9000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x89FF4000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x89DE7000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8DA0C000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x8E329000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8E3CA000 \SystemRoot\System32\drivers\watchdog.sys
    0x8E80D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8E89A000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
    0x8E8DB000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8E8E6000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8E924000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8E933000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8E94B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x8E951000 \SystemRoot\system32\DRIVERS\serscan.sys
    0x8E959000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8E988000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8E9C9000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8E9D4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8E9EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8E3D6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x805C2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x805D1000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x805E5000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8EC02000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8EC12000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8EC1D000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8EC28000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8EC2A000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8EC54000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8EC5E000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8EC6B000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8ECA0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8EE0C000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x8F041000 \SystemRoot\system32\drivers\portcls.sys
    0x8F06E000 \SystemRoot\system32\drivers\drmk.sys
    0x8F093000 \??\C:\Windows\system32\drivers\ACEDRV05.sys
    0x8F0F2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8F0FB000 \SystemRoot\System32\Drivers\Null.SYS
    0x8F102000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8F112000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8F119000 \SystemRoot\System32\drivers\vga.sys
    0x8F125000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8F146000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8F14E000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8F156000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8F161000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8F16F000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8ECB1000 \SystemRoot\System32\drivers\tcpip.sys
    0x8F178000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8F193000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8F1A9000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8ED9B000 \SystemRoot\system32\drivers\afd.sys
    0x8F1BD000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8F1EF000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x8EDE3000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8F404000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8F412000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8F425000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0x8F42B000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8F467000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8F471000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8F488000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x8F4AB000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8F4B8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8F4C3000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x8F4CB000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8F4D4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8F4E4000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8F4E6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x8F4EF000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x80C60000 \SystemRoot\System32\win32k.sys
    0x8F4F7000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8F501000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x80E80000 \SystemRoot\System32\TSDDD.dll
    0x80EA0000 \SystemRoot\System32\cdd.dll
    0x8F510000 \SystemRoot\system32\drivers\luafv.sys
    0x8F52B000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x8F540000 \SystemRoot\system32\drivers\spsys.sys
    0x8F5F0000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x89FC9000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xAB00E000 \SystemRoot\system32\drivers\HTTP.sys
    0xAB07B000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xAB098000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xAB0B1000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xAB0C6000 \SystemRoot\system32\drivers\mrxdav.sys
    0xAB0E7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xAB106000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xAB13F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xAB157000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xAB17F000 \SystemRoot\System32\DRIVERS\srv.sys
    0xAE004000 \SystemRoot\system32\drivers\peauth.sys
    0xAE0E2000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xAE0EC000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xAE0F8000 \SystemRoot\System32\Drivers\fastfat.SYS
    0xAE120000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x779C0000 \Windows\System32\ntdll.dll

    Processes (total 65):
    0 System Idle Process
    4 System
    424 C:\Windows\System32\smss.exe
    556 csrss.exe
    600 C:\Windows\System32\wininit.exe
    608 csrss.exe
    648 C:\Windows\System32\services.exe
    672 C:\Windows\System32\winlogon.exe
    696 C:\Windows\System32\lsass.exe
    708 C:\Windows\System32\lsm.exe
    864 C:\Windows\System32\svchost.exe
    944 C:\Windows\System32\svchost.exe
    980 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32\svchost.exe
    1104 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\svchost.exe
    1232 C:\Windows\System32\audiodg.exe
    1260 C:\Windows\System32\svchost.exe
    1276 C:\Windows\System32\SLsvc.exe
    1304 C:\Windows\System32\svchost.exe
    1392 C:\Program Files\Dell\DellDock\DockLogin.exe
    1472 C:\Windows\System32\svchost.exe
    1668 C:\Windows\System32\spoolsv.exe
    1692 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1704 C:\Windows\System32\svchost.exe
    2004 C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    2032 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    268 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    284 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    516 C:\Windows\System32\dwm.exe
    548 C:\Windows\System32\taskeng.exe
    592 C:\Windows\explorer.exe
    996 C:\Windows\System32\taskeng.exe
    772 C:\Program Files\Bonjour\mDNSResponder.exe
    2084 C:\Windows\System32\svchost.exe
    2108 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    2296 C:\Windows\System32\svchost.exe
    2336 C:\Windows\System32\svchost.exe
    2436 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2480 C:\Windows\System32\SearchIndexer.exe
    2724 C:\Program Files\Windows Defender\MSASCui.exe
    2732 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2748 C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
    2772 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2860 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    2884 C:\Windows\System32\hkcmd.exe
    2908 C:\Windows\System32\igfxpers.exe
    2960 C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
    2984 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3068 C:\Program Files\Dell\DellDock\DellDock.exe
    3112 C:\Program Files\iTunes\iTunesHelper.exe
    3128 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3176 C:\Users\subhanee.supangan-PC.003\AppData\Local\Google\Update\GoogleUpdate.exe
    3404 C:\Windows\System32\conime.exe
    3776 C:\Windows\System32\svchost.exe
    3900 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2384 WmiPrvSE.exe
    3428 C:\Program Files\iPod\bin\iPodService.exe
    3984 C:\Windows\System32\svchost.exe
    2932 C:\Program Files\Internet Explorer\ielowutil.exe
    3312 C:\Windows\System32\msiexec.exe
    3772 C:\Windows\System32\SearchProtocolHost.exe
    3204 C:\Windows\System32\SearchFilterHost.exe
    3076 C:\Program Files\Mozilla Firefox\firefox.exe
    2532 C:\Users\subhanee.supangan-PC.003\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`c3700000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`03700000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD5000AAKS-75A7B2, Rev: 01.03B01

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
    raguv2000, Dec 1, 2010
    #7

  8. Broni Malware Annihilator

    That looks good :)
    Broni, Dec 1, 2010
    #8

  9. raguv2000 Newcomer, in training

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/01/2010 at 03:12 AM

    Application Version : 4.46.1000

    Core Rules Database Version : 5934
    Trace Rules Database Version: 3746

    Scan type : Complete Scan
    Total Scan Time : 01:48:46

    Memory items scanned : 279
    Memory threats detected : 0
    Registry items scanned : 8402
    Registry threats detected : 24
    File items scanned : 229534
    File threats detected : 3

    Adware.HBHelper
    HKU\S-1-5-21-3795636149-1565154725-1217556812-1025\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
    HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}

    Adware.MyWebSearch/FunWebProducts
    HKU\S-1-5-21-3795636149-1565154725-1217556812-1025\SOFTWARE\FunWebProducts
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version

    Adware.Zango/ShoppingReport
    HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}
    HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\ProxyStubClsid
    HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\ProxyStubClsid32
    HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\TypeLib
    HKCR\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}\TypeLib#Version
    HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}
    HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid
    HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\ProxyStubClsid32
    HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\TypeLib
    HKCR\Interface\{67B3BECF-7B6F-42B2-99F0-F7656F89CFFA}\TypeLib#Version
    HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}
    HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\ProxyStubClsid
    HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\ProxyStubClsid32
    HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\TypeLib
    HKCR\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}\TypeLib#Version

    Malware.Trace
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon#Taskman

    Trojan.Unclassified/Loader-Suspicious
    C:\CDHOME\BLUE\LOADER.EXE
    C:\CDHOME\RED\LOADER.EXE

    Trojan.Agent/Gen-Falprod
    C:\USERS\SUPANGAN 1\DOCUMENTS\WINDS PRO\EMU\NO$GBA\NGZOOM.DLL
    raguv2000, Dec 1, 2010
    #9

  10. Broni Malware Annihilator

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
    Broni, Dec 1, 2010
    #10
Thread Status:
Not open for further replies.