Please help to get rid of win32:malware-gen and win32:DNSChanger-Vj

Inactive
By differencemaker
Jun 12, 2012
Topic Status:
Not open for further replies.
  1. My computer randomly freezes for a few seconds at a time every so often. Also Avast keeps popping up saying that I am infected with those two viruses.

    I went through the 5 step tool for preliminary removal and I will post the logs:

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.12.03

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Jon :: JON-PC [administrator]

    12/06/2012 9:22:05 AM
    mbam-log-2012-06-12 (09-22-05).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 242861
    Time elapsed: 5 minute(s), 40 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 10
    HKLM\SYSTEM\CurrentControlSet\Services\Adobe Licensing Console (Trojan.Clicker.CT) -> Quarantined and deleted successfully.
    HKCR\CLSID\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044044435} (PUP.Codec.PR) -> Quarantined and deleted successfully.
    HKCR\Interface\{55555555-5555-5555-5555-550055045535} (PUP.Codec.PR) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011041135} (PUP.Codec.PR) -> Quarantined and deleted successfully.
    HKCU\Software\Topckit (PUP.Topckit) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A6546D9D-7890-4A2D-ADDB-29DF0EB1DD4B}_is1 (PUP.Topckit) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Program Files (x86)\Topckit (PUP.Topckit) -> Quarantined and deleted successfully.

    Files Detected: 10
    C:\Windows\System32\msvfd32.exe (Trojan.Clicker.CT) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Premiumplay Codec-C\Premiumplay Codec-C.dll (PUP.Codec.PR) -> Quarantined and deleted successfully.
    C:\Users\Jon\Downloads\Codec-C.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{3a99da61-544b-6206-9f81-85b28f61781b}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Topckit\ObjClsID.dll (PUP.Topckit) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Topckit\Topckit_2012.exe (PUP.Topckit) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Topckit\unins000.dat (PUP.Topckit) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Topckit\unins000.exe (PUP.Topckit) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Topckit\UpdateInfo.ini (PUP.Topckit) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Topckit\UpdatePro.exe (PUP.Topckit) -> Quarantined and deleted successfully.

    (end)

