Solved Trojans/malware detected on computer. Popups in browser.

Status
Not open for further replies.
S

SirCarnifex

Posts: 68   +0
Hello,

I've recently gotten a virus (detected by anti-virus and supposedly removed) on my computer. I ran the programs that I have (Avira, Malwarebytes, SpyBot) and supposedly removed many of the files, but it apparently is not working. Avira keeps detecting the same files, though they pop up in new places each time. Malwarebytes, which WAS working, now gets a runtime error when I try to load it up, so I can't do the first recommended step on this site. I guess the virus disabled it.

This computer has no important information on it, so I'm not worried about personal information loss or anything like that. It does have a good deal of programs and hobbyist work on it that I'd prefer not to lose to a reformat, so eradicating the virus by another method is preferable to me. I can run programs right now but the computer is slow sometimes (like right now) when there is apparently a hidden program(s) running.

I'd appreciate advice on on what to do. Should I uninstall Malwarebytes and reinstall it? Or just run the other programs suggested?

Thanks for any help!

EDIT: And also, I'm getting new browser windows that pop up occasionally (not too often) that (so far) have taken me to YouTube and Pogo. Other than that I've not had anything. I think it's been four popups in about the same amount of days since I've run the computer with the virus.
 
I'll be glad to help but need some information on what running.

Sounds like you are attempting to run these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
-----------------------------
To help with Malwarebytes:
Please download randmbam.exe

It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

Once done, try running a scan again.
---------------------------
Then please go ahead with the other steps. If you have additional problems with the scans, please let me know.
=======================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.
 
Yes, I was going to run through those steps that you linked to, starting with Malwarebytes, but when that didn't work, I thought it best to ask before doing anything else. I'll try what you suggested and get the logs posted when I get a chance. Thanks!
 
If a program doesn't work, please tell me what happened when you tried to run it. In the absence of that information, you can do the following for Mbam:

Please download and run the tool below named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 3 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
  • Rkill.com
  • Rkill.scr
  • Rkill.exe
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following>>>>.

Please download exeHelper by Raktor and save it to your desktop.
  • Double-click on exeHelper.com or exeHelper.scr to run the fix tool.
  • A black window should pop up, press any key to close once the fix is completed.
  • A log file called exehelperlog.txt will be created and should open at the end of the scan)
  • A copy of that log will also be saved in the directory where you ran exeHelper.com
  • Copy and paste the contents of exehelperlog.txt in your next reply.

Note: If the window shows a message that says "Error deleting file", please re-run the tool again before posting a log and then post the two logs together (they both will be in the one file).

Without rebooting, try the Malwarebytes scan again.

You can go ahead with DDS.
 
I ran rkill and exehelper. Here's the exehelper log:

exeHelper by Raktor
Build 20100414
Run at 18:24:42 on 02/27/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--



I'm trying to run Malwarebytes again now.
 
Okay, Malwarebytes still won't run. I get (give or take a word or two):

"Runtime Error 5. Invalid call, procedure or argument."

Shall I run gmer and dds now anyway or is there something else? Thanks!
 
The most common cause for Runtime errors are addons (plugins). Have you recently put new of either on system? If using IE, go to Tools> Manage Add Ons> Choose 'no addons' and see if Mbam runs.

If it doesn't, One more try for Mbam:
Please download randmbam.exe

It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

Once done, try running a scan again

If it still won't run, please go on to the other scans.
 
I don't run IE and I'm not sure how to disable add-ons on Firefox. Meanwhile, I ran the other two programs. Here are the logs:



GMER:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-29 11:30:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-9 WDC_WD5001AALS-00L3B2 rev.01.03B01
Running: 594pdgiw.exe; Driver: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\ufliaaog.sys


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB7E7F1D4]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB7E7F1E8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\ping.exe (*** hidden *** ) 4016

---- EOF - GMER 1.0.15 ----
 
Testing from another computer. I couldn't get the forums to post for the other two logs with my virus computer - it keeps giving me errors.

EDIT: In the above log it keeps mentioning McAfee, but that should be uninstalled. I don't know how to read that log, so maybe it's usual or something, but I just thought I'd mention that. As for the other logs, if I can't get them to post from the one computer, I suppose I can transfer them to another and post from there (once I find the flash drive). I have a flash drive scanner to prevent viruses from transferring over it.
 
To disable Add ons in Firefox:

Open Firefox> Clich on Tools> Manage Addons>
ffaddons.png

Once the Add-ons window opens, it will default to the Extension view and list all installed add-ons.
ffaddons2.png

You should look for extensions that do not need to be enabled all the time. For instance:
ffaddons3.png

In the example above, this add-on is used very little and does not need to be running when browsing the Internet.
To disable, highlight the extension and click the Disable button. The message "This add-on will be disabled when Fiefox is restarted" will be displayed.
Images courtesy of watchingthenet.com

After disabling the add-ons that you do not want loaded when Firefox starts, close the Add-ons window and restart Firefox by closing and launching Firefox.
=====================================
You don't need to worry about what you see in GMER- that's my job!.

I'm not understanding what the problem with the logs is. Do you mean that you can't access the internet to get here to post them? If so, you will need to move the logs to a flash drive, then post here.
I can run programs right now but the computer is slow sometimes (like right now) when there is apparently a hidden program(s) running.
Click to expand...

Is "slow" why you can't get the logs here?If so, you might have to put up with it until we find and remove some of the malware. you may have a rootkit and the AV and Spybot won't fully remove it.

