Solved Redirecting virus, and possibly more viruses

AKFH · Oct 3, 2010

Hey, I'm back again.... and Avira was doing good until now, I will do the 8-steps again. I am using FireFox and it keeps redirecting on google, and the last redirection I had minimized my window to very small, then a pop-up came up saying that Windows will now scan for viruses or something, then I pressed [x] close, and the minimized window maximized and it looked like it was scanning, and I quickly pressed [x] close again. And then I came on here. Malwarebytes and Avira traced several 20+ Torjans on my computer and then disposed of them, but there's seems to be more that is being un-detected. I don't understand how there are so many in so little time...

** GMER was taking too long, so I was wondering if I did something wrong? It was taking a lot longer than I did it last time. Which was approximately 2-3 months ago... So I don't have the log from GMER, only DDS, TFC, and Malwarebytes

AKFH · Oct 3, 2010

Uh... it seems like I cannot open anything now.. I can't even open my Task Manager via alt+ctrl+delete. And FireFox is running pretty laggy, my iTunes and FireFox is the only thing running. It won't let me open anyhting...

AKFH · Oct 3, 2010

No programme is runable right now. Not even GMER. It's slow when transacting to desktop to FireFox, and I've tried a lot of things to get the Task manager up. I'm afraid I'm totally locked out by this virus. I can't access Avira, Malwarebytes, or anything.

I'm afraid that if I go to bed soon, and turn off my computer, I won't have access to any programme... I tried opening another FireFox window, and it didn't work. Nothing came up. So I fear that if I close this Window, I will be completely locked out..

Broni · Oct 3, 2010

I assume, you're posting from some other computer?
Download following programs on good computer, use USB stick to transfer them to bad computer and run them from SAFE MODE.

Since we want your good computer to be safe, do this on GOOD computer...
Download, and run Flash Disinfector, and save it to your desktop (Windows Vista and Windows 7 users, scroll down)

*Please disable any AV / ScriptBlockers as they might detect Flash Disinfector to be malicious and block it. Hence, the failure in executing. You can enable them back after the cleaning process*

Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
Wait until it has finished scanning and then exit the program.
Reboot your computer when done.

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

Windows Vista and Windows 7 users
Flash Disinfector is not compatible with the above Windows version.
Please, use Panda USB Vaccine

=====================================================================

Now, programs, you'll need for bad computer.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

=========================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

AKFH · Oct 3, 2010

QUICK REPLY: no, this is on the infected computer. I have yet to close this Web broswer. I feared that if I did, I could never run anything, so I am taking pre-cautions!

AKFH · Oct 3, 2010

Flash Disinfector did not open after I clicked 'Run', as I feared.. this is the only computer btw.

Broni · Oct 3, 2010

Then you don't worry about Flash Disinfector.
Go on with others.

AKFH · Oct 3, 2010

I wil proceed with the others as fast as possible and run them and give results.

Broni · Oct 3, 2010

OK

.................

AKFH · Oct 3, 2010

UPDATE: I am about to try the last Rkill, mind you, the fourth link is broken. Also, I suspect programmes that I have opened that have not shown up are ALL running, because I cannot delete Flash Disinfector because it says it is still in use. Therefore eveyrthing is running, excpet not showing up, so it cannot give me access to them.

AKFH · Oct 3, 2010

None of the Rkills worked for me.

Broni · Oct 3, 2010

Are you in safe mode?

AKFH · Oct 3, 2010

No. I am running my computer normally.

Broni · Oct 3, 2010

You didn't follow my instructions.
I said to run all 3 tools from safe mode.

AKFH · Oct 3, 2010

Sorry, my computer froze due to lagginess, my bad for not reading instructions I am in Safe Mode with Networking now and I will do them again.

Broni · Oct 3, 2010

OK

............