    The gmer.log log was empty.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Jon at 9:41:31 on 2012-06-12
    .
    ============== Running Processes ===============
    .
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Users\Jon\Downloads\dds.scr
    C:\Windows\SysWOW64\ping.exe
    C:\Windows\SysWOW64\conime.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    uSearch Page =
    uSearch Bar =
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: IEToolbarEngine.ShowToolbarBHO: {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Jon\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    TB: Element TotalProtect: {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Download all by FlashGet3 - C:\Users\Jon\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - C:\Users\Jon\AppData\Roaming\FlashGetBHO\GetUrl.htm
    IE: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSP: mswsock.dll
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
    TCP: Interfaces\{08368E93-3FA1-420A-B715-CC1AD99CCACE} : DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194
    TCP: Interfaces\{6E236F85-F5C1-435F-991B-98DB4B3B1E68} : NameServer = 192.168.0.1
    TCP: Interfaces\{A6236A01-310C-4749-B7F0-B63823C93DCA} : NameServer = 192.168.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: IEToolbarEngine.ShowToolbarBHO: {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Jon\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
    BHO-X64: FlashGetBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
    TB-X64: Element TotalProtect: {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2427707&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://search.swagbucks.com/
    FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
    FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Jon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(extensions.BabylonToolbar_i.babTrack, tt=090212_noffx
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.id - 06a578e700000000000000ff38ebd3a7
    FF - user.js: extensions.BabylonToolbar_i.hardId - 06a578e700000000000000ff38ebd3a7
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15389
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:23:34
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
    R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
    R? cpuz134;cpuz134
    R? DigiartyVirtualCDBus;Digiarty Virtual Driver
    R? fssfltr;fssfltr
    R? fsssvc;Windows Live Family Safety Service
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? KMService;KMService
    R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
    R? MozillaMaintenance;Mozilla Maintenance Service
    R? MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver
    R? Norton Internet Security;Norton Internet Security
    R? osppsvc;Office Software Protection Platform
    R? PCDSRVC{4942F9C0-0B403F17-06000000}_0;PCDSRVC{4942F9C0-0B403F17-06000000}_0 - PCDR Kernel Mode Service Helper Driver
    R? PerfHost;Performance Counter DLL Host
    R? USBAAPL64;Apple Mobile USB Driver
    R? vcd10bus;Virtual CD v10 Bus Enumerator
    R? wlcrasvc;Windows Live Mesh remote connections service
    R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
    S? AdobeARMservice;Adobe Acrobat Update Service
    S? aswFsBlk;aswFsBlk
    S? aswMonFlt;aswMonFlt
    S? aswSnx;aswSnx
    S? aswSP;aswSP
    S? avast! Antivirus;avast! Antivirus
    S? BCMH43XX;Broadcom 802.11 USB Network Adapter Driver
    S? FontCache;Windows Font Cache Service
    S? NBVol;Nero Backup Volume Filter Driver
    S? NBVolUp;Nero Backup Volume Upper Filter Driver
    S? NGRegClnSrv;NETGATE Registry Cleaner Service
    S? NVHDA;Service for NVIDIA High Definition Audio Driver
    S? nvUpdatusService;NVIDIA Update Service Daemon
    S? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
    .
    =============== File Associations ===============
    .
    JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    2012-06-12 13:21:30 -------- d-----w- C:\Users\Jon\AppData\Roaming\Malwarebytes
    2012-06-12 13:21:24 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-12 13:21:23 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-12 13:21:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-12 02:20:42 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
    2012-06-12 00:19:35 -------- d-----w- C:\Users\Jon\AppData\Local\Macromedia
    2012-06-06 11:45:00 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-06 11:44:59 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-05 14:40:09 -------- d-----w- C:\Users\Jon\AppData\Local\FLT
    2012-06-05 14:38:08 -------- d-----w- C:\Program Files (x86)\Who Wants To Be A Millionaire Special Editions
    2012-06-04 17:59:56 -------- d-----w- C:\Users\Jon\AppData\Roaming\GetRight
    2012-06-04 17:59:48 -------- d-----w- C:\Program Files (x86)\GetRight
    2012-06-03 14:58:08 -------- d-----w- C:\Users\Jon\preschool packs
    2012-05-26 02:34:21 -------- d-----w- C:\Alan Wake American Nightmare
    2012-05-25 19:38:28 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-05-25 19:38:28 63296 ----a-w- C:\Windows\System32\nvshext.dll
    2012-05-25 19:38:28 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-05-25 19:38:28 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-05-25 19:38:28 118080 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-05-16 14:15:19 -------- d-----r- C:\Users\Jon\Dropbox
    2012-05-16 14:13:43 -------- d-----w- C:\Program Files (x86)\Dropbox
    2012-05-16 14:13:07 -------- d-----w- C:\Users\Jon\AppData\Roaming\Dropbox
    2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    .
    ==================== Find3M ====================
    .
    2012-06-11 23:12:04 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-11 23:12:04 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 15:35:11 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-25 03:00:40 71 ----a-w- C:\Users\Jon\walkingdead.bat
    2012-04-18 17:08:08 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
    2012-04-18 17:08:03 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2012-04-18 17:08:02 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2012-04-11 00:37:58 1313792 ----a-w- C:\Windows\System32\ac3filter64.acm
    2012-04-11 00:31:14 1075200 ----a-w- C:\Windows\SysWow64\ac3filter.acm
    2012-04-03 08:22:15 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-04-02 13:59:51 2766848 ----a-w- C:\Windows\System32\win32k.sys
    2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-03-22 18:00:00 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
    2012-03-15 12:51:02 24928 ----a-w- C:\Windows\System32\novamnp7.dll
    2012-03-15 12:51:02 21856 ----a-w- C:\Windows\System32\novamip7.dll
    .
    ============= FINISH: 9:43:53.69 ===============