If you are concerned about the flash drive, you can disinfect it first:

Please disinfect all movable drives
  1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  4. Wait until it has finished scanning and then exit the program.
  5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
I have nothing to work with at this point.
 
There's no problem with the logs that I know of. I have those. I just can't seem to post on TechSpot (and thus can't post the logs) with that computer anymore as I get errors about not finding the server. I don't have the trouble with other computers. I'll try it again with the one before I attempt the flash drive (which I have to find - things always go missing as soon as you need them!).
 
Attach log:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/5/2009 10:35:55 PM
System Uptime: 2/29/2012 11:18:54 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3R
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Socket 775 | 3200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 349.748 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 8/1/2010 9:29:52 PM - System Checkpoint
RP2: 8/1/2010 10:02:37 PM - Software Distribution Service 3.0
RP3: 8/3/2010 2:42:33 AM - Software Distribution Service 3.0
RP4: 8/4/2010 11:31:06 PM - Installed McAfee Virtual Technician
RP5: 8/12/2010 3:29:11 AM - Software Distribution Service 3.0
RP6: 9/15/2010 2:27:58 AM - Software Distribution Service 3.0
RP7: 9/29/2010 10:58:50 PM - Software Distribution Service 3.0
RP8: 10/6/2010 2:36:42 AM - Software Distribution Service 3.0
RP9: 10/21/2010 1:34:23 AM - Software Distribution Service 3.0
RP10: 11/10/2010 2:12:29 AM - Software Distribution Service 3.0
RP11: 11/12/2010 6:11:37 PM - Installed ViewSonic Windows XP Signed Files
RP12: 12/15/2010 3:00:17 AM - Software Distribution Service 3.0
RP13: 1/13/2011 2:51:50 AM - Software Distribution Service 3.0
RP14: 1/20/2011 10:54:03 AM - Installed ZBrush 3.5 R3
RP15: 2/10/2011 1:56:27 AM - Software Distribution Service 3.0
RP16: 3/9/2011 12:51:12 AM - Software Distribution Service 3.0
RP17: 3/16/2011 3:59:52 AM - Software Distribution Service 3.0
RP18: 3/25/2011 3:25:50 AM - Software Distribution Service 3.0
RP19: 4/14/2011 3:02:24 AM - Software Distribution Service 3.0
RP20: 4/28/2011 3:00:36 AM - Software Distribution Service 3.0
RP21: 5/12/2011 2:38:20 AM - Software Distribution Service 3.0
RP22: 6/11/2011 12:13:59 AM - Restore Operation
RP23: 6/29/2011 12:06:39 PM - Software Distribution Service 3.0
RP24: 6/30/2011 4:00:17 AM - Software Distribution Service 3.0
RP25: 7/7/2011 5:01:36 PM - Installed DirectX
RP26: 7/12/2011 5:26:42 PM - Installed Java(TM) 6 Update 26
RP27: 7/13/2011 3:20:08 AM - Software Distribution Service 3.0
RP28: 8/10/2011 4:00:14 AM - Software Distribution Service 3.0
RP29: 8/10/2011 11:46:07 AM - Installed DirectX
RP30: 8/11/2011 4:00:14 AM - Software Distribution Service 3.0
RP31: 8/25/2011 4:00:14 AM - Software Distribution Service 3.0
RP32: 9/7/2011 4:00:14 AM - Software Distribution Service 3.0
RP33: 9/15/2011 3:20:33 AM - Software Distribution Service 3.0
RP34: 9/28/2011 4:00:14 AM - Software Distribution Service 3.0
RP35: 10/13/2011 4:00:15 AM - Software Distribution Service 3.0
RP36: 11/11/2011 3:00:16 AM - Software Distribution Service 3.0
RP37: 11/20/2011 2:35:41 PM - Installed Desperados 2
RP38: 11/24/2011 10:32:44 PM - Installed Sid Meier's Alpha Centauri 2000/XP Compatibility Updat
RP39: 12/1/2011 12:52:58 PM - Installed Legends Craft Plugin.
RP40: 12/1/2011 12:54:04 PM - Installed Legends Info Plugin.
RP41: 12/1/2011 1:08:45 PM - Installed MySQL Connector Net 6.4.4
RP42: 12/1/2011 1:12:03 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP43: 12/1/2011 1:12:37 PM - Installed Java(TM) 6 Update 22
RP44: 12/1/2011 1:13:06 PM - Installed OpenOffice.org 3.3
RP45: 12/1/2011 7:22:49 PM - Installed MySQL Server 5.1
RP46: 12/1/2011 9:12:50 PM - Installed MySQL Server 5.5
RP47: 12/1/2011 9:54:04 PM - Installed MySQL Workbench 5.2 CE
RP48: 12/3/2011 2:52:07 AM - Software Distribution Service 3.0
RP49: 12/3/2011 11:41:47 PM - Software Distribution Service 3.0
RP50: 12/14/2011 3:00:15 AM - Software Distribution Service 3.0
RP51: 1/11/2012 2:41:44 AM - Software Distribution Service 3.0
RP52: 1/19/2012 9:32:07 PM - Installed Avernum 5
RP53: 2/1/2012 3:00:14 AM - Software Distribution Service 3.0
RP54: 2/17/2012 2:02:12 AM - Software Distribution Service 3.0
RP55: 2/17/2012 10:31:36 PM - Restore Operation
RP56: 2/18/2012 12:09:47 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
2Wire Wireless Client
7-Zip 4.65
AbiWord 2.8.6
Adobe Flash Player 10 Plugin
Adobe Reader 6.0
Audacity 1.2.6
Avernum 4
Avernum 5
Avira Free Antivirus
Baldur's Gate
Baldur's Gate Tutu
Baldur's Gate(TM) II - Shadows of Amn(TM) Bonus CD
Baldur's Gate(TM) II - Throne of Bhaal (TM)
Beneath a Steel Sky
Brother HL-4040CN
Browser Configuration Utility
Core FTP LE 2.1
Desperados 1.0
Desperados 2
Download Manager 2.3.10
Dragonsphere
Drakensang
Drakensang 2: River of Time
Energy Saver Advance B8.0905.1
Fraps
Gigabyte Raid Configurer
GIMP 2.6.4
gmax
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 26
Just Great Software EditPad Lite 6.4.5
LAME v3.98.3 for Audacity
Legends Craft Plugin
Legends Info Plugin
Lords of the Realm - Royal Edition
LucasArts' Outlaws
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Virtual Technician
MDB Utilities 2.3.0 for 3ds Max
Mech Commander Omnitech version 0.148
Melody Assistant
Messenger Plus! 3
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft MechCommander 2
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.6.25)