AKFH · Oct 3, 2010

exeHelper by Raktor
Build 20100414
Run at 20:39:36 on 10/03/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

AKFH · Oct 3, 2010

ComboFix 10-10-03.01 - Ant 03/10/2010 20:47:02.5.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.735.560 [GMT -4:00]
Running from: c:\documents and settings\Ant\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ant\Application Data\020000007b84abde1018C.manifest
c:\documents and settings\Ant\Application Data\020000007b84abde1018O.manifest
c:\documents and settings\Ant\Application Data\020000007b84abde1018P.manifest
c:\documents and settings\Ant\Application Data\020000007b84abde1018S.manifest
c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{0be1d56b-88bc-4f16-a084-2d588aa97f76}
c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{0be1d56b-88bc-4f16-a084-2d588aa97f76}\chrome.manifest
c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{0be1d56b-88bc-4f16-a084-2d588aa97f76}\chrome\xulcache.jar
c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{0be1d56b-88bc-4f16-a084-2d588aa97f76}\defaults\preferences\xulcache.js
c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{0be1d56b-88bc-4f16-a084-2d588aa97f76}\install.rdf
c:\windows\system32\1790502456
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-03 21:58 . 2010-01-22 13:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-10-03 21:58 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-10-03 21:58 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-10-03 21:58 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-10-03 21:58 . 2010-01-22 13:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-10-03 21:58 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-10-03 21:51 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-03 21:51 . 2010-03-10 15:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-03 21:51 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-03 21:51 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-03 21:50 . 2010-10-03 21:59 -------- d-----w- c:\program files\Spyware Doctor
2010-10-03 21:50 . 2010-10-03 21:59 -------- d-----w- c:\program files\Common Files\PC Tools
2010-10-03 21:50 . 2010-10-03 21:50 -------- d-----w- c:\documents and settings\Ant\Application Data\PC Tools
2010-10-03 21:50 . 2010-10-03 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-30 03:41 . 2010-09-30 03:41 174160 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-30 00:57 . 2010-09-30 00:58 -------- d-----w- c:\program files\QuickTime
2010-09-30 00:51 . 2010-09-30 00:51 -------- d-----w- c:\program files\Bonjour
2010-09-30 00:48 . 2010-09-30 00:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-30 00:44 . 2010-09-30 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-09-30 00:10 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-09-30 00:10 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-09-30 00:10 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-09-30 00:10 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-09-30 00:10 . 2010-09-14 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-30 00:10 . 2010-09-30 00:11 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-09-29 23:53 . 2010-09-29 23:53 -------- d-----w- C:\OutputFolder
2010-09-26 20:00 . 2010-09-26 20:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira
2010-09-26 17:10 . 2010-10-03 22:00 -------- d-----w- c:\windows\system32\NtmsData
2010-09-18 14:01 . 2010-09-18 14:01 -------- d-----w- c:\program files\Common Files\Java
2010-09-04 20:57 . 2010-08-05 18:44 64512 ----a-w- c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\[email protected]\platform\WINNT_gecko2\components\nsTwitterFoxSign.dll
2010-09-04 20:57 . 2010-08-05 18:41 66048 ----a-w- c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\[email protected]\platform\WINNT\components\nsTwitterFoxSign.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 00:30 . 2010-05-09 16:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-04 00:21 . 2009-06-19 17:22 -------- d-----w- c:\documents and settings\Ant\Application Data\Skype
2010-10-03 20:00 . 2010-02-12 22:34 -------- d-----w- c:\documents and settings\Ant\Application Data\skypePM
2010-09-30 01:06 . 2009-06-19 17:25 -------- d-----w- c:\program files\iTunes
2010-09-30 01:04 . 2009-06-19 17:25 -------- d-----w- c:\program files\iPod
2010-09-30 01:04 . 2009-06-19 19:00 -------- d-----w- c:\program files\Common Files\Apple