    .
    ==== Installed Programs ======================
    .
    .
    50 FREE MP3s +1 Free Audiobook!
    AC3Filter 2.1a
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Community Help
    Adobe Digital Editions
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader X (10.1.3)
    Alan Wake American Nightmare
    ALWIL Software Security 4.8.1296.0
    Angry Birds Rio
    Angry Birds Space
    Ant Movie Catalog
    Apple Application Support
    Apple Software Update
    ASIO4ALL
    µTorrent
    Audials
    Audials TV
    avast! Free Antivirus
    ƒyƒCƒ“ƒgƒc[ƒ‹SAI Ver.1
    Batman: Arkham Asylum
    BlackBerry Desktop Software 6.1
    calibre
    CBR Reader
    Compatibility Pack for the 2007 Office system
    ConvertXtoDVD 4.1.7.343
    CopyTrans Suite Remove Only
    Coupon Printer for Windows
    CyberLink DVD Suite Deluxe
    D3DX10
    DAEMON Tools Toolbar
    Default Manager
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DirectX for Managed Code Update (Summer 2004)
    DivX Converter
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    DJ Jukebox
    DOC to Image Converter 2.00
    Dropbox
    EA Download Manager
    EA Download Manager UI
    Element Anti-Virus 2011
    Element Anti-Virus ID Protection
    EVGA Precision 1.8.1
    Fallout New Vegas
    FL Studio 10
    FlashGet 3.7
    Folding@home-x86
    foldit
    FoxyTunes for Firefox
    Free PS Convert driver 8.15
    FrostWire 5.3.5
    GetRight
    Google Chrome
    Google Earth Plug-in
    Google Talk Plugin
    Google Update Helper
    Grand Theft Auto IV
    Grand Theft Auto: Episodes from Liberty City
    HandBrake 0.9.5
    Hells Kitchen
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Advisor
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP Odometer
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Support Information
    HP Update
    HPAsset component for HP Active Support Library
    I Translate version 1.0
    iCopyExpert 3.1.2
    IL Download Manager
    iPod To Computer Transfer 6.1
    Java Auto Updater
    Java(TM) 6 Update 31
    JumpStart Advanced PreSchool Explore and Learn
    Junk Mail filter update
    K-Lite Mega Codec Pack 8.6.0
    Kobo
    L.A. Noire
    LAME v3.98.3 for Audacity
    Left 4 Dead 2
    LightScribe System Software
    Magic DVD Ripper V4.2.4
    Major League Baseball 2K11
    Major League Baseball 2K12
    Malwarebytes Anti-Malware version 1.61.0.1400
    Maxis\The Sims 8 in 1
    Mesh Runtime
    Messenger Companion
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Live Search Toolbar
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ Run Time Lib Setup
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Movienizer 3.2
    Mozilla Firefox 13.0 (x86 en-US)
    Mozilla Maintenance Service
    MSVC80_x86
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NBA 2K12
    Need for Speed(TM) Hot Pursuit
    Need For Speed™ World
    Nero 7 Ultra Edition
    neroxml
    Next DVD Ripper 3.51
    NHL® 09
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    OJOsoft Total Video Converter
    OnLive
    OpenAL
    OpenOffice.org 3.4
    PC Connectivity Solution
    PCiPod
    PDFZilla V1.2.9
    PFConfig 1.0.275
    PFPortChecker 1.0.39
    PictureMover
    Portforward Static IP Address 1.0.45
    PowerISO
    Premiumplay Codec-C
    Project64 1.6
    Python 2.6 pywin32-212
    Python 2.6.1
    QuickTime
    Realtek High Definition Audio Driver
    Rockstar Games Social Club
    RPS CRT
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Segoe UI
    Sid Meier's Civilization 4
    Skype Toolbars
    Skype™ 5.2
    Steam
    SWF & FLV Player 3.0 (build 3.0.33.5106)
    Switch Sound File Converter
    TagJet 2.1
    The Walking Dead (c) 3 version 1
    Tree Notes 2.53
    Ubisoft Game Launcher
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    VC80CRTRedist - 8.0.50727.6195
    VLC media player 1.1.0
    WavePad Sound Editor
    Who Wants To Be A Millionaire? Special Editions
    Winamp
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    XBMC
    You Don't Know Jack®
    Zinio Reader 4
    .
    ==== End Of File ===========================

