Inactive Help removing Win64/32:Sirefef-All [Trj/Rtk] & services.exe

Status
Not open for further replies.
Hi,

I have been helping a friend whose computer has been neglected for quite some time, I have done the best job I can cleaning most of the system but then I was confronted with what was likely the start of it all, the so-called Zeroaccess Trojan. I have found many topics discussing removal of this but as always suggested I did not want to use any of the user specific solutions on his computer. I believe that the Rootkit may have been hidden in the Synaptics Pointing Device Driver as I was experiencing issues with the touchpad's functionality and even purchased and installed a new touchpad, which still had problems, but when I prevented startup of the driver using the msconfig utility the issues stopped. Thanks in advance for any and all help!
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19019
Run by Anthony at 20:27:23 on 2013-06-14
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1161 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\dllhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.bearshare.net
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - <orphaned>
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - <orphaned>
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\anthony\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\program files\bearshare applications\mediabar\datamngr\toolbar\wincorebsdtx.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Wincore Mediabar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\program files\bearshare applications\mediabar\datamngr\toolbar\wincorebsdtx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 205.171.3.25 205.171.2.25
TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DHCPNameServer = 10.1.10.1
TCP: Interfaces\{AE3C9073-47F9-4148-BE79-00D6DC5AA36C} : DHCPNameServer = 205.171.3.25 205.171.2.25
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\bearshare applications\mediabar\datamngr\datamngr.dll c:\progra~1\bearshare applications\mediabar\datamngr\IEBHO.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 [FONT=verdana]www.spywareinfo.com[/FONT]
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\anthony\appdata\roaming\mozilla\firefox\profiles\wq35e0l5.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
[FONT=verdana]FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll[/FONT]
[FONT=verdana]FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll[/FONT]
[FONT=verdana]FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll[/FONT]
[FONT=verdana]FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll[/FONT]
[FONT=verdana]FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll[/FONT]
[FONT=verdana]FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll[/FONT]
[FONT=verdana]FF - ExtSQL: 2013-06-08 14:07; wrc@avast.com; c:\program files\avast software\avast\webrep\FF[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]============= SERVICES / DRIVERS ===============[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-6-8 49376][/FONT]
[FONT=verdana]R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-6-8 174664][/FONT]
[FONT=verdana]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-6-8 765736][/FONT]
[FONT=verdana]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-8 368944][/FONT]
[FONT=verdana]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-8 29816][/FONT]
[FONT=verdana]R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-6-8 66336][/FONT]
[FONT=verdana]R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-6-8 46808][/FONT]
[FONT=verdana]R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128][/FONT]
[FONT=verdana]R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-6-14 40776][/FONT]
[FONT=verdana]S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2013-5-31 20080][/FONT]
[FONT=verdana]S4 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840][/FONT]
[FONT=verdana]S4 DefaultTabUpdate;DefaultTabUpdate;c:\users\anthony\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2012-8-22 107520][/FONT]
[FONT=verdana]S4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952][/FONT]
[FONT=verdana]S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-10-27 1153368][/FONT]
[FONT=verdana]S4 Web Assistant;Web Assistant;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-8-22 188760][/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]=============== Created Last 30 ================[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]2013-06-15 02:00:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys[/FONT]
[FONT=verdana]2013-06-08 20:08:22 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys[/FONT]
[FONT=verdana]2013-06-08 20:08:21 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys[/FONT]
[FONT=verdana]2013-06-08 20:08:21 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys[/FONT]
[FONT=verdana]2013-06-08 20:08:20 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys[/FONT]
[FONT=verdana]2013-06-08 20:06:53 41664 ----a-w- c:\windows\avastSS.scr[/FONT]
[FONT=verdana]2013-06-08 19:58:26 -------- d-----w- c:\windows\pss[/FONT]
[FONT=verdana]2013-05-31 21:44:29 173582 ----a-w- c:\windows\system32\cc_20130531_154420.reg[/FONT]
[FONT=verdana]2013-05-31 18:20:04 -------- d-----w- c:\program files\CCleaner[/FONT]
[FONT=verdana]2013-05-31 17:51:27 -------- d-----w- c:\users\anthony\appdata\roaming\Malwarebytes[/FONT]
[FONT=verdana]2013-05-31 17:51:16 -------- d-----w- c:\programdata\Malwarebytes[/FONT]
[FONT=verdana]2013-05-31 17:51:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys[/FONT]
[FONT=verdana]2013-05-31 17:51:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware[/FONT]
[FONT=verdana]2013-05-31 17:50:37 -------- d-----w- c:\program files\PeerBlock[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]==================== Find3M ====================[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]2013-05-31 03:53:27 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe[/FONT]
[FONT=verdana]2013-05-31 03:53:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl[/FONT]
[FONT=verdana]2013-04-07 08:52:34 27136 ----a-w- c:\windows\system32\ImHttpComm.dll[/FONT]
[FONT=verdana]2012-08-22 03:45:29 699536 ----a-w- c:\program files\39Uninstall MapsGalaxy.dll[/FONT]
[FONT=verdana]2012-08-22 03:45:29 172440 ----a-w- c:\program files\39res.dll[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]============= FINISH: 20:28:58.56 ===============[/FONT]