2010-09-30 00:35 . 2010-06-19 15:22 -------- d-----w- c:\documents and settings\Ant\Application Data\FrostWire
2010-09-29 23:47 . 2010-09-29 23:47 0 ---ha-w- c:\documents and settings\Ant\jakgneorfn.tmp
2010-09-29 19:49 . 2009-11-02 01:05 -------- d-----w- c:\program files\LG PC Suite II
2010-09-29 10:58 . 2009-06-22 02:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-26 20:00 . 2009-07-07 02:46 -------- d-----w- c:\program files\QuickFreedom
2010-09-18 14:01 . 2010-02-20 19:05 -------- d-----w- c:\program files\Java
2010-09-06 03:35 . 2010-02-20 19:42 46 ----a-w- c:\documents and settings\Ant\jagex_runescape_preferences.dat
2010-09-06 03:35 . 2010-02-20 19:42 99 ----a-w- c:\documents and settings\Ant\jagex_runescape_preferences2.dat
2010-09-03 20:33 . 2009-10-01 10:18 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-03 20:32 . 2010-09-03 20:32 77312 ----a-w- c:\documents and settings\Ant\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.72.0A.dll
2010-09-03 20:32 . 2010-09-03 20:32 -------- d-----w- c:\documents and settings\Ant\Application Data\SystemRequirementsLab
2010-09-01 00:06 . 2009-06-19 15:18 80424 ----a-w- c:\documents and settings\Ant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-23 23:33 . 2010-06-19 15:19 -------- d-----w- c:\program files\FrostWire
2010-08-23 23:32 . 2010-08-23 23:32 -------- d-----w- c:\program files\Ask.com
2010-08-17 13:17 . 2002-08-29 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 01:20 . 2010-02-12 22:04 -------- d-----r- c:\program files\Skype
2010-08-07 19:35 . 2010-08-03 01:16 -------- d-----w- c:\documents and settings\Ant\Application Data\881903
2010-08-07 18:01 . 2010-08-07 18:01 -------- d-----w- c:\program files\Common Files\Skype
2010-08-07 18:01 . 2010-02-12 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-07 17:50 . 2009-07-18 18:42 -------- d-----w- c:\program files\Creative
2010-08-07 17:50 . 2009-06-19 16:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 02:02 . 2010-08-07 02:02 -------- d-----w- c:\documents and settings\Ant\Application Data\Avira
2010-08-06 22:42 . 2010-08-06 22:42 -------- d-----w- c:\program files\Avira
2010-08-06 22:42 . 2010-08-06 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-06 22:35 . 2010-08-06 22:35 503808 ----a-w- c:\documents and settings\Ant\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ad1ea98-n\msvcp71.dll
2010-08-06 22:35 . 2010-08-06 22:35 499712 ----a-w- c:\documents and settings\Ant\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ad1ea98-n\jmc.dll
2010-08-06 22:35 . 2010-08-06 22:35 348160 ----a-w- c:\documents and settings\Ant\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ad1ea98-n\msvcr71.dll
2010-07-12 02:05 . 2010-07-12 02:05 0 ----a-w- c:\documents and settings\Ant\jagex__preferences3.dat
2010-07-07 20:41 . 2010-09-03 18:47 180736 ----a-w- c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudioEx.dll
2010-07-07 20:40 . 2010-09-03 18:47 110592 ----a-w- c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudio.dll
2010-03-15 00:17 . 2010-03-15 00:17 2877952 ----a-w- c:\program files\HongkongToolbar.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-04-29 245760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-21 202256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [03/10/2010 5:51 PM 217032]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [06/07/2009 10:51 PM 28672]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/08/2010 6:42 PM 135336]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [03/10/2010 5:58 PM 112592]
S2 gupdate1c9f8f8c5b4f430;Google Update Service (gupdate1c9f8f8c5b4f430);c:\program files\Google\Update\GoogleUpdate.exe [29/06/2009 4:32 PM 133104]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [03/10/2010 5:50 PM 366840]
S3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\drivers\lgmdbus.sys [01/11/2009 9:08 PM 89600]
S3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmdmdfl.sys [01/11/2009 9:08 PM 14976]
S3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmdmdm.sys [01/11/2009 9:08 PM 121344]
S3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmdmgmt.sys [01/11/2009 9:08 PM 114944]
S3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmdobex.sys [01/11/2009 9:08 PM 111232]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [18/07/2009 2:43 PM 91797]
.
Contents of the 'Scheduled Tasks' folder