MSN Messenger 7.0
MySQL Connector Net 6.4.4
MySQL Server 5.1
MySQL Server 5.5
MySQL Workbench 5.2 CE
Neverwinter Nights 2
NVIDIA Display Control Panel
NVIDIA Graphics Driver 260.99
NVIDIA Install Application
OpenOffice.org 3.3
Paint Shop Pro 4.12
Pidgin
POWERPREP GRE
RarZilla Free Unrar 2.53
REALTEK GbE & FE Ethernet PCI-E NIC Driver
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
ReNamer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sid Meier's Alpha Centauri
Sid Meier's Alpha Centauri 2000/XP Compatibility Update
Sound Blaster Live! Value
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
ViewSonic Windows XP Signed Files
WarZone Client v1.0.49
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
World Machine 2.2 Basic Edition
X-Chat 2.8.6-2
X-Com Terror From the Deep
X-Com UFO Defense
x264vfw - H.264/MPEG-4 AVC codec (remove only)
xNormal 3.17.0 Beta 3b
Xvid 1.2.2 final uninstall
Yahoo! Install Manager
ZBrush 3.5 R3
.
==== Event Viewer Messages From Past Week ========
.
2/27/2012 6:29:22 PM, error: Service Control Manager [7023] - The SiS300i service terminated with the following error: Access is denied.
2/27/2012 6:26:22 PM, error: Service Control Manager [7023] - The MaRdPnp service terminated with the following error: Access is denied.
2/27/2012 6:14:22 PM, error: Service Control Manager [7023] - The Btwhid service terminated with the following error: Access is denied.
2/27/2012 6:12:52 PM, error: Service Control Manager [7023] - The Wlsetupsvc service terminated with the following error: The system cannot find the file specified.
2/27/2012 6:12:52 PM, error: Service Control Manager [7023] - The Uclauncherservice service terminated with the following error: The specified module could not be found.
2/27/2012 6:12:52 PM, error: Service Control Manager [7023] - The SE2Bmdm service terminated with the following error: The specified module could not be found.
2/27/2012 6:12:52 PM, error: Service Control Manager [7023] - The S117mdm service terminated with the following error: The specified module could not be found.
2/27/2012 6:12:52 PM, error: Service Control Manager [7023] - The QPSched service terminated with the following error: The specified module could not be found.
2/27/2012 6:12:52 PM, error: Service Control Manager [7023] - The Qkbfiltr service terminated with the following error: The specified module could not be found.
2/27/2012 6:12:52 PM, error: Service Control Manager [7023] - The Mldserv service terminated with the following error: The specified module could not be found.
2/27/2012 6:12:52 PM, error: Service Control Manager [7023] - The L1e service terminated with the following error: The specified module could not be found.
2/27/2012 6:12:52 PM, error: Service Control Manager [7023] - The Ihcservice service terminated with the following error: The specified module could not be found.
2/27/2012 6:12:52 PM, error: Service Control Manager [7023] - The Compbatt service terminated with the following error: The specified module could not be found.
2/27/2012 6:12:52 PM, error: Service Control Manager [7023] - The Catchme service terminated with the following error: The specified module could not be found.
2/27/2012 6:12:52 PM, error: Service Control Manager [7023] - The Cachemgr service terminated with the following error: The specified module could not be found.
2/24/2012 9:54:13 PM, error: Service Control Manager [7023] - The QPSched service terminated with the following error: Access is denied.
2/24/2012 9:39:13 PM, error: Service Control Manager [7023] - The Ihcservice service terminated with the following error: Access is denied.
2/24/2012 9:24:13 PM, error: Service Control Manager [7023] - The Catchme service terminated with the following error: Access is denied.
2/24/2012 9:09:13 PM, error: Service Control Manager [7023] - The Cachemgr service terminated with the following error: Access is denied.
2/24/2012 8:54:13 PM, error: Service Control Manager [7023] - The Qkbfiltr service terminated with the following error: Access is denied.
2/24/2012 8:39:14 PM, error: Service Control Manager [7023] - The L1e service terminated with the following error: Access is denied.
2/24/2012 8:24:13 PM, error: Service Control Manager [7023] - The Mldserv service terminated with the following error: Access is denied.
2/24/2012 8:09:13 PM, error: Service Control Manager [7023] - The Wlsetupsvc service terminated with the following error: Access is denied.
2/24/2012 7:56:12 PM, error: Service Control Manager [7023] - The Compbatt service terminated with the following error: Access is denied.
2/24/2012 7:55:16 PM, error: Service Control Manager [7023] - The S117mdm service terminated with the following error: Access is denied.
2/24/2012 7:52:36 PM, error: Service Control Manager [7023] - The HssSrv service terminated with the following error: The system cannot find the file specified.
2/24/2012 7:52:36 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
2/24/2012 7:52:36 PM, error: Service Control Manager [7001] - The Wired AutoConfig service depends on the Extensible Authentication Protocol Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/24/2012 10:24:13 PM, error: Service Control Manager [7023] - The Uclauncherservice service terminated with the following error: Access is denied.
2/24/2012 10:23:35 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
2/24/2012 10:09:13 PM, error: Service Control Manager [7023] - The SE2Bmdm service terminated with the following error: Access is denied.
.
==== End Of File ===========================
 
