virus problems

[paultrueblue]

Hi, Sorry to be such a "numpty" i'm new to forums and computer problems. Well here goes i'am on a dell inspiron desktop pc, running vista ultimate.

Around a week ago i downloaded a video clip it was a winrar file when i unpacked it my computer went crazy opening windows and not letting me close them.I did a virus scan with my antivirus (comodo) it found viruses and trojans.I used malwarebytes this found some and deleted them but i still have problems.I have run Hijackthis and would like some help to clean up my computer if possible please.

Here is the hijackthis report :

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:14:52, on 14/12/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\IncrediMail\Bin\IncMail.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Virgin Media - Broadband, digital TV, phone & mobile phone plus broadband

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"

O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [EPSON PX700W Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE /FU "C:\Windows\TEMP\E_SB940.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (file missing)

--

End of file - 9719 bytes

[chiaz]

Hello,

 

A few things before we start....

1. Please Read All Instructions Carefully.

2. If you don't understand something, stop and ask! Don't keep going on.

3. Please do not run any other tools or scans whilst I am helping you.

4. If you have to go away for an extended period of time, let me know.

5. Please continue to respond until I give you the "All Clear".

(Just because you can't see a problem doesn't mean it isn't there)

 

Please download Malwarebytes' Anti-Malware by clicking the link below:

Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

 

Double Click mbam-setup.exe to install the application.

 

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

* If an update is found, it will download and install the latest version.

* Once the program has loaded, select "Perform Full Scan", then click Scan.

* The scan may take some time to finish,so please be patient.

* When the scan is complete, click OK, then Show Results to view the results.

* Make sure that everything is checked, and click Remove Selected.

* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

* Post this log in your reply, along with a fresh HijackThis log.

 

Please Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

[paultrueblue]

here is the malwarebytes log

Malwarebytes' Anti-Malware 1.42

Database version: 3363

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18865

15/12/2009 13:37:43

mbam-log-2009-12-15 (13-37-43).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 283895

Time elapsed: 54 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\svvchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\vefuq.exe (Rootkit.MBR) -> Quarantined and deleted successfully.

C:\Windows\System32\qtplugin.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

 

 

 

and here is the hijackthis log

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:45:02, on 15/12/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe

C:\Program Files\Creative\MediaSource5\MtdAcqu.exe

C:\Windows\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Virgin Media - Broadband, digital TV, phone & mobile phone plus broadband

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Start Page

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"

O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [EPSON PX700W Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE /FU "C:\Windows\TEMP\E_SB940.tmp" /EF "HKCU"

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Unknown owner - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (file missing)

--

End of file - 9289 bytes

[chiaz]

OK....let's have you go HERE to run Panda ActiveScan 2.0

• Click the big green Scan now button
  
• If it wants to install an ActiveX component allow it
  
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  
• Once the scan is completed, please hit the notepad icon next to the text Export to:
  
• Save it to a convenient location such as your Desktop
  
• Post the contents of the ActiveScan.txt in your next reply, as well as let me know how your PC is running now.

[paultrueblue]

The ActiveScan.txt report is here:

;***********************************************************************************************************************************************************************************

ANALYSIS: 2009-12-17 00:32:52

PROTECTIONS: 1

MALWARE: 13

SUSPECTS: 2

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

COMODO Antivirus Yes Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00003428 adware/memorywatcher Adware No 0 Yes No hkey_classes_root\vbrad.trayicon

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\dad1\appdata\roaming\microsoft\windows\cookies\dad1@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\dads\appdata\roaming\microsoft\windows\cookies\low\dads@doubleclick[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\cookies\system@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\dad1\appdata\roaming\microsoft\windows\cookies\dad1@atdmt[2].txt