    Thank you in advance and hopefully we can get rid of the viruses.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Welcome to TechSpot! I'll help with the malware.

    You have a great number of processes running and the system is badly infected.

    P2P or 'file sharing' Warning:
    Note: Even if you are using a "safe" P2P program, it is only the program that is safe. I see uTorrent- there may be others as it appears you may have a language other than English on the system:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.
    Please read the information on P2P Warning to help you better understand these dangers.
    ====================================================
    We'll start here:
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------

    • Download Combofix from HERE or HEREand save to the desktop
      • Double click combofix.exe [​IMG]& follow the prompts.
      • If prompted for Recovery Console, please allow.
      • Once installed, you should see a blue screen prompt that says:
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.
      • Note: No query will be made if the Recovery Console is already on the system.
    • Close any open browsers.
    • Before you run the Combofix scan, please disable any security software you have running.
      (If you need help with this, please see HERE)
    • Click on Yes, to continue scanning for malware
    • If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
    ==============================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =================================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
    =========================================
    Please leave the logs for Combofix and Eset in your next reply.
  3. differencemaker

    differencemaker Newcomer, in training Topic Starter

    Hi Thanks for your quick response.

    I was able to run both scans. Although after I ran the Combofix I got the BSOD, but only once.

    Here are the logs:

    ComboFix 12-06-12.03 - Jon 12/06/2012 22:32:00.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.6142.4611 [GMT -4:00]
    Running from: C:\Users\Jon\Downloads\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Install.exe
    C:\ProgramData\100
    C:\Users\Jon\AppData\Roaming\chrtmp
    C:\Users\Jon\AppData\Roaming\inst.exe
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome.manifest
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\background.html
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\browser.xul
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossrider.js
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\crossriderapi.js
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\dialog.js
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\lib\faye-browser-min.js
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\manage-apps-style.css
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\manage-apps.html
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\messaging.js
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.js
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\options.xul
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\push.html
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\search_dialog.xul
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\chrome\content\update.html
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\defaults\preferences\prefs.js
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\install.rdf
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\locale\en-US\translations.dtd
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\button1.png
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\button2.png
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\button3.png
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\button4.png
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\button5.png
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\crossrider_statusbar.png
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\icon128.png
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\icon16.png
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\icon24.png
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\icon48.png
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\panelarrow-up.png
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\popup.css
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\popup.html
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\popup_binding.xml
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\skin.css
    C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\aifar5pd.default\extensions\crossriderapp435@crossrider.com\skin\update.css
    C:\Users\Jon\AppData\Roaming\vso_ts_preview.xml
    C:\Users\Jon\Desktop\Setup.exe
    C:\Windows\assembly\GAC_32\Desktop.ini
    C:\Windows\assembly\GAC_64\Desktop.ini
    C:\Windows\Installer\{3a99da61-544b-6206-9f81-85b28f61781b}\@
    C:\Windows\Installer\{3a99da61-544b-6206-9f81-85b28f61781b}\L\00000004.@
    C:\Windows\Installer\{3a99da61-544b-6206-9f81-85b28f61781b}\L\1afb2d56
    C:\Windows\Installer\{3a99da61-544b-6206-9f81-85b28f61781b}\U\00000004.@
    C:\Windows\Installer\{3a99da61-544b-6206-9f81-85b28f61781b}\U\00000008.@
    C:\Windows\Installer\{3a99da61-544b-6206-9f81-85b28f61781b}\U\000000cb.@
    C:\Windows\Installer\{3a99da61-544b-6206-9f81-85b28f61781b}\U\80000000.@
    C:\Windows\Installer\{3a99da61-544b-6206-9f81-85b28f61781b}\U\80000032.@
    C:\Windows\Installer\{3a99da61-544b-6206-9f81-85b28f61781b}\U\80000064.@
    C:\Windows\SysWow64\avisynth.dll
    C:\Windows\SysWow64\devil.dll
    C:\Windows\SysWow64\Packet.dll
    C:\Windows\SysWow64\pthreadVC.dll
    C:\Windows\SysWow64\wpcap.dll