I've no idea why, but I can post the attach log file (above) but I can't copy and paste the DDS because I keep getting the server is busy error. At least I'm one more step there!
 
DDS File (finally!):


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Christopher Aune at 11:31:08 on 2012-02-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2874 [GMT -6:00]
.
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\svcs.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [igndlm.exe] c:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AudioHQ] c:\program files\creative\sblive2k\audiohq\AHQTB.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [MessengerPlus3] "c:\program files\messengerplus! 3\MsgPlus.exe"
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\christ~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231220003046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{CE42E78C-ED3A-4B97-930C-1C1B4077823B} : DhcpNameServer = 192.168.1.254
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\christopher aune\application data\mozilla\firefox\profiles\qy824k2u.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-5 387480]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-17 36000]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-18 84200]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-17 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-17 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-17 74640]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-18 141792]
R2 NetworkLog;NetworkLog;c:\windows\svcs.exe [2012-2-24 577536]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2011-3-18 88736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-18 188136]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-18 56064]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2011-3-18 88736]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-5 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-5 40552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2009-1-7 80392]
.
=============== File Associations ===============
.
txtfile="c:\program files\jgsoft\editpadlite\EditPadLite.exe" "%1"
.
=============== Created Last 30 ================
.
2012-02-25 02:09:34 577536 ----a-w- c:\windows\svcs.exe
2012-02-25 02:04:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-25 02:04:41 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-02-18 06:22:31 6766 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-18 05:56:22 -------- d-----w- c:\documents and settings\christopher aune\application data\Avira
2012-02-18 05:55:41 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-18 05:55:41 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-18 05:55:40 -------- d-----w- c:\program files\Avira
2012-02-18 05:55:40 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-02-18 04:36:48 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-18 04:35:16 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-02-18 04:35:16 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-16 18:14:28 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 18:14:28 3072 ------w- c:\windows\system32\iacenc.dll
.
==================== Find3M ====================
.
2012-02-18 04:07:45 0 ----a-w- c:\windows\system32\palmusbd.dll
2012-02-17 21:41:55 0 ----a-w- c:\windows\system32\pdframe.dll
2012-01-25 08:43:52 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-31 00:31:47 286720 ----a-w- c:\windows\iun504.exe
2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 11:31:43.54 ===============
 
Okay- someone hung up so you could get through! Good. Thank you!

Please remove these from the Trusted Sites:
Trusted Zone: internet
Trusted Zone: mcafee.com
The security is lower in that zone- nothing needs to be there! You are giving the entire internet the okay to be in the trusted zone, so this pretty much defeats the reason for having the security!
Click on Control Panel or Tools in IE> Security tab> Trusted Sites> Highlight and remove these sites> Apply> Okay.
=========================
EDIT: In the above log it keeps mentioning McAfee, but that should be uninstalled.
Click to expand...
Maybe 'should be' but isn't! Processes for both programs are loading.
McAfee Antivirus
1. [2011-3-18 84200]> Anti-Virus Mini-Firewall Driver from McAfee, Inc.
2.McAfee Virtual Technition shows in installed programs. According to McAfee:
MVT is an automated tool that assists you in analyzing your PC and resolving the
most commonly known problems related to installing and running your McAfee products."
Click to expand...
If you are no longer running McAfee> using the uninstaller: Uninstall:
McAfee Removal
You will also need to uninstall the MVT in Add/Remove Programs, then use Windows Explorer to access Computer> Local Drive (C)> Programs> right click on Program folder> Delete.

Please reboot the program when finished. You may need to boot into Safe Mode.
================================
Since there is a problem with Malwarebytes, I'd like you to run the following> be sure to check the line for removal of entries it finds. If you have a lot of Tracking Cookies, I'll help you reset Cookies to prevent them:
SuperAntiSpyware Home Edition Free Version
  • Please download SuperAntiSpyware from HERE
  • Launch SuperAntiSpyware and click on 'Check for updates'.
  • Wait for the updates to be installed
  • On the main screen click on 'Scan your computer'.
  • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
  • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
  • Make sure everything found has a checkmark next to it,then press 'Next'.
  • Click on 'Finish' when you've done.
It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click on 'Preferences'.
  • Click on the 'Statistics/Logs' tab.
  • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
====================================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Before you run the Combofix scan, please disable any security software you have running.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe
    cf-icon.jpg
    & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    • The Recovery Console was successfully installed.[/b]
    • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
    • Note: No query will be made if the Recovery Console is already on the system.
  • .Close/disable all anti virus and anti malware programs
    (If you need help with this, please see HERE)
  • .Close any open browsers.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
===================================
Please leave logs for SAS and Combofix in your next reply.
 