00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No c:\users\dads\appdata\roaming\microsoft\windows\cookies\low\dads@tradedoubler[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No c:\users\dad1\appdata\roaming\microsoft\windows\cookies\dad1@tribalfusion[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\dad1\appdata\roaming\microsoft\windows\cookies\dad1@mediaplex[2].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No c:\users\dad1\appdata\roaming\microsoft\windows\cookies\dad1@xiti[1].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\dad1\appdata\roaming\microsoft\windows\cookies\dad1@ad.yieldmanager[2].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\dad1\appdata\roaming\microsoft\windows\cookies\dad1@apmebf[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\dad1\appdata\roaming\microsoft\windows\cookies\dad1@advertising[1].txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No c:\users\dad1\appdata\roaming\microsoft\windows\cookies\dad1@smartadserver[2].txt

03009106 W32/Xor-encoded.A Virus No 0 Yes No c:\programdata\microsoft\windows\wer\reportqueue\report16e38634\vefuq.exe.xor

03009106 W32/Xor-encoded.A Virus No 0 Yes No c:\programdata\microsoft\windows\wer\reportqueue\report16ff848f\svvchost.exe.xor

05785015 Generic Malware Virus/Trojan No 0 Yes No c:\windows\temp\defi.tmp\svchost.exe

;===================================================================================================================================================================================

SUSPECTS

Sent Location

;===================================================================================================================================================================================

No c:\users\dads\desktop\documents\tech downloads\swiftdisc.premium.2.27.exe

No c:\windows\temp\nloy.tmp\svchost.exe

;===================================================================================================================================================================================

VULNERABILITIES

Id Severity Description

;===================================================================================================================================================================================

;===================================================================================================================================================================================

 

 

My computer is slow, Windows blocks programs at start up and the internet is slow.

[chiaz]

Let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

 

Go here ======> A guide and tutorial on using ComboFix <====== Go here

 

Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

 

Also note that for now, the download link of ComboFix can be found at:

http://download.bleepingcomputer.com/sUBs/Beta/KittyFix.exe

 

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

 

Once installed, you should get a prompt that says:

 

The Recovery Console was successfully installed.

 

Please continue as follows:

 

(1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

(2) Click Yes to allow ComboFix to continue scanning for malware.

 

When the tool is finished, it will produce a report for you.

 

 

Please include C:\ComboFix.txt for further review, so that we may continue cleansing the system.

 

 

Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.

[paultrueblue]

problems now m8 im using my laptop now my desktop has gone kaput. I can only open the computer button on my desktop no other buttons work. this is the combofix report

ComboFix 09-12-17.01 - DADS 18/12/2009 3:33.2.2 - x86

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.44.1033.18.3325.2290 [GMT 0:00]

Running from: c:\users\DADS\Desktop\combofix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-1188092344-3365634342-1950963333-500

c:\$recycle.bin\S-1-5-21-750442411-3630068979-3000262733-500

C:\gbfxe.exe

c:\users\DADS\AppData\Roaming\inst.exe

c:\windows\Cursors\aero_link.cur

c:\windows\system32\oem4.inf

c:\windows\system32\hpbmiapi.dll . . . . failed to delete

c:\windows\system32\hpboid.dll . . . . failed to delete

c:\windows\system32\hpboidps.dll . . . . failed to delete

c:\windows\system32\hpbpro.dll . . . . failed to delete

c:\windows\system32\hpbprops.dll . . . . failed to delete

c:\windows\system32\hplbdchn.dll . . . . failed to delete

c:\windows\system32\hpotiop5.dll . . . . failed to delete

c:\windows\system32\hpovst12.dll . . . . failed to delete

c:\windows\system32\hpowiax5.dll . . . . failed to delete

c:\windows\system32\hppldcoi.dll . . . . failed to delete

c:\windows\system32\hpz3l5ha.dll . . . . failed to delete

c:\windows\system32\HPZidr12.dll . . . . failed to delete

c:\windows\system32\HPZinw12.dll . . . . failed to delete

c:\windows\system32\HPZipm12.dll . . . . failed to delete

c:\windows\system32\HPZipr12.dll . . . . failed to delete

c:\windows\system32\hpzipt12.dll . . . . failed to delete

c:\windows\system32\hpzisn12.dll . . . . failed to delete

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Net Driver HPZ12

 

((((((((((((((((((((((((( Files Created from 2009-11-18 to 2009-12-18 )))))))))))))))))))))))))))))))

.

