Fake Trojan that won't go away

[maddog197]

Hi all,
New here and this malware is on my son's new build. Spyware Doctor detects it but can't remove it. It is back at every reboot. It appears to take control of any Internet Browsers, not allowing access. Apparently he clicked on a link that was supposedly a Memtest link??? He has been warned about downloading from unknown sites. Thanks for the help.


DDS (Version 1.0) - NTFSx86
Run by Cole at 13:49:46.03 on 06/12/2008
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.3070.1753 [GMT -5:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\System32\ASDR.exe
C:\Windows\ATKKBService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\nHancer\nHancerService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\locator.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
C:\Program Files\Registry Mechanic\RMTray.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHook32.exe
C:\Users\Cole\AppData\Local\Temp\~tmpb.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cole\Desktop\dds.com
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.safeappsoftware.com/
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [NVIDIA nTune] c:\program files\nvidia corporation\ntune\nTuneCmd.exe resetprofile
uRun: [Cognac] c:\users\cole\appdata\local\temp\~tmpb.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\rmtray.exe /S
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [CPU Power Monitor] "c:\program files\asus\ai suite\aigear3\CpuPowerMonitor.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [ASUSGamerOSD] c:\program files\asus\gamerosd\GamerOSD.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundTray] c:\program files\analog devices\soundmax\SoundTray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [<NO NAME>]
mRun: [Launch LGDCore] "c:\program files\logitech\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [Launch LCDMon] "c:\program files\logitech\g-series software\LCDMon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
AppInit_DLLs: avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-13 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-30 90632]
R1 KS0108;KS0108;\??\c:\program files\lcdstudio\ks0108.sys [2008-3-10 3712]
R1 LC7981;LC7981;\??\c:\program files\lcdstudio\LC7981.sys [2008-3-10 5120]
R1 n3900;n3900;\??\c:\program files\lcdstudio\n3900.sys [2008-3-10 3968]
R1 pctfw2;pctfw2;\??\c:\windows\system32\drivers\pctfw2.sys [2008-12-1 160792]
R1 SED133x;SED133x;\??\c:\program files\lcdstudio\SED133x.sys [2008-3-10 7424]
R1 T6963C;T6963C;\??\c:\program files\lcdstudio\T6963c.sys [2008-3-10 6400]
R2 AEADIFilters;Andrea ADI Filters Service;c:\windows\system32\AEADISRV.EXE [2008-11-27 86016]
R2 ASDR;ASDR;c:\windows\system32\ASDR.exe [2007-3-20 61440]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-8-13 874776]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-8-13 231704]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-11-30 356920]
R2 UpdateCenterService;Update Center Service;c:\program files\nvidia corporation\system update\UpdateCenterService.exe /StartService [2008-5-23 114688]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;c:\windows\system32\drivers\asusgsb.sys [2008-9-14 15232]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;c:\windows\system32\drivers\AsusVRC.sys [2007-1-29 18432]
R3 atkdisplf;ASUS Kernel Mode Enhanced Driver;c:\windows\system32\drivers\ATKDispLowFilter.sys [2008-9-14 30976]
S2 ATKFUSService;ATK Fast User Switch Service;c:\windows\system32\ATKFUSService.exe [2008-9-14 67072]
S2 gupdate1c90c635166d7cd;Google Update Service (gupdate1c90c635166d7cd);"c:\program files\google\update\GoogleUpdate.exe" /svc [2008-9-1 133104]