I was able to remove Virtual Technician, but not McAfee (which is not in the add/remove) list. I used add/remove on it awhile ago and it appeared to remove it, but the computer froze, too. Attempting the McAfee Removal Program gives me the following error:

Incomplete Uninstallation

Error obtaining full permissions for cleanup. See log file for more details.
Click to expand...

The log file for the McAfee Removal Program won't show either. I attempted to follow McAfees instructions on deactivating in case of an improper uninstall process, but since I don't have an account with them I can't get in to deactivate (McAfee package came with internet installation).
 
As always, thanks for all the help.

I ran SuperAntiSpyware. The version I got doesn't quite work the way you described, but it was simple enough to find the appropriate steps mentioned. There were two logs, one a quick scan (I accidentally started one, then stopped it) which I'm not bothering to post. The log of the full scan is here. Quite a few problems (including sites I don't visit!)! Supposedly the program removed them. My internet is lightning fast compared to what it was before the scan and removal. I still have to run ComboFix.

Without further ado, here's the log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/06/2012 at 02:46 PM

Application Version : 5.0.1142

Core Rules Database Version : 8307
Trace Rules Database Version: 6119

Scan type : Complete Scan
Total Scan Time : 01:58:48

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 501
Memory threats detected : 0
Registry items scanned : 21425
Registry threats detected : 0
File items scanned : 89742
File threats detected : 173