    C:\Windows\system32\Services.exe . . . is infected!!


    ((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 )))))))))))))))))))))))))))))))


    2012-06-13 02:54:13 . 2012-06-13 02:56:38 -------- d-----w- C:\Users\Jon\AppData\Local\temp
    2012-06-13 02:54:13 . 2012-06-13 02:54:13 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2012-06-13 02:22:38 . 2012-06-13 02:22:38 -------- d-----w- C:\Program Files (x86)\ESET
    2012-06-12 23:48:57 . 2012-06-12 23:48:57 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-06-12 16:01:08 . 2012-06-12 16:01:08 -------- d-----w- C:\Users\Jon\AppData\Roaming\OpenOffice.org
    2012-06-12 13:21:30 . 2012-06-12 13:21:30 -------- d-----w- C:\Users\Jon\AppData\Roaming\Malwarebytes
    2012-06-12 13:21:24 . 2012-06-12 13:21:24 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-12 13:21:23 . 2012-06-12 13:21:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-12 13:21:23 . 2012-04-04 19:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
    2012-06-12 02:20:42 . 2012-06-12 02:20:44 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
    2012-06-12 00:19:35 . 2012-06-12 00:19:35 -------- d-----w- C:\Users\Jon\AppData\Local\Macromedia
    2012-06-06 11:45:00 . 2012-06-06 11:45:00 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-06 11:44:59 . 2012-06-06 11:45:00 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-05 14:40:09 . 2012-06-05 14:40:09 -------- d-----w- C:\Users\Jon\AppData\Local\FLT
    2012-06-05 14:38:08 . 2012-06-05 14:38:53 -------- d-----w- C:\Program Files (x86)\Who Wants To Be A Millionaire Special Editions
    2012-06-04 17:59:56 . 2012-06-04 18:00:03 -------- d-----w- C:\Users\Jon\AppData\Roaming\GetRight
    2012-06-04 17:59:48 . 2012-06-04 17:59:50 -------- d-----w- C:\Program Files (x86)\GetRight
    2012-06-03 14:58:08 . 2012-06-03 15:04:00 -------- d-----w- C:\Users\Jon\preschool packs
    2012-05-26 02:34:21 . 2012-05-26 02:35:40 -------- d-----w- C:\Alan Wake American Nightmare
    2012-05-25 19:40:42 . 2012-05-31 19:07:05 -------- d-----w- C:\Users\UpdatusUser
    2012-05-25 19:38:28 . 2012-05-15 09:29:47 889664 ----a-w- C:\Windows\system32\nvvsvc.exe
    2012-05-25 19:38:28 . 2012-05-15 09:29:46 63296 ----a-w- C:\Windows\system32\nvshext.dll
    2012-05-25 19:38:28 . 2012-05-15 09:29:46 118080 ----a-w- C:\Windows\system32\nvmctray.dll
    2012-05-25 19:38:28 . 2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\system32\nvsvc64.dll
    2012-05-25 19:38:28 . 2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\system32\nvcpl.dll
    2012-05-16 14:15:19 . 2012-05-28 21:37:34 -------- d-----r- C:\Users\Jon\Dropbox
    2012-05-16 14:13:43 . 2012-05-16 14:13:43 -------- d-----w- C:\Program Files (x86)\Dropbox
    2012-05-16 14:13:07 . 2012-05-28 21:46:17 -------- d-----w- C:\Users\Jon\AppData\Roaming\Dropbox
    2012-05-15 06:21:50 . 2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2012-06-12 23:46:52 . 2012-04-18 13:59:24 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-12 23:46:52 . 2012-04-18 13:59:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-15 10:48:00 . 2012-02-10 02:43:00 68928 ----a-w- C:\Windows\system32\OpenCL.dll
    2012-05-15 10:48:00 . 2012-02-10 02:43:00 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2012-05-15 10:48:00 . 2011-11-09 15:38:37 8105280 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
    2012-05-15 10:48:00 . 2011-11-09 15:38:37 2368832 ----a-w- C:\Windows\SysWow64\nvapi.dll
    2012-05-15 10:48:00 . 2011-11-09 15:38:37 1738048 ----a-w- C:\Windows\system32\nvdispco64.dll
    2012-05-15 10:48:00 . 2011-11-09 15:38:37 1468224 ----a-w- C:\Windows\system32\nvgenco64.dll
    2012-05-05 15:35:11 . 2012-04-01 19:34:30 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-25 03:00:40 . 2012-04-25 02:23:32 71 ----a-w- C:\Users\Jon\walkingdead.bat
    2012-04-11 00:37:58 . 2012-04-19 01:41:02 1313792 ----a-w- C:\Windows\system32\ac3filter64.acm