[FONT=verdana].[/FONT]
[FONT=verdana]UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.[/FONT]
[FONT=verdana]IF REQUESTED, ZIP IT UP & ATTACH IT[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]DDS (Ver_2012-11-20.01)[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]Microsoft® Windows Vista™ Home Premium[/FONT][FONT=verdana] [/FONT]
[FONT=verdana]Boot Device: \Device\HarddiskVolume1[/FONT]
[FONT=verdana]Install Date: 12/23/2008 6:56:02 PM[/FONT]
[FONT=verdana]System Uptime: 6/14/2013 7:24:44 PM (1 hours ago)[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]Motherboard: Wistron | | 3612[/FONT]
[FONT=verdana]Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | CPU | 1600/800mhz[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]==== Disk Partitions =========================[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]C: is FIXED (NTFS) - 287 GiB total, 61.319 GiB free.[/FONT]
[FONT=verdana]D: is FIXED (NTFS) - 11 GiB total, 1.818 GiB free.[/FONT]
[FONT=verdana]E: is CDROM (UDF)[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]==== Disabled Device Manager Items =============[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]==== System Restore Points ===================[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]==== Installed Programs ======================[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]µTorrent[/FONT]
[FONT=verdana]ActiveCheck component for HP Active Support Library[/FONT]
[FONT=verdana]Adobe AIR[/FONT]
[FONT=verdana]Adobe Flash Player 11 ActiveX[/FONT]
[FONT=verdana]Adobe Flash Player 11 Plugin[/FONT]
[FONT=verdana]Adobe Reader X (10.1.4)[/FONT]
[FONT=verdana]Adobe Shockwave Player[/FONT]
[FONT=verdana]Adobe Shockwave Player 12.0[/FONT]
[FONT=verdana]avast! Free Antivirus[/FONT]
[FONT=verdana]AVG 2012[/FONT]
[FONT=verdana]BearShare[/FONT]
[FONT=verdana]Canon iP2600 series[/FONT]
[FONT=verdana]CCleaner[/FONT]
[FONT=verdana]Conexant HD Audio[/FONT]
[FONT=verdana]CutePDF Writer 2.8[/FONT]
[FONT=verdana]CWA Reminder by We-Care.com v4.1.18.3[/FONT]
[FONT=verdana]DefaultTab[/FONT]
[FONT=verdana]ErrorTeck 1.6[/FONT]
[FONT=verdana]ESU for Microsoft Vista[/FONT]
[FONT=verdana]Fix-it-up - Kates Adventure[/FONT]
[FONT=verdana]gBurner[/FONT]
[FONT=verdana]Google Chrome[/FONT]
[FONT=verdana]Google Earth Plug-in[/FONT]
[FONT=verdana]Google Toolbar for Internet Explorer[/FONT]
[FONT=verdana]Google Update Helper[/FONT]
[FONT=verdana]HDAUDIO Soft Data Fax Modem with SmartCP[/FONT]
[FONT=verdana]Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)[/FONT]
[FONT=verdana]Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)[/FONT]
[FONT=verdana]HP Active Support Library[/FONT]
[FONT=verdana]HP Customer Experience Enhancements[/FONT]
[FONT=verdana]HP Doc Viewer[/FONT]
[FONT=verdana]HP DVD Play 3.7[/FONT]
[FONT=verdana]HP Help and Support[/FONT]
[FONT=verdana]HP Quick Launch Buttons 6.40 H2[/FONT]
[FONT=verdana]HP Total Care Advisor[/FONT]
[FONT=verdana]HP Update[/FONT]