2009-12-18 03:44 . 2009-12-18 03:44 -------- d-----w- c:\users\Default\AppData\Local\temp

2009-12-18 03:44 . 2009-12-18 03:47 -------- d-----w- c:\users\DADS\AppData\Local\temp

2009-12-18 03:44 . 2009-12-18 03:44 -------- d-----w- c:\users\dad1\AppData\Local\temp

2009-12-16 22:59 . 2009-06-30 09:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys

2009-12-16 22:58 . 2009-12-16 22:58 -------- d-----w- c:\program files\Panda Security

2009-12-15 12:40 . 2009-12-03 16:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-15 12:40 . 2009-12-03 16:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-15 12:40 . 2009-12-15 12:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-13 13:58 . 2009-12-13 13:59 -------- d-----w- c:\program files\Windows Live Safety Center

2009-12-13 13:44 . 2009-12-13 13:44 -------- d-----w- c:\program files\Microsoft

2009-12-13 13:15 . 2009-12-13 13:15 -------- d-----w- c:\users\DADS\AppData\Local\Threat Expert

2009-12-12 21:44 . 2009-12-12 21:44 -------- d-----w- c:\program files\Trend Micro

2009-12-12 00:33 . 2009-12-12 00:33 -------- dc-h--w- c:\programdata\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}

2009-12-11 22:41 . 2009-12-11 22:41 -------- d-----w- c:\program files\Common Files\Windows Live

2009-12-11 22:40 . 2007-07-19 23:55 233888 ----a-w- c:\windows\system32\DreamScene.dll

2009-12-11 22:40 . 2008-07-12 08:18 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll

2009-12-11 22:39 . 2009-12-11 22:39 -------- d-----w- c:\program files\BitLocker

2009-12-11 22:38 . 2007-02-22 02:26 1171848 ----a-w- c:\windows\system32\SecureKeyBackupCPL.dll

2009-12-11 22:38 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll

2009-12-11 22:26 . 1999-12-13 01:01 44032 ------w- c:\windows\system32\CTSVCCDA.EXE

2009-12-11 22:26 . 1999-11-18 01:00 25088 ------w- c:\windows\system32\CTSVCCTL.EXE

2009-12-11 22:01 . 2009-12-11 22:01 -------- d-----w- c:\program files\Broadcom

2009-12-11 21:59 . 2009-12-11 21:59 319456 ----a-w- c:\windows\DIFxAPI.dll

2009-12-11 21:59 . 2009-12-11 21:59 315392 ----a-w- c:\windows\HideWin.exe

2009-12-11 21:59 . 2007-07-26 17:09 520192 ----a-w- c:\windows\RtlExUpd.dll

2009-12-11 21:57 . 2009-12-11 21:57 -------- d-----w- c:\windows\system32\vmm32

2009-12-10 05:07 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll

2009-12-10 05:07 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys

2009-12-10 05:07 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll

2009-12-10 02:58 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll

2009-12-07 20:32 . 2009-12-07 20:32 -------- d-----w- c:\program files\gBurner

2009-12-05 15:47 . 2009-12-05 15:47 -------- d-----w- c:\windows\system32\nagasoft

2009-11-25 03:01 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll

2009-11-25 02:29 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll

2009-11-25 02:29 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll

2009-11-24 14:32 . 2009-11-25 05:37 -------- d-----w- c:\users\DADS\AppData\Roaming\Ahead

2009-11-24 14:31 . 2009-11-24 14:31 -------- d-----w- c:\programdata\Ahead

2009-11-24 14:29 . 2009-11-24 14:30 -------- d-----w- c:\program files\Common Files\Ahead

2009-11-24 14:29 . 2009-11-24 14:29 -------- d-----w- c:\program files\Nero

2009-11-23 11:52 . 2009-11-23 11:52 -------- d-----w- c:\users\DADS\AppData\Local\Innovative Solutions