    2012-04-11 00:31:14 . 2012-04-19 01:43:32 1075200 ----a-w- C:\Windows\SysWow64\ac3filter.acm
    2012-04-03 08:22:15 . 2012-05-11 02:47:43 4699520 ----a-w- C:\Windows\system32\ntoskrnl.exe
    2012-04-02 13:59:51 . 2012-05-11 02:47:42 2766848 ----a-w- C:\Windows\system32\win32k.sys
    2012-03-30 12:45:03 . 2012-05-11 02:48:25 1423744 ----a-w- C:\Windows\system32\drivers\tcpip.sys
    2012-03-24 07:02:07 . 2012-03-24 07:02:07 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
    2012-03-24 07:02:06 . 2012-03-24 07:02:06 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2012-03-24 07:02:06 . 2012-03-24 07:02:06 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe
    2012-03-24 07:02:06 . 2012-03-24 07:02:06 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2012-03-24 07:02:06 . 2012-03-24 07:02:06 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2012-03-24 07:02:06 . 2012-03-24 07:02:06 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx
    2012-03-24 07:02:06 . 2012-03-24 07:02:06 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll
    2012-03-24 07:02:06 . 2012-03-24 07:02:06 367104 ----a-w- C:\Windows\SysWow64\html.iec
    2012-03-24 07:02:06 . 2012-03-24 07:02:06 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2012-03-24 07:02:05 . 2012-03-24 07:02:05 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-03-24 07:02:05 . 2012-03-24 07:02:05 35840 ----a-w- C:\Windows\SysWow64\imgutil.dll
    2012-03-24 07:02:05 . 2012-03-24 07:02:05 152064 ----a-w- C:\Windows\SysWow64\wextract.exe
    2012-03-24 07:02:05 . 2012-03-24 07:02:05 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe
    2012-03-24 07:02:05 . 2012-03-24 07:02:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-03-24 07:02:05 . 2012-03-24 07:02:05 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
    2012-03-24 07:02:05 . 2012-03-24 07:02:05 101888 ----a-w- C:\Windows\SysWow64\admparse.dll
    2012-03-24 07:02:04 . 2012-03-24 07:02:04 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll
    2012-03-24 07:02:03 . 2012-03-24 07:02:03 89088 ----a-w- C:\Windows\system32\RegisterIEPKEYs.exe
    2012-03-24 07:02:03 . 2012-03-24 07:02:03 222208 ----a-w- C:\Windows\system32\msls31.dll
    2012-03-24 07:02:02 . 2012-03-24 07:02:02 91648 ----a-w- C:\Windows\system32\SetIEInstalledDate.exe
    2012-03-24 07:02:02 . 2012-03-24 07:02:02 76800 ----a-w- C:\Windows\system32\tdc.ocx
    2012-03-24 07:02:02 . 2012-03-24 07:02:02 49664 ----a-w- C:\Windows\system32\imgutil.dll
    2012-03-24 07:02:02 . 2012-03-24 07:02:02 48640 ----a-w- C:\Windows\system32\mshtmler.dll
    2012-03-24 07:02:02 . 2012-03-24 07:02:02 135168 ----a-w- C:\Windows\system32\IEAdvpack.dll
    2012-03-24 07:02:02 . 2012-03-24 07:02:02 12288 ----a-w- C:\Windows\system32\mshta.exe
    2012-03-24 07:02:02 . 2012-03-24 07:02:02 114176 ----a-w- C:\Windows\system32\admparse.dll
    2012-03-24 07:02:02 . 2012-03-24 07:02:02 111616 ----a-w- C:\Windows\system32\iesysprep.dll
    2012-03-24 07:02:01 . 2012-03-24 07:02:01 85504 ----a-w- C:\Windows\system32\iesetup.dll
    2012-03-24 07:02:01 . 2012-03-24 07:02:01 603648 ----a-w- C:\Windows\system32\vbscript.dll
    2012-03-24 07:02:01 . 2012-03-24 07:02:01 448512 ----a-w- C:\Windows\system32\html.iec
    2012-03-24 07:02:01 . 2012-03-24 07:02:01 30720 ----a-w- C:\Windows\system32\licmgr10.dll
    2012-03-24 07:02:01 . 2012-03-24 07:02:01 165888 ----a-w- C:\Windows\system32\iexpress.exe
    2012-03-24 07:02:01 . 2012-03-24 07:02:01 160256 ----a-w- C:\Windows\system32\wextract.exe
    2012-03-24 07:02:00 . 2012-03-24 07:02:00 173056 ----a-w- C:\Windows\system32\ieUnatt.exe
    2012-03-22 18:00:00 . 2012-04-22 04:19:27 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
    2012-03-20 23:34:30 . 2012-05-11 02:47:57 72576 ----a-w- C:\Windows\system32\drivers\partmgr.sys
    2012-03-15 12:51:02 . 2012-03-19 03:23:25 24928 ----a-w- C:\Windows\system32\novamnp7.dll
    2012-03-15 12:51:02 . 2012-03-19 03:23:25 21856 ----a-w- C:\Windows\system32\novamip7.dll