Adware.Tracking Cookie
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@247realmedia[1].txt [ /247realmedia ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@2o7[2].txt [ /2o7 ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@ad-presence[2].txt [ /ad-presence ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@ads.bridgetrack[1].txt [ /ads.bridgetrack ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@ads.myadplatform[1].txt [ /ads.myadplatform ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@ads.phpbb[1].txt [ /ads.phpbb ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@ads.smartadx[1].txt [ /ads.smartadx ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@ads.undertone[2].txt [ /ads.undertone ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@adserver.adtechus[1].txt [ /adserver.adtechus ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@adserving.claxon[2].txt [ /adserving.claxon ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@advertising[2].txt [ /advertising ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@bannertgt[2].txt [ /bannertgt ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@clicksor[1].txt [ /clicksor ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@collective-media[1].txt [ /collective-media ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@crackle[2].txt [ /crackle ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@eas.apm.emediate[1].txt [ /eas.apm.emediate ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@edgeadx[1].txt [ /edgeadx ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@insightexpressai[1].txt [ /insightexpressai ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@lucidmedia[1].txt [ /lucidmedia ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@microsoftwga.112.2o7[1].txt [ /microsoftwga.112.2o7 ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@microsoftwlmessengermkt.112.2o7[1].txt [ /microsoftwlmessengermkt.112.2o7 ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@myroitracking[1].txt [ /myroitracking ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@nextag[1].txt [ /nextag ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@oasn04.247realmedia[2].txt [ /oasn04.247realmedia ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@qnsr[1].txt [ /qnsr ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@questionmarket[1].txt [ /questionmarket ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@realmedia[2].txt [ /realmedia ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@revenue[2].txt [ /revenue ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@rotator.adjuggler[1].txt [ /rotator.adjuggler ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@trafficmp[2].txt [ /trafficmp ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@yieldmanager[1].txt [ /yieldmanager ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher_aune@adbrite[1].txt [ /adbrite ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher_aune@adecn[2].txt [ /adecn ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher_aune@ads.pointroll[1].txt [ /ads.pointroll ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher_aune@bs.serving-sys[1].txt [ /bs.serving-sys ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher_aune@interclick[1].txt [ /interclick ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher_aune@media.adsvelocity[1].txt [ /media.adsvelocity ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher_aune@mediabrandsww[1].txt [ /mediabrandsww ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher_aune@microsoftwindows.112.2o7[1].txt [ /microsoftwindows.112.2o7 ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher_aune@pointroll[2].txt [ /pointroll ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher_aune@serving-sys[1].txt [ /serving-sys ]
C:\Documents and Settings\Christopher Aune\Cookies\JY802R84.txt [ /invitemedia.com ]
C:\Documents and Settings\Christopher Aune\Cookies\L9G27GLC.txt [ /h.atdmt.com ]
C:\Documents and Settings\Christopher Aune\Cookies\MQ95CV0P.txt [ /atdmt.com ]
C:\Documents and Settings\Christopher Aune\Cookies\WF848LT5.txt [ /media6degrees.com ]
C:\Documents and Settings\Christopher Aune\Cookies\CBPBERPJ.txt [ /ru4.com ]
C:\Documents and Settings\Christopher Aune\Cookies\christopher aune@ak[2].txt [ /content.yieldmanager.com ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ALQ3DHVT.txt [ Cookie:system@ru4.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\V4PAY77C.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2Q5CVS8F.txt [ Cookie:system@www.burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PZMV8A3P.txt [ Cookie:system@fastclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VO10MJN4.txt [ Cookie:system@dc.tremormedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3F9MRQ4R.txt [ Cookie:system@pluckit.demandmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\L6WRBAOV.txt [ Cookie:system@cherrysearch.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DV2L87F9.txt [ Cookie:system@friendfinder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZM0KGGSM.txt [ Cookie:system@dmtracker.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\X5QVNJT5.txt [ Cookie:system@tacoda.at.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\101PKC6B.txt [ Cookie:system@stat.onestat.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9Y5MLAGZ.txt [ Cookie:system@ox-d.enveromedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MJNAD5ZB.txt [ Cookie:system@pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\V1VT139Y.txt [ Cookie:system@myroitracking.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ES4NCP9R.txt [ Cookie:system@media6degrees.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZNI0YNVP.txt [ Cookie:system@urlwww--statcounter--com.reachlocal.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\BF6481E3.txt [ Cookie:system@ar.atwola.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\K049EY8U.txt [ Cookie:system@revsci.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RFF0CMIA.txt [ Cookie:system@a1.interclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Z2W08WWK.txt [ Cookie:system@akamai.interclickproxy.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6ZO073A0.txt [ Cookie:system@goclicker.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Y44FJK3R.txt [ Cookie:system@marchex.bafind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KTP4LGEQ.txt [ Cookie:system@mediadakine.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\H580BGWH.txt [ Cookie:system@atdmt.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ME3KSGP4.txt [ Cookie:system@adsonar.com/adserving ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\HR56A1HO.txt [ Cookie:system@doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VBH9GQZQ.txt [ Cookie:system@eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\016UALFR.txt [ Cookie:system@eyewonder.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DHPJEIZY.txt [ Cookie:system@lucidmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XQKO0ALZ.txt [ Cookie:system@clicks.thespecialsearch.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LCGN9MIN.txt [ Cookie:system@keepufind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OEA4HNHL.txt [ Cookie:system@adinterax.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ANTHRG33.txt [ Cookie:system@goodcholesterolcount.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2QAMKOOF.txt [ Cookie:system@getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\O2EH4HX0.txt [ Cookie:system@delivery.adserver.manutd.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\9A0BYKBV.txt [ Cookie:system@trafficmp.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZX7NZ43A.txt [ Cookie:system@collective-media.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\55GU0VLJ.txt [ Cookie:system@c.gigcount.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\95KJ9GHA.txt [ Cookie:system@ads.pointroll.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2T9PI632.txt [ Cookie:system@xml.prostreammedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\60FS0971.txt [ Cookie:system@search.eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2HUGQWL1.txt [ Cookie:system@amazon-adsystem.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\8S9PP8CB.txt [ Cookie:system@realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\T2CLD09M.txt [ Cookie:system@cleangreenfind.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\71SQFYBZ.txt [ Cookie:system@www.burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YBHBT37V.txt [ Cookie:system@burstnet.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WAFOTHCH.txt [ Cookie:system@adbrite.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FRD4G9V4.txt [ Cookie:system@yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\C87B90EJ.txt [ Cookie:system@adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\SIJRPD3H.txt [ Cookie:system@yieldmanager.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3JK7846L.txt [ Cookie:system@adxpose.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XT3S3OK7.txt [ Cookie:system@apmebf.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WVSEPUGG.txt [ Cookie:system@ox-d.fondnessmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0MSCQJVU.txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DDC124VL.txt [ Cookie:system@pro-market.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QVVRQ3BV.txt [ Cookie:system@casalemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\T2KM9RCR.txt [ Cookie:system@bizzclick.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZEJ2K03R.txt [ Cookie:system@adserver.adtechus.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\O4E1CKPH.txt [ Cookie:system@questionmarket.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LQRGEX8X.txt [ Cookie:system@chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7EIHO48L.txt [ Cookie:system@tribalfusion.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NBCKPO5Z.txt [ Cookie:system@statcounter.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\PRFCRBBN.txt [ Cookie:system@247realmedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\D2K9SWK0.txt [ Cookie:system@mediaservices-d.openxenterprise.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QG1LBPAU.txt [ Cookie:system@adtech.de/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XT4BE634.txt [ Cookie:system@cdn.jemamedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\X9CKZR4Q.txt [ Cookie:system@clicksor.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1H4OUXUF.txt [ Cookie:system@mm.chitika.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\J4OQ3VQ2.txt [ Cookie:system@citi.bridgetrack.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\984O9FLI.txt [ Cookie:system@findology.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AJ0ZKTTJ.txt [ Cookie:system@d.mediadakine.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Q6BKA6F8.txt [ Cookie:system@intfind.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KF7B2D0L.txt [ Cookie:system@rotator.adjuggler.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5SEV51LG.txt [ Cookie:system@klpfind.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AUIPWVJN.txt [ Cookie:system@trafficno.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\6UO2RTW2.txt [ Cookie:system@bestsitesearch.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\4UFCHH30.txt [ Cookie:system@burstbeacon.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\13IGOGYR.txt [ Cookie:system@littlegreenfind.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\48Y9V9OU.txt [ Cookie:system@ads.bridgetrack.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OM23E5DP.txt [ Cookie:system@oceanbluesearch.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ADZODQA1.txt [ Cookie:system@static.getclicky.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RZP16H5E.txt [ Cookie:system@ggpublishing.rotator.hadj7.adjuggler.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\N3NJ2TI9.txt [ Cookie:system@indigofind.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DGVE671F.txt [ Cookie:system@micklemedia.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\BJONSUMG.txt [ Cookie:system@adserver2.eclickz.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FFR9OY0V.txt [ Cookie:system@crackle.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\KTND1CJC.txt [ Cookie:system@filter.plusfind.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\P3PA1OGH.txt [ Cookie:system@www.findallofittoday.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VSE731SJ.txt [ Cookie:system@tag.2bluemedia.hiro.tv/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1FG7A5HD.txt [ Cookie:system@xml.trafficengine.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FIWN4S6W.txt [ Cookie:system@content.yieldmanager.com/ak/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\UUOTEPWZ.txt [ Cookie:system@fls.doubleclick.net/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\VWP1I8J7.txt [ Cookie:system@content.yieldmanager.com/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\R7M88W3X.txt [ Cookie:system@city-seek.com/click/ ]
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\QONWXMF9.txt [ Cookie:system@citygridmedia.com/ ]
cdn.insights.gravity.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
cdn1.static.pornhub.phncdn.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
media.ign.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
media.nbclosangeles.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
media1.break.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
media10.washingtonpost.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
richmedia247.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
staticedge.hardsextube.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
vidii.hardsextube.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
www.soundclick.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]
xxxbunker.com [ C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\E28VUTLW ]