2009-11-23 11:52 . 2009-11-23 11:52 -------- d-----w- c:\programdata\Innovative Solutions

2009-11-21 00:30 . 2009-11-21 00:30 -------- d-----w- c:\programdata\eMule

2009-11-21 00:30 . 2009-11-21 00:30 -------- d-----w- c:\users\DADS\AppData\Roaming\eMule

2009-11-21 00:29 . 2009-11-21 00:30 -------- d-----w- c:\users\DADS\AppData\Local\eMule

2009-11-21 00:13 . 2009-11-21 00:29 -------- d-----w- c:\program files\eMule

2009-11-21 00:08 . 2009-11-21 00:08 -------- d-----w- c:\program files\Common Files\xing shared

2009-11-20 06:38 . 2009-01-27 01:40 60024 ----a-w- c:\windows\system32\NicInE6.dll

2009-11-20 06:38 . 2008-12-05 07:55 217728 ----a-w- c:\windows\system32\drivers\e1e6032.sys

2009-11-20 06:38 . 2007-12-14 21:06 121440 ----a-w- c:\windows\system32\e1000msg.dll

2009-11-20 06:38 . 2007-08-24 15:58 28272 ----a-w- c:\windows\system32\NicCo26.dll

2009-11-20 05:56 . 2009-12-08 19:41 -------- d-----w- c:\users\DADS\AppData\Local\Deployment

2009-11-20 05:56 . 2009-11-20 05:56 -------- d-----w- c:\users\DADS\AppData\Local\Apps

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-18 03:03 . 2009-10-03 21:25 -------- d-----w- c:\users\DADS\AppData\Roaming\Azureus

2009-12-14 20:42 . 2009-10-20 11:03 -------- d-----w- c:\users\DADS\AppData\Roaming\UseNeXT

2009-12-14 13:56 . 2009-10-03 21:25 -------- d-----w- c:\program files\Vuze

2009-12-13 19:19 . 2009-10-02 00:58 1297 ----a-w- c:\users\DADS\AppData\Roaming\iolo\restore.bat

2009-12-13 13:45 . 2006-11-02 12:35 -------- d-----w- c:\program files\Microsoft Games

2009-12-12 00:17 . 2008-08-13 09:26 -------- d-----w- c:\program files\ATI Technologies

2009-12-11 22:27 . 2008-08-13 09:23 -------- d--h--w- c:\program files\Creative Installation Information

2009-12-11 22:25 . 2008-08-13 09:23 409600 ----a-w- c:\windows\system32\wrap_oal.dll

2009-12-11 22:25 . 2008-08-13 09:23 114688 ----a-w- c:\windows\system32\OpenAL32.dll

2009-12-11 22:24 . 2008-08-13 09:22 -------- d-----w- c:\programdata\Creative

2009-12-11 21:57 . 2009-12-11 21:57 45056 ----a-r- c:\users\DADS\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe

2009-12-11 21:57 . 2009-12-11 21:57 10134 ----a-r- c:\users\DADS\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe

2009-12-11 21:57 . 2008-08-13 09:33 -------- d-----w- c:\program files\Dell

2009-12-11 16:30 . 2009-10-02 17:12 -------- d-----w- c:\users\DADS\AppData\Roaming\Uniblue

2009-12-11 16:30 . 2009-10-07 23:05 -------- dc-h--w- c:\programdata\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}

2009-12-11 16:30 . 2009-10-02 17:12 -------- d-----w- c:\program files\Uniblue

2009-12-11 01:55 . 2009-10-02 00:44 -------- d-----w- c:\programdata\iolo

2009-12-10 16:22 . 2009-10-02 17:30 -------- d-----w- c:\users\DADS\AppData\Roaming\Vso

2009-12-10 05:40 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2009-12-10 05:09 . 2008-08-13 09:29 -------- d-----w- c:\programdata\Microsoft Help

2009-12-09 10:35 . 2009-10-02 00:49 93096 ----a-w- c:\windows\system32\IncContxMenu.dll