    Here is the ESETScan log:

    C:\Program Files (x86)\2K Sports\Major League Baseball 2K12\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan
    C:\Program Files (x86)\2K Sports\NBA 2K12\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan
    C:\Program Files (x86)\Disney Interactive Studios\LEGO® Pirates\paul.dll a variant of Win32/Packed.VMProtect.AAA trojan
    C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan
    C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{3a99da61-544b-6206-9f81-85b28f61781b}\U\00000008.@.vir Win64/Agent.BA trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{3a99da61-544b-6206-9f81-85b28f61781b}\U\80000032.@.vir probably a variant of Win32/Sirefef.EU trojan
    C:\Qoobox\Quarantine\C\Windows\Installer\{3a99da61-544b-6206-9f81-85b28f61781b}\U\80000064.@.vir Win64/Sirefef.AE trojan
    C:\Users\Jon\Downloads\Topckit_Install.exe a variant of Win32/Adware.Topckit application
    C:\Users\Jon\Downloads\NBA.2K12.Update.v1.01-RELOADED\rld-nba2k12101.rar a variant of Win32/Packed.VMProtect.AAH trojan
    C:\Users\Jon\Downloads\NBA.2K12.Update.v1.01-RELOADED\Crack\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan
    Operating memory a variant of Win32/Sirefef.EZ trojan