2010-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 20:32]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 20:32]

2010-10-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-10-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1563985344-1343024091-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-10-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-10-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1563985344-1343024091-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-10-03 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: aol.com\free
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudio.dll
FF - component: c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudioEx.dll
FF - component: c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDES.dll
FF - component: c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDESEx.dll
FF - component: c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\[email protected]\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
Completion time: 2010-10-03 20:55:34
ComboFix-quarantined-files.txt 2010-10-04 00:55

Pre-Run: 43,760,861,184 bytes free
Post-Run: 43,758,895,104 bytes free

- - End Of File - - 704CB6DD788BFC002D782F8FE492DD8A

AKFH · Oct 3, 2010

We should ignore the Restore thingy, it's like last time, it won't install, some thing wrong with 'enumerating' i don't know, but it didn't work last time, and it won't work this time.

Broni · Oct 3, 2010

Actually, it looks pretty good now

Hopefully, we're getting somewhere.

I want you to restart in normal mode, re-run Combofix and allow recovery console installation.
Post new log.

When done, uninstall AskToolbar, known adware.

When done, update MBAM, run it, post fresh log.

When done...

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

...and let me know, how computer is doing....

AKFH · Oct 3, 2010

Yes Sir! Right away!

Broni · Oct 3, 2010

Give recovery console a shot.
If no go, proceed with other steps.

AKFH · Oct 3, 2010

ComboFix 10-10-03.01 - Ant 03/10/2010 21:18:52.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.735.279 [GMT -4:00]
Running from: c:\documents and settings\Ant\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.