[FONT=verdana]HP User Guides 0118[/FONT]
[FONT=verdana]HP Wireless Assistant[/FONT]
[FONT=verdana]HPAsset component for HP Active Support Library[/FONT]
[FONT=verdana]HPNetworkAssistant[/FONT]
[FONT=verdana]HPTCSSetup[/FONT]
[FONT=verdana]IB Updater Service[/FONT]
[FONT=verdana]Intel(R) Graphics Media Accelerator Driver[/FONT]
[FONT=verdana]Java(TM) 6 Update 7[/FONT]
[FONT=verdana]LabelPrint[/FONT]
[FONT=verdana]LG USB Modem driver[/FONT]
[FONT=verdana]LightScribe System Software 1.14.17.1[/FONT]
[FONT=verdana]Malwarebytes Anti-Malware version 1.75.0.1300[/FONT]
[FONT=verdana]Microsoft .NET Framework 3.5 SP1[/FONT]
[FONT=verdana]Microsoft Application Error Reporting[/FONT]
[FONT=verdana]Microsoft Office 2007 Service Pack 2 (SP2)[/FONT]
[FONT=verdana]Microsoft Office Excel MUI (English) 2007[/FONT]
[FONT=verdana]Microsoft Office Home and Student 2007[/FONT]
[FONT=verdana]Microsoft Office OneNote MUI (English) 2007[/FONT]
[FONT=verdana]Microsoft Office PowerPoint MUI (English) 2007[/FONT]
[FONT=verdana]Microsoft Office PowerPoint Viewer 2007 (English)[/FONT]
[FONT=verdana]Microsoft Office Proof (English) 2007[/FONT]
[FONT=verdana]Microsoft Office Proof (French) 2007[/FONT]
[FONT=verdana]Microsoft Office Proof (Spanish) 2007[/FONT]
[FONT=verdana]Microsoft Office Proofing (English) 2007[/FONT]
[FONT=verdana]Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)[/FONT]
[FONT=verdana]Microsoft Office Shared MUI (English) 2007[/FONT]
[FONT=verdana]Microsoft Office Shared Setup Metadata MUI (English) 2007[/FONT]
[FONT=verdana]Microsoft Office Word MUI (English) 2007[/FONT]
[FONT=verdana]Microsoft Silverlight[/FONT]
[FONT=verdana]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053[/FONT]
[FONT=verdana]Microsoft Visual C++ 2005 Redistributable[/FONT]
[FONT=verdana]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148[/FONT]
[FONT=verdana]Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161[/FONT]
[FONT=verdana]Microsoft Visual J# 2.0 Redistributable Package[/FONT]
[FONT=verdana]Microsoft Works[/FONT]
[FONT=verdana]Mozilla Firefox 21.0 (x86 en-US)[/FONT]
[FONT=verdana]Mozilla Maintenance Service[/FONT]
[FONT=verdana]MSXML 4.0 SP2 (KB954430)[/FONT]
[FONT=verdana]MSXML 4.0 SP2 (KB973688)[/FONT]
[FONT=verdana]My HP Games[/FONT]
[FONT=verdana]NetWaiting[/FONT]
[FONT=verdana]Norton Internet Security[/FONT]
[FONT=verdana]PeerBlock 1.1 (r518)[/FONT]
[FONT=verdana]PIXMA Extended Survey Program[/FONT]
[FONT=verdana]Realtek 8169 8168 8101E 8102E Ethernet Driver[/FONT]
[FONT=verdana]Realtek USB 2.0 Card Reader[/FONT]
[FONT=verdana]Security Update for 2007 Microsoft Office System (KB2288931)[/FONT]
[FONT=verdana]Security Update for 2007 Microsoft Office System (KB976321)[/FONT]
[FONT=verdana]Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)[/FONT]
[FONT=verdana]Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition[/FONT][FONT=verdana] [/FONT]
[FONT=verdana]Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition[/FONT]