    (Just a note, the first 3 and the last 2 are because I have downloaded a few games and that is the crack to make it work without a cd)
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    Run the following please:

    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =============================================
    Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.
    Why do you think you have the DNS Changer? Is this system continually rebooting? Are you being redirected when you do a search?
    Do you also have another language other than English ob the system? >> ƒyƒCƒ“ƒgƒc[ƒ‹SAI Ver.1
    =================================================
  5. differencemaker

    differencemaker Newcomer, in training Topic Starter

    Thanks for your response.

    CKfiles.txt:

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files (x86)\image-line\fl studio 10\data\patches\packs\crack\flengine.dll
    c:\program files (x86)\image-line\fl studio 10\data\patches\packs\crack\flregkey.reg
    c:\program files (x86)\image-line\fl studio 10\plugins\fruity\effects\hardcore\presets\I cracked my tube!.hdprg
    c:\program files (x86)\image-line\fl studio 10\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
    c:\program files (x86)\image-line\fl studio 10\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
    c:\program files (x86)\painttool sai english pack\keygen.bin
    c:\program files (x86)\rockstar games\gta san andreas\data\decision\craig\crack1.ped
    c:\users\jon\desktop\painttoolsai\keygen.bin
    c:\users\jon\downloads\nba.2k12.update.v1.01-reloaded\crack\nba2k12.exe
    c:\users\jon\downloads\nba.2k12.update.v1.01-reloaded\crack\rld.dll
    c:\users\jon\frostwire\torrent data\internet library - k\kagan, janet\janet kagan - the nutcracker coup.pdf
    c:\users\jon\frostwire\torrent data\internet library - k\kagan, janet\janet kagan - the nutcracker coup.txt
    c:\users\jon\frostwire\torrent data\internet library - k\kagan, janet\janet_kagan_-_the_nutcracker_coup.rtf
    c:\users\jon\music\itunes\itunes media\mobile applications\crack'n flee 2.04.ipa
    scanner sequence 3.JD.11.QCAPUP
    ----- EOF -----
    checkup.txt:

    Results of screen317's Security Check version 0.99.41
    Windows Vista Service Pack 2 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.61.0.1400
    Java(TM) 6 Update 31
    Java version out of date!
    Adobe Flash Player 11.3.300.257
    Adobe Reader X (10.1.3)
    Mozilla Firefox (13.0)
    Google Chrome 19.0.1084.52
    Google Chrome 19.0.1084.56
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0 %
    ````````````````````End of Log``````````````````````


    As for your other questions: I have no clue why I would have the DNS changer. My computer does not restart on its own. I also never get redirected while searching for things. I can only imagine I picked it up in a torrent.

    As for the "ƒyƒCƒ“ƒgƒc[ƒ‹SAI Ver.1" It's actually a paint tool program that I got online. It's referenced in the ckfiles in this line: c:\program files (x86)\painttool sai english pack\keygen.bin. I believe the native language is Chinese or something.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +32

    It's one of several pirated programs. Not having the CD does not make pirating legal. I do not support piracy. In order to continue support, you will have to remove all pirated software:

    Your system is badly infected. The extensive use of Frostwire and torrent sites will always assure that you have multiple malware.

    You also have this AV on the system: It is running in addition to Avast.
    Element Anti-Virus 2011
    Element Anti-Virus ID Protection
    Element Anti-Virus, formerly known as Element TotalProtect, is an antivirus software and Personal firewall package made by the software house, StraySpark Computing GmbH (Formerly Element Software UK LLC).
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.