=============== Created Last 30 ================

2008-12-03 19:48 1,524,736 a------- c:\windows\system32\wucltux.dll
2008-12-03 19:47 83,456 a------- c:\windows\system32\wudriver.dll
2008-12-03 19:47 162,064 a------- c:\windows\system32\wuwebv.dll
2008-12-03 19:47 31,232 a------- c:\windows\system32\wuapp.exe
2008-12-01 20:21 160,792 a------- c:\windows\system32\drivers\pctfw2.sys
2008-12-01 20:21 <DIR> --d----- c:\programdata\PC Tools
2008-12-01 20:21 <DIR> --d----- c:\progra~2\PC Tools
2008-12-01 20:18 <DIR> --d----- c:\program files\common files\PC Tools
2008-11-30 20:29 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2008-11-30 20:29 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2008-11-30 20:29 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-11-30 20:29 29,576 a------- c:\windows\system32\drivers\kcom.sys
2008-11-30 20:29 <DIR> --d----- c:\users\cole\appdata\roaming\PC Tools
2008-11-30 20:29 <DIR> --d----- c:\program files\Spyware Doctor
2008-11-30 18:25 90,632 a------- c:\windows\system32\drivers\avgtdix.sys
2008-11-30 18:01 <DIR> --d----- c:\programdata\Yahoo! Companion
2008-11-30 17:08 <DIR> --d----- c:\program files\Yahoo!
2008-11-30 17:08 <DIR> --d----- c:\program files\CCleaner
2008-11-30 11:22 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-11-29 23:57 <DIR> --d----- c:\programdata\Apple Computer
2008-11-29 23:56 <DIR> --d----- c:\programdata\Apple
2008-11-29 16:30 <DIR> --d----- c:\program files\LcdStudio
2008-11-29 16:16 <DIR> --d----- c:\programdata\Logitech
2008-11-29 09:18 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-28 23:16 <DIR> --d----- c:\programdata\Graboid Inc
2008-11-28 23:16 <DIR> --d----- c:\progra~2\Graboid Inc
2008-11-28 23:16 <DIR> --d----- c:\users\cole\appdata\roaming\MozillaControl
2008-11-28 23:16 <DIR> --d----- c:\program files\VideoLAN
2008-11-28 23:16 <DIR> --d----- c:\program files\Graboid
2008-11-27 22:12 <DIR> --d----- c:\program files\spray's
2008-11-27 21:10 <DIR> --d----- c:\programdata\Google Updater
2008-11-27 21:06 8,822,648 a------- c:\windows\AsusUpdt_V71401.zip
2008-11-27 15:30 <DIR> --d----- c:\programdata\Futuremark
2008-11-27 15:30 <DIR> --d----- c:\progra~2\Futuremark
2008-11-27 15:24 <DIR> --d----- c:\program files\common files\Futuremark Shared
2008-11-27 15:22 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2008-11-27 13:53 27,672 a----r-- c:\windows\system32\drivers\Entech.sys
2008-11-27 13:53 6,173 a------- c:\windows\system32\drivers\Entech.vxd
2008-11-27 13:53 5,632 a------- c:\windows\system32\drivers\Entech64.sys
2008-11-27 13:53 3,972 a------- c:\windows\system32\drivers\PciBus.sys
2008-11-27 13:53 <DIR> --d----- c:\windows\system32\Futuremark
2008-11-27 13:53 <DIR> --d----- c:\program files\Futuremark
2008-11-27 13:35 <DIR> --d----- c:\windows\system32\AGEIA
2008-11-27 13:34 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-11-27 08:44 409,600 a------- c:\windows\system32\wrap_oal.dll
2008-11-27 08:44 86,016 a------- c:\windows\system32\OpenAL32.dll
2008-11-27 08:44 1,503,232 -------- c:\windows\system32\adi_oal.dll
2008-11-27 08:44 73,728 a------- c:\windows\system32\sfwave.ocx
2008-11-27 08:44 73,728 -------- c:\windows\system32\AEADICom.dll
2008-11-27 08:43 354,304 a------- c:\windows\system32\drivers\ADIHdAud.sys
2008-11-27 08:43 86,016 a------- c:\windows\system32\AEADISRV.EXE
2008-11-27 08:43 31,744 a------- c:\windows\system32\SmaxCo.dll
2008-11-27 08:43 638,976 a------- c:\windows\system32\AEADIExt.dll
2008-11-27 08:43 132,096 a------- c:\windows\system32\AEADIAPO.dll
2008-11-27 08:43 <DIR> --d----- c:\programdata\SonicFocus
2008-11-27 08:43 <DIR> --d----- c:\program files\Analog Devices
2008-11-27 08:43 <DIR> --d----- c:\progra~2\SonicFocus
2008-11-27 08:30 <DIR> --d----- c:\windows\AsDmiHtm
2008-11-26 06:45 428,544 a------- c:\windows\system32\EncDec.dll
2008-11-26 06:45 293,376 a------- c:\windows\system32\psisdecd.dll
2008-11-26 06:45 217,088 a------- c:\windows\system32\psisrndr.ax
2008-11-26 06:45 177,664 a------- c:\windows\system32\mpg2splt.ax
2008-11-26 06:45 80,896 a------- c:\windows\system32\MSNP.ax
2008-11-26 06:43 241,152 a------- c:\windows\system32\PortableDeviceApi.dll
2008-11-26 06:43 468,992 a------- c:\windows\system32\newdev.dll
2008-11-26 06:43 74,752 a------- c:\windows\system32\newdev.exe
2008-11-13 16:20 203,540 a------- c:\windows\system32\nvapps.xml