2010-10-04 01:11 . 2010-10-04 01:14 -------- d-----r- C:\32788R22FWJFW
2010-10-03 21:58 . 2010-01-22 13:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-10-03 21:58 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-10-03 21:58 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-10-03 21:58 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-10-03 21:58 . 2010-01-22 13:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-10-03 21:58 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-10-03 21:51 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-03 21:51 . 2010-03-10 15:36 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-03 21:51 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-03 21:51 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-03 21:50 . 2010-10-04 01:18 -------- d-----w- c:\program files\Spyware Doctor
2010-10-03 21:50 . 2010-10-03 21:59 -------- d-----w- c:\program files\Common Files\PC Tools
2010-10-03 21:50 . 2010-10-03 21:50 -------- d-----w- c:\documents and settings\Ant\Application Data\PC Tools
2010-10-03 21:50 . 2010-10-03 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-09-30 03:41 . 2010-09-30 03:41 174160 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-30 00:57 . 2010-09-30 00:58 -------- d-----w- c:\program files\QuickTime
2010-09-30 00:51 . 2010-09-30 00:51 -------- d-----w- c:\program files\Bonjour
2010-09-30 00:48 . 2010-09-30 00:48 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-30 00:44 . 2010-09-30 00:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-09-30 00:10 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
2010-09-30 00:10 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-09-30 00:10 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-09-30 00:10 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-09-30 00:10 . 2010-09-14 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-30 00:10 . 2010-09-30 00:11 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-09-29 23:53 . 2010-09-29 23:53 -------- d-----w- C:\OutputFolder
2010-09-26 20:00 . 2010-09-26 20:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira
2010-09-26 17:10 . 2010-10-03 22:00 -------- d-----w- c:\windows\system32\NtmsData
2010-09-18 14:01 . 2010-09-18 14:01 -------- d-----w- c:\program files\Common Files\Java
2010-09-04 20:57 . 2010-08-05 18:44 64512 ----a-w- c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\[email protected]\platform\WINNT_gecko2\components\nsTwitterFoxSign.dll
2010-09-04 20:57 . 2010-08-05 18:41 66048 ----a-w- c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\[email protected]\platform\WINNT\components\nsTwitterFoxSign.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-04 01:33 . 2009-06-19 17:22 -------- d-----w- c:\documents and settings\Ant\Application Data\Skype
2010-10-04 01:11 . 2010-05-09 16:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-04 01:08 . 2010-02-12 22:34 -------- d-----w- c:\documents and settings\Ant\Application Data\skypePM
2010-09-30 01:06 . 2009-06-19 17:25 -------- d-----w- c:\program files\iTunes
2010-09-30 01:04 . 2009-06-19 17:25 -------- d-----w- c:\program files\iPod
2010-09-30 01:04 . 2009-06-19 19:00 -------- d-----w- c:\program files\Common Files\Apple
2010-09-30 00:35 . 2010-06-19 15:22 -------- d-----w- c:\documents and settings\Ant\Application Data\FrostWire
2010-09-29 23:47 . 2010-09-29 23:47 0 ---ha-w- c:\documents and settings\Ant\jakgneorfn.tmp
2010-09-29 19:49 . 2009-11-02 01:05 -------- d-----w- c:\program files\LG PC Suite II
2010-09-29 10:58 . 2009-06-22 02:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-26 20:00 . 2009-07-07 02:46 -------- d-----w- c:\program files\QuickFreedom
2010-09-18 14:01 . 2010-02-20 19:05 -------- d-----w- c:\program files\Java
2010-09-06 03:35 . 2010-02-20 19:42 46 ----a-w- c:\documents and settings\Ant\jagex_runescape_preferences.dat
2010-09-06 03:35 . 2010-02-20 19:42 99 ----a-w- c:\documents and settings\Ant\jagex_runescape_preferences2.dat
2010-09-03 20:33 . 2009-10-01 10:18 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-03 20:32 . 2010-09-03 20:32 77312 ----a-w- c:\documents and settings\Ant\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.72.0A.dll
2010-09-03 20:32 . 2010-09-03 20:32 -------- d-----w- c:\documents and settings\Ant\Application Data\SystemRequirementsLab
2010-09-01 00:06 . 2009-06-19 15:18 80424 ----a-w- c:\documents and settings\Ant\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-23 23:33 . 2010-06-19 15:19 -------- d-----w- c:\program files\FrostWire
2010-08-23 23:32 . 2010-08-23 23:32 -------- d-----w- c:\program files\Ask.com
2010-08-17 13:17 . 2002-08-29 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 01:20 . 2010-02-12 22:04 -------- d-----r- c:\program files\Skype
2010-08-07 19:35 . 2010-08-03 01:16 -------- d-----w- c:\documents and settings\Ant\Application Data\881903
2010-08-07 18:01 . 2010-08-07 18:01 -------- d-----w- c:\program files\Common Files\Skype
2010-08-07 18:01 . 2010-02-12 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-07 17:50 . 2009-07-18 18:42 -------- d-----w- c:\program files\Creative
2010-08-07 17:50 . 2009-06-19 16:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-07 02:02 . 2010-08-07 02:02 -------- d-----w- c:\documents and settings\Ant\Application Data\Avira
2010-08-06 22:42 . 2010-08-06 22:42 -------- d-----w- c:\program files\Avira
2010-08-06 22:42 . 2010-08-06 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-06 22:35 . 2010-08-06 22:35 503808 ----a-w- c:\documents and settings\Ant\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ad1ea98-n\msvcp71.dll
2010-08-06 22:35 . 2010-08-06 22:35 499712 ----a-w- c:\documents and settings\Ant\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ad1ea98-n\jmc.dll
2010-08-06 22:35 . 2010-08-06 22:35 348160 ----a-w- c:\documents and settings\Ant\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-7ad1ea98-n\msvcr71.dll
2010-07-12 02:05 . 2010-07-12 02:05 0 ----a-w- c:\documents and settings\Ant\jagex__preferences3.dat
2010-07-07 20:41 . 2010-09-03 18:47 180736 ----a-w- c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudioEx.dll
2010-07-07 20:40 . 2010-09-03 18:47 110592 ----a-w- c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudio.dll
2010-03-15 00:17 . 2010-03-15 00:17 2877952 ----a-w- c:\program files\HongkongToolbar.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-10-04_00.53.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-04 01:06 . 2010-10-04 01:06 16384 c:\windows\temp\Perflib_Perfdata_7d4.dat
+ 2010-10-04 01:06 . 2010-10-04 01:06 16384 c:\windows\temp\Perflib_Perfdata_1ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 19:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2004-04-29 245760]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-01-08 864256]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-21 202256]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-03-09 1286608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [03/10/2010 5:51 PM 217032]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/08/2010 6:42 PM 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [03/10/2010 5:58 PM 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [03/10/2010 5:50 PM 366840]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [06/07/2009 10:51 PM 28672]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [18/07/2009 2:43 PM 91797]
S2 gupdate1c9f8f8c5b4f430;Google Update Service (gupdate1c9f8f8c5b4f430);c:\program files\Google\Update\GoogleUpdate.exe [29/06/2009 4:32 PM 133104]
S3 lgmdbus;LG Mobile driver (WDM);c:\windows\system32\drivers\lgmdbus.sys [01/11/2009 9:08 PM 89600]
S3 lgmdmdfl;LG Mobile USB WMC Modem Filter;c:\windows\system32\drivers\lgmdmdfl.sys [01/11/2009 9:08 PM 14976]
S3 lgmdmdm;LG Mobile USB WMC Modem Driver;c:\windows\system32\drivers\lgmdmdm.sys [01/11/2009 9:08 PM 121344]
S3 lgmdmgmt;LG Mobile USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\lgmdmgmt.sys [01/11/2009 9:08 PM 114944]
S3 lgmdobex;LG Mobile USB WMC OBEX Interface;c:\windows\system32\drivers\lgmdobex.sys [01/11/2009 9:08 PM 111232]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL
*Deregistered* - PCTSDInjDriver32
.
Contents of the 'Scheduled Tasks' folder