[FONT=verdana]Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition[/FONT]
[FONT=verdana]Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition[/FONT]
[FONT=verdana]Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition[/FONT][FONT=verdana] [/FONT]
[FONT=verdana]Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition[/FONT][FONT=verdana] [/FONT]
[FONT=verdana]Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition[/FONT]
[FONT=verdana]Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition[/FONT]
[FONT=verdana]Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition[/FONT][FONT=verdana] [/FONT]
[FONT=verdana]Security Update for Microsoft Office InfoPath 2007 (KB979441)[/FONT]
[FONT=verdana]Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition[/FONT]
[FONT=verdana]Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition[/FONT]
[FONT=verdana]Security Update for Microsoft Office system 2007 (KB974234)[/FONT]
[FONT=verdana]Security Update for Microsoft Office Visio Viewer 2007 (KB973709)[/FONT]
[FONT=verdana]Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition[/FONT][FONT=verdana] [/FONT]
[FONT=verdana]Spybot - Search & Destroy[/FONT]
[FONT=verdana]swMSM[/FONT]
[FONT=verdana]Synaptics Pointing Device Driver[/FONT]
[FONT=verdana]Update for 2007 Microsoft Office System (KB967642)[/FONT]
[FONT=verdana]Update for Microsoft .NET Framework 3.5 SP1 (KB963707)[/FONT]
[FONT=verdana]Update for Microsoft Office 2007 Help for Common Features (KB957244)[/FONT]
[FONT=verdana]Update for Microsoft Office Excel 2007 Help (KB957242)[/FONT]
[FONT=verdana]Update for Microsoft Office OneNote 2007 Help (KB957245)[/FONT]
[FONT=verdana]Update for Microsoft Office PowerPoint 2007 Help (KB957247)[/FONT]
[FONT=verdana]Update for Microsoft Office Word 2007 Help (KB957252)[/FONT]
[FONT=verdana]Update for Microsoft Script Editor Help (KB957253)[/FONT]
[FONT=verdana]V CAST Music with Rhapsody[/FONT]
[FONT=verdana]VLC media player 1.0.3[/FONT]
[FONT=verdana]VZAccess Manager[/FONT]
[FONT=verdana]Web Assistant 2.0.0.572[/FONT]
[FONT=verdana]Wincore MediaBar[/FONT]
[FONT=verdana]WinRAR archiver[/FONT]
[FONT=verdana]Yahoo! Software Update[/FONT]
[FONT=verdana].[/FONT]
[FONT=verdana]==== End Of File ===========================[/FONT]
 
MBAM Log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.14.08

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19019
Anthony :: MIKE-PC [administrator]

6/14/2013 8:02:11 PM
mbam-log-2013-06-14 (20-02-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267512
Time elapsed: 33 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

===========================================================
Note: <<<< - very important - please do this step:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall
(if used)
If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit located in the mbar\plugins folder and reboot.
Verify that your system is now functioning normally.
 
Status
Not open for further replies.
Back