Trojan.Agent/Gen-Haote
C:\PROGRAM FILES\2K GAMES\X-COM TERROR FROM THE DEEP\UNINSTALL.EXE
C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\START MENU\PROGRAMS\2K GAMES\X-COM TERROR FROM THE DEEP\UNINSTALL X-COM TERROR FROM THE DEEP.LNK
C:\PROGRAM FILES\2K GAMES\X-COM UFO DEFENSE\UNINSTALL.EXE
C:\DOCUMENTS AND SETTINGS\CHRISTOPHER AUNE\START MENU\PROGRAMS\2K GAMES\X-COM UFO DEFENSE\UNINSTALL X-COM UFO DEFENSE.LNK

Trojan.Agent/Gen-Sirefef
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D4535A7-6169-4EA1-A338-398DA62C6A68}\RP54\A0040296.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D4535A7-6169-4EA1-A338-398DA62C6A68}\RP54\A0040316.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D4535A7-6169-4EA1-A338-398DA62C6A68}\RP55\A0041000.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D4535A7-6169-4EA1-A338-398DA62C6A68}\RP55\A0042000.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D4535A7-6169-4EA1-A338-398DA62C6A68}\RP56\A0043000.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D4535A7-6169-4EA1-A338-398DA62C6A68}\RP56\A0043076.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D4535A7-6169-4EA1-A338-398DA62C6A68}\RP56\A0043106.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D4535A7-6169-4EA1-A338-398DA62C6A68}\RP56\A0043139.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D4535A7-6169-4EA1-A338-398DA62C6A68}\RP56\A0043183.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{1D4535A7-6169-4EA1-A338-398DA62C6A68}\RP56\A0043192.SYS
 
Oh, and one quick thing. SuperAntiSpyware keeps giving me a popup above the tray toolbar that there are new updates available despite my updating it. Maybe one came out right after I did so or something, or should I just ignore that now that I already did the scan?

Also, just as additional information on the computer, while the internet started running faster, the popups still showed, including one that wouldn't permit me to close Firefox normally.

Running combofix now.
 
ComboFix log:

ComboFix 12-03-06.01 - Christopher Aune 03/06/2012 15:14:00.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2874 [GMT -6:00]
Running from: c:\documents and settings\Christopher Aune\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Christopher Aune\WINDOWS
c:\windows\$NtUninstallKB10740$\2391593169
c:\windows\$NtUninstallKB10740$\3007683249\@
c:\windows\$NtUninstallKB10740$\3007683249\cfg.ini
c:\windows\$NtUninstallKB10740$\3007683249\Desktop.ini
c:\windows\$NtUninstallKB10740$\3007683249\L\enlimnon
c:\windows\$NtUninstallKB10740$\3007683249\oemid
c:\windows\$NtUninstallKB10740$\3007683249\U\00000001.@
c:\windows\$NtUninstallKB10740$\3007683249\U\00000002.@
c:\windows\$NtUninstallKB10740$\3007683249\U\00000004.@
c:\windows\$NtUninstallKB10740$\3007683249\U\80000000.@
c:\windows\$NtUninstallKB10740$\3007683249\U\80000004.@
c:\windows\$NtUninstallKB10740$\3007683249\U\80000032.@
c:\windows\$NtUninstallKB10740$\3007683249\version
c:\windows\EventSystem.log
c:\windows\svcs.exe
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\palmusbd.dll
c:\windows\system32\pdframe.dll
c:\windows\system32\SET17.tmp
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
c:\windows\system32\drivers\i8042prt.sys was missing
Restored copy from - c:\windows\ServicePackFiles\i386\i8042prt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FRAMEWORK
-------\Legacy_NETWORKLOG
-------\Service_framework
-------\Service_NetworkLog
.
.
((((((((((((((((((((((((( Files Created from 2012-02-06 to 2012-03-06 )))))))))))))))))))))))))))))))
.
.
2012-03-06 21:21 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2012-03-06 21:10 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-03-06 18:44 . 2012-03-06 18:44 -------- d-----w- c:\documents and settings\Christopher Aune\Application Data\SUPERAntiSpyware.com
2012-03-06 18:43 . 2012-03-06 18:44 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-06 18:43 . 2012-03-06 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-02-25 02:04 . 2012-02-25 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-25 02:04 . 2012-02-25 02:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-18 06:22 . 2012-02-18 06:22 6766 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-02-18 05:56 . 2012-02-18 05:56 -------- d-----w- c:\documents and settings\Christopher Aune\Application Data\Avira
2012-02-18 05:55 . 2012-02-25 01:58 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-18 05:55 . 2011-09-16 05:55 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-02-18 05:55 . 2011-09-16 05:55 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-02-18 05:55 . 2012-02-18 05:55 -------- d-----w- c:\program files\Avira
2012-02-18 05:55 . 2012-02-18 05:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2012-02-18 04:36 . 2012-03-06 21:13 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-18 04:35 . 2012-02-18 04:35 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-17 21:18 . 2012-02-17 21:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-02-16 18:14 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 18:14 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-25 08:43 . 2012-01-25 08:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2006-02-28 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-31 00:31 . 2011-12-31 00:34 286720 ----a-w- c:\windows\iun504.exe
2011-12-17 19:46 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioHQ"="c:\program files\Creative\SBLive2k\AudioHQ\AHQTB.EXE" [2000-05-11 205312]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2009-11-30 190024]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-11-19 1966080]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Christopher Aune\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\hasplms.exe"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\X-Chat 2\\xchat.exe"=
"c:\\Program Files\\WarZone\\LobbyClient.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\LucasArts\\Outlaws\\olwin.exe"=
"c:\\Program Files\\GOGcom\\Sid Meiers Alpha Centauri\\terran.exe"=
"c:\\Program Files\\MySQL\\MySQL Server 5.1\\bin\\mysqld.exe"=
"c:\\Program Files\\MySQL\\MySQL Server 5.5\\bin\\mysqld.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2/17/2012 11:55 PM 36000]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 10:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 3:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 5:38 PM 116608]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2/17/2012 11:55 PM 86224]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [1/7/2009 12:03 PM 80392]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
apache
vstor2-ws60
ati2mtaa
regspy
artdhcp
aswrdr
AtlsAud
wdm_au8820
CamAv
tosrfusb
SunkFilt39
wg5n
videoacceleratorengine
DCamUSBDXGTech
svcwmu
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.25.1
FF - ProfilePath - c:\documents and settings\Christopher Aune\Application Data\Mozilla\Firefox\Profiles\qy824k2u.default\
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
.
------- File Associations -------
.
txtfile="c:\program files\JGsoft\EditPadLite\EditPadLite.exe" "%1"
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Drakensang 2: River of Time - c:\program files\THQ\Drakensang 2 River of Time\${UNINSTALL_LOG}.exe
AddRemove-X-Com Terror From the Deep - c:\program files\2K Games\X-Com Terror From the Deep\Uninstall.exe
AddRemove-X-Com UFO Defense - c:\program files\2K Games\X-Com UFO Defense\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-06 15:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB10740$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.5\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.5\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(548)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2300)
c:\windows\system32\WININET.dll
c:\program files\MessengerPlus! 3\MsgPlusLoader.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\devldr32.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\avira\antivir desktop\ipmGui.exe
.
**************************************************************************
.
Completion time: 2012-03-06 15:31:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-06 21:31
.
Pre-Run: 378,672,861,184 bytes free
Post-Run: 378,968,547,328 bytes free
.
- - End Of File - - 7E8258FE5A01DFA866B6ACF750016BF0
 