2009-12-09 10:35 . 2009-10-02 00:49 2118568 ----a-w- c:\windows\system32\Incinerator.dll

2009-12-05 05:22 . 2009-12-05 05:22 784136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2009-12-02 17:31 . 2009-10-20 11:03 -------- d-----w- c:\program files\UseNeXT

2009-11-30 03:39 . 2009-11-06 06:55 -------- d-----w- c:\program files\DVD Flick

2009-11-29 19:01 . 2009-11-16 05:17 -------- d-----w- c:\users\DADS\AppData\Roaming\ImgBurn

2009-11-29 18:03 . 2009-10-23 20:19 -------- d-----w- c:\program files\MagicDisc

2009-11-28 12:37 . 2009-10-02 00:49 -------- d-----w- c:\program files\iolo

2009-11-27 10:48 . 2009-10-01 04:01 171552 ----a-w- c:\windows\system32\guard32.dll

2009-11-27 10:48 . 2009-10-01 04:01 128376 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2009-11-24 14:29 . 2009-10-05 13:49 -------- d-----w- c:\programdata\Nero

2009-11-21 16:56 . 2009-10-03 21:26 174 ----a-w- c:\users\DADS\AppData\Roaming\Azureus\restart.bat

2009-11-21 06:40 . 2009-12-10 02:57 916480 ----a-w- c:\windows\system32\wininet.dll

2009-11-21 06:34 . 2009-12-10 02:57 71680 ----a-w- c:\windows\system32\iesetup.dll

2009-11-21 06:34 . 2009-12-10 02:57 109056 ----a-w- c:\windows\system32\iesysprep.dll

2009-11-21 04:59 . 2009-12-10 02:57 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2009-11-21 00:09 . 2009-10-02 15:52 -------- d-----w- c:\program files\Common Files\Real

2009-11-21 00:08 . 2009-10-02 15:52 -------- d-----w- c:\program files\Real

2009-11-20 00:35 . 2009-11-20 00:35 10686001 ----a-w- c:\users\DADS\AppData\Roaming\Azureus\plugins\azump\mplayer.exe

2009-11-17 22:35 . 2009-10-01 04:01 74328 ----a-w- c:\windows\system32\drivers\inspect.sys

2009-11-17 22:35 . 2009-10-01 04:01 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2009-11-16 05:34 . 2009-10-20 21:21 -------- d-----w- c:\users\DADS\AppData\Roaming\Apple Computer

2009-11-16 05:13 . 2009-11-16 05:12 -------- d-----w- c:\program files\ImgBurn

2009-11-15 19:28 . 2009-10-05 14:06 -------- d-----w- c:\users\DADS\AppData\Roaming\Any Audio Converter

2009-11-15 19:11 . 2009-10-05 14:06 -------- d-----w- c:\program files\Any Audio Converter

2009-11-15 05:27 . 2009-10-02 15:54 -------- d-----w- c:\program files\DivX

2009-11-13 16:24 . 2009-11-13 16:24 -------- d-----w- c:\users\DADS\AppData\Roaming\Western Digital

2009-11-13 16:23 . 2009-11-13 16:23 -------- d-----w- c:\programdata\Western Digital

2009-11-13 16:20 . 2009-11-13 16:20 -------- d-----w- c:\program files\Western Digital

2009-11-12 18:58 . 2009-10-02 17:30 47360 ----a-w- c:\users\DADS\AppData\Roaming\pcouffin.sys

2009-11-12 18:58 . 2009-10-02 17:30 47360 ----a-w- c:\users\DADS\AppData\Roaming\pcouffin.sys

2009-11-10 07:12 . 2009-10-22 20:56 -------- d-----w- c:\users\DADS\AppData\Roaming\Epson

2009-11-10 06:33 . 2009-10-01 04:01 -------- d-----w- c:\program files\COMODO

2009-11-08 12:19 . 2009-11-04 20:58 -------- d-----w- c:\users\DADS\AppData\Roaming\dvdcss