2010-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 20:32]

2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 20:32]

2010-10-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-10-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-1563985344-1343024091-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-10-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-10-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-1563985344-1343024091-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-10-04 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 19:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: aol.com\free
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudio.dll
FF - component: c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudioEx.dll
FF - component: c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDES.dll
FF - component: c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDESEx.dll
FF - component: c:\documents and settings\Ant\Application Data\Mozilla\Firefox\Profiles\hsno1dpn.default\extensions\[email protected]\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3496)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-03 21:38:11
ComboFix-quarantined-files.txt 2010-10-04 01:38
ComboFix2.txt 2010-10-04 00:55

Pre-Run: 43,824,009,216 bytes free
Post-Run: 43,802,550,272 bytes free

- - End Of File - - 6D7BD3988D5660318DF3D2B4582D4E78

AKFH · Oct 3, 2010

So far, everything's appearing, so I take those s as good. Even though we aren't done yet, I appreciate and thank you a tonne for reading my message. I know it was impatient of me and I apoligize once more. and I know it wasn't my place to request help, but rather only to await for help. Thanks for going out of your way for me. I hope you weren't really busy!! Thanks!!

Uninstalled AskTool, and now starting Malwarebytes!

Broni · Oct 3, 2010

Looks good

Go ahead with other steps.

Solved Redirecting virus, and possibly more viruses

Posts: 106 +0

Attachments

Posts: 106 +0

Posts: 106 +0

Posts: 56,041 +517

Posts: 106 +0

Posts: 106 +0

Posts: 56,041 +517

Posts: 106 +0

Posts: 56,041 +517

Posts: 106 +0

Posts: 106 +0

Posts: 56,041 +517

Posts: 106 +0

Posts: 56,041 +517

Posts: 106 +0

Posts: 56,041 +517

Posts: 106 +0

Posts: 106 +0

Posts: 106 +0

Posts: 56,041 +517

Posts: 106 +0

Posts: 56,041 +517

Posts: 106 +0

Posts: 106 +0

Posts: 56,041 +517

Similar threads