Quick note: Avira (which reactivated itself upon reboot) still detects stuff. I've been ignoring messages from Avire because there's been no success in trying to remove anything with it as yet, so I figure if it's not helping the problem, it's best to leave it alone until I go through any processes you instruct me to do. Hope I did it right!

Okay, I did all the steps that I could do. Waiting on a reply now. Thanks once again.
 
Just a quick side note...

On the computer I installed Flash Disinfector, about five days later (today) AVG said it detected something bad (Flash Disinfector) and that I should remove it. I let it since I was done with it anyway. I thought perhaps that some anti-virus might think of it as a problem program. AVG also detected something called "password finder". That was removed no problem. I ran Malwarebytes full scan to be sure and it picked up on file (which I had it remove), shown in this log:

(I posted it here just because I didn't want to start a new thread if I didn't have to.)




Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.07.02

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
V. Aune :: NORDSKA [administrator]

3/7/2012 7:46:19 AM
mbam-log-2012-03-07 (07-46-19).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 316728
Time elapsed: 1 hour(s), 35 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:53636 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Please revisit the directions I left for the Flash Disinfector and note:
Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
Click to expand...
=======================================
Reset your browser proxies
  • For Firefox:
    o Open Firefox, click on "Tools" then "Options" and then on "Advanced".
    o Click on the "Network" tab, and then on the "Settings" button.
    o Please make sure that the "No Proxy" option is selected.
  • For Internet Explorer:
    o Open Internet Explorer.
    o Click on "Tools" and then select "Internet Options".
    o Click on the "Connections" tab and click the "Lan Settings" button at the bottom.
    o Uncheck "Use a Proxy server for your LAN".
    o Click Ok to close the Local Area Network (LAN) Settings window.
    o Click Ok to close the Internet Options window.
======================================
Quite a few problems (including sites I don't visit!
Click to expand...
If 3rd party Cookies aren't blocked, you will get the Cookies from ads and banners on other sites:
Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
=======================================
You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that
    a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
===========================================
You'll be happy to know that Trojan.Agent/Gen-Sirefef (AKA Zero Access Rootkit) is only indicated in System Volume. It is not active in the system. This is where the restore points are kept and I will have you set clean restore point and drop old ones when we finish.
==========================================
I'm going to take a break for dinner. I'll try to get back to review Combofix later. If I don't, I'll do it in the morning.
 
There is an AdBlockPlus and EasyList adds more domains to block.

Is this thread only for 1 computer?
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
530
Mark Fuller
M
Jess_123
My num pad + doesn't work ...
Replies
0
Views
263
Jess_123
Jess_123
midian182
Microsoft accused of malware-like tactics, again, in attempt to push users onto Bing
Replies
24
Views
772
Hotlynx16
H

Latest posts

Back