2009-11-05 17:05 . 2009-10-05 12:33 -------- d-----w- c:\program files\MP3Suite

2009-11-05 17:04 . 2009-10-05 12:33 -------- d-----w- c:\users\DADS\AppData\Roaming\MP3Suite

2009-11-04 16:58 . 2009-11-04 16:58 -------- d-----w- c:\program files\Windows Portable Devices

2009-11-04 16:58 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2009-11-04 16:58 . 2009-11-04 16:58 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2009-11-04 16:57 . 2009-11-04 16:57 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2009-11-03 21:48 . 2009-11-03 21:48 -------- d-----w- c:\users\Default\AppData\Roaming\iolo

2009-11-02 20:42 . 2009-10-02 19:58 195456 ------w- c:\windows\system32\MpSigStub.exe

2009-10-31 15:55 . 2009-10-31 15:55 -------- d-----w- c:\program files\Veetle

2009-10-31 10:39 . 2009-10-31 10:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2009-10-31 10:39 . 2009-10-20 21:15 -------- d-----w- c:\programdata\Apple

2009-10-31 10:39 . 2009-10-31 10:38 -------- d-----w- c:\program files\iTunes

2009-10-31 10:38 . 2009-10-31 10:38 -------- d-----w- c:\program files\iPod

2009-10-31 10:38 . 2009-10-20 21:15 -------- d-----w- c:\program files\Common Files\Apple

2009-10-31 10:36 . 2009-10-31 10:36 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

2009-10-27 13:38 . 2009-10-02 16:02 -------- d-----w- c:\program files\IncrediMail

2009-10-26 16:49 . 2009-10-26 16:49 315392 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportSystemDlls\13837\RapportSystemDlls.dll

2009-10-23 20:41 . 2009-10-23 20:41 -------- d-----w- c:\program files\Free Easy Burner

2009-10-22 21:01 . 2009-10-04 11:17 -------- d-----w- c:\programdata\HP

2009-10-22 20:50 . 2009-10-22 20:31 -------- d-----w- c:\program files\Epson Software

2009-10-22 20:50 . 2008-08-13 09:22 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-10-22 20:47 . 2009-10-22 20:45 -------- d-----w- c:\programdata\EPSON

2009-10-22 20:42 . 2009-10-22 20:36 -------- d-----w- c:\program files\EpsonNet

2009-10-22 20:40 . 2009-10-22 20:40 -------- d-----w- c:\program files\Common Files\EPSON

2009-10-22 20:39 . 2009-10-22 19:57 -------- d-----w- c:\program files\EPSON

2009-10-22 20:33 . 2008-08-13 09:22 -------- d-----w- c:\program files\Common Files\InstallShield

2009-10-22 20:31 . 2009-10-22 20:31 -------- d-----w- c:\programdata\UDL

2009-10-22 20:30 . 2009-10-22 20:30 -------- d-----w- c:\users\DADS\AppData\Roaming\InstallShield

2009-10-21 18:57 . 2009-10-21 18:57 -------- d-----w- c:\program files\Microsoft Silverlight

2009-10-20 21:21 . 2009-10-20 21:20 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}

2009-10-20 21:20 . 2009-10-20 21:18 -------- d-----w- c:\programdata\Apple Computer

2009-10-20 21:19 . 2009-10-20 21:19 -------- d-----w- c:\program files\Bonjour

2009-10-20 21:19 . 2009-10-20 21:18 -------- d-----w- c:\program files\QuickTime

2009-10-20 21:17 . 2009-10-20 21:17 -------- d-----w- c:\program files\Apple Software Update

2009-10-20 15:53 . 2009-10-02 17:12 -------- d-----w- c:\programdata\DriverScanner

2009-10-20 15:37 . 2009-10-01 03:47 119920 ----a-w- c:\users\DADS\AppData\Local\GDIPFONTCACHEV1.DAT

2009-10-20 15:30 . 2008-08-13 09:31 -------- d-----w- c:\program files\Microsoft Works

2009-10-20 15:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar

2009-10-20 15:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar

2009-10-20 15:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration

2009-10-20 15:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal

2009-10-20 15:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery

2009-10-20 15:11 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender

2009-10-19 13:01 . 2008-08-13 09:32 -------- d-----w- c:\program files\Common Files\Adobe

2009-10-13 04:14 . 2009-10-13 04:14 2635 ----a-w- c:\windows\unins000.dat

2009-10-13 04:14 . 2009-10-13 04:14 691481 ----a-w- c:\windows\unins000.exe

2008-08-13 18:05 . 2008-08-13 18:05 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

[paultrueblue]

had to do this as two reports as it was too big for one post sorry.This is part 2 of combofix report

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"MtdAcqu"="c:\program files\Creative\MediaSource5\MtdAcqu.exe" [2006-03-08 278528]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-12-09 346040]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-17 1800464]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-21 198160]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]

"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-08-13 09:47 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"FirewallOverride"=dword:00000001

"VistaSp2"=hex(b):e4,3d,7b,96,98,51,ca,01

R0 pavboot;pavboot;c:\windows\System32\drivers\pavboot.sys [16/12/2009 22:59 28552]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [01/10/2009 04:01 128376]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [01/10/2009 04:01 29520]

R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [02/10/2009 00:49 20392]

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [27/09/2009 11:53 58856]

R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [27/09/2009 11:53 333928]

R2 AERTFilters;Andrea RT Filters Service;c:\windows\System32\AERTSrv.exe [05/12/2007 06:17 77824]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [14/08/2009 02:15 172032]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [28/04/2008 15:56 161048]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [02/10/2009 00:49 650160]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [02/10/2009 00:49 650160]

R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [27/09/2009 11:53 967912]

S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [04/09/2009 15:22 98304]

S2 WDSmartWareBackgroundService;WD SmartWare Background Service;"c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe" --> c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [?]

S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:21 21504]

S3 UCharger;Energizer Usb Charger Driver;c:\windows\System32\drivers\UCharger.sys [15/05/2007 06:43 13765]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam.sys [13/02/2009 12:02 11520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

vvdsvc REG_MULTI_SZ vvdsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]

2008-04-11 17:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]

2008-08-28 10:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.virginmedia.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-12-18 03:47

Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x872F6618]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0x847c9d24

\Driver\ACPI -> acpi.sys @ 0x8069dd68

\Driver\atapi -> ataport.SYS @ 0x807b9a2c

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2760)

c:\program files\Trusteer\Rapport\bin\rooksbas.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\COMODO\COMODO Internet Security\cmdagent.exe

c:\windows\system32\atieclxx.exe

c:\windows\system32\WLANExt.exe

c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

c:\windows\system32\CTsvcCDA.exe

c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE

c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\windows\system32\WUDFHost.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

.

**************************************************************************

.

Completion time: 2009-12-18 03:57:29 - machine was rebooted

ComboFix-quarantined-files.txt 2009-12-18 03:57

Pre-Run: 203,248,066,560 bytes free

Post-Run: 203,001,409,536 bytes free

- - End Of File - - 91346D604C29A079AC6B4FE709E00AC4

[chiaz]

Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

 

It's IMPORTANT to carry out the instructions in the sequence listed below.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

Open *notepad* and copy/paste the text in the quotebox below into it:

 

File::
c:\programdata\microsoft\windows\wer\reportqueue\report16e38634\vefuq.exe.xor
c:\programdata\microsoft\windows\wer\reportqueue\r eport16ff848f\svvchost.exe.xor

Folder::
c:\windows\temp\defi.tmp\

 

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.

 

 

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

 

Refering to the picture above, drag CFScript.txt into ComboFix.exe

 

 

When finished, it shall produce a log for you at C:\ComboFix.txt

 

Please copy and paste the ComboFix.txt in your new reply.

 

*Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall. Altering this script in any way could damage your computer.*

[paultrueblue]

i'm very sorry chiaz i tried but all i got was the blue screen of death everytime so i've bought myself a new HDD and started fresh.Many thanks for your help and sorry to lead you up the garden path.