==================== Find3M ====================

2008-11-30 18:25 98,440 a------- c:\windows\system32\drivers\avgldx86.sys
2008-11-29 23:56 143,360 a------- c:\windows\inf\infstrng.dat
2008-11-29 23:56 86,016 a------- c:\windows\inf\infstor.dat
2008-11-29 23:56 51,200 a------- c:\windows\inf\infpub.dat
2008-11-12 13:45 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-10-21 00:25 1,645,568 a------- c:\windows\system32\connect.dll
2008-10-13 09:56 70,936 a------- c:\windows\system32\PhysXLoader.dll
2008-10-01 22:49 827,392 a------- c:\windows\system32\wininet.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-18 00:09 3,601,464 a------- c:\windows\system32\ntkrnlpa.exe
2008-09-18 00:09 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2008-09-17 23:56 125,952 a------- c:\windows\system32\wersvc.dll
2008-09-17 23:56 147,456 a------- c:\windows\system32\Faultrep.dll
2008-09-17 21:16 2,032,640 a------- c:\windows\system32\win32k.sys
2008-09-13 22:23 790,114 a------- c:\windows\1601.zip
2008-09-09 22:40 1,334,272 a------- c:\windows\system32\msxml6.dll
2008-09-08 10:10 270,336 a------- c:\windows\system32\nvLsp.dll
2008-08-20 14:46 665,600 a------- c:\windows\inf\drvindex.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-08-14 23:54 8 ---shr-- c:\windows\system32\94E1FD13FE.sys
2008-08-14 23:54 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 13:50:28.16 ===============

[Ried]

Hello maddog197,

It will require more than one round to properly clean your system. Please stay with me until given the 'all clear' even if symptoms seemingly abate.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

[maddog197]

Thanks,
I will give it a whirl later tonight and post the log etc. Should I attach that combo fix log or copy and paste it?
Thanks from Canada

[Ried]

Please post the contents in the reply box. Only attach logs when specifically requested.

[maddog197]

Hi RIED,
I am a bit confused with using the Vista Recovery Environment.
I have booted frm the CD by pressing F8 @ startup. I can't seem to get to the Recovery Environment.
I will keep trying please bear with me.

[Ried]

Hi maddog197,

I appreciate your effort, but you can skip that part of the instructions. Just know that Vista does have a Recovery Environment if needed.

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  
  
• Double click on combofix.exe & follow the prompts.
  
  
• When finished a log will be produced.

Post the contents of the C:\ComboFix.txt

[maddog197]

Hi Again,
Thanks for the info about the Recovery Environment, I guess there is no Safe Mode as with XP?? I used combofix and here is the log. I will let you peruse the text file and patiently await further instructions.





ComboFix 08-12-07.04 - Cole 2008-12-09 18:48:58.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2246 [GMT -5:00]
Running from: c:\users\Cole\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-09 to 2008-12-09 )))))))))))))))))))))))))))))))
.

2008-12-06 13:55 . 2008-12-06 14:01 250 --a------ c:\windows\gmer.ini
2008-12-03 19:48 . 2008-10-16 16:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-03 19:48 . 2008-10-16 15:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-03 19:48 . 2008-10-16 16:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-03 19:48 . 2008-10-16 16:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-03 19:47 . 2008-10-16 16:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-03 19:47 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-03 19:47 . 2008-10-16 15:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-03 19:47 . 2008-10-16 16:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-03 19:47 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-12-01 20:21 . 2008-12-01 20:21 <DIR> d-------- c:\users\All Users\PC Tools
2008-12-01 20:21 . 2008-12-01 20:21 <DIR> d-------- c:\programdata\PC Tools
2008-12-01 20:21 . 2008-12-01 20:18 160,792 --a------ c:\windows\System32\drivers\pctfw2.sys
2008-12-01 20:18 . 2008-12-01 20:19 <DIR> d-------- c:\program files\Common Files\PC Tools
2008-11-30 20:29 . 2008-11-30 20:29 <DIR> d-------- c:\users\Cole\AppData\Roaming\PC Tools
2008-11-30 20:29 . 2008-12-08 18:33 <DIR> d-------- c:\program files\Spyware Doctor
2008-11-30 20:29 . 2008-08-25 12:36 81,288 --a------ c:\windows\System32\drivers\iksyssec.sys
2008-11-30 20:29 . 2008-08-25 12:36 66,952 --a------ c:\windows\System32\drivers\iksysflt.sys
2008-11-30 20:29 . 2008-08-25 12:36 40,840 --a------ c:\windows\System32\drivers\ikfilesec.sys
2008-11-30 20:29 . 2008-06-02 16:19 29,576 --a------ c:\windows\System32\drivers\kcom.sys
2008-11-30 18:01 . 2008-11-30 18:01 <DIR> d-------- c:\users\All Users\Yahoo! Companion
2008-11-30 18:01 . 2008-11-30 18:01 <DIR> d-------- c:\programdata\Yahoo! Companion
2008-11-30 17:08 . 2008-11-30 17:08 <DIR> d-------- c:\program files\Yahoo!
2008-11-30 17:08 . 2008-11-30 17:08 <DIR> d-------- c:\program files\CCleaner
2008-11-30 00:17 . 2008-11-30 00:17 <DIR> d-------- c:\users\Cole\AppData\Roaming\Apple Computer
2008-11-29 23:58 . 2008-11-30 17:12 <DIR> d----c--- c:\windows\System32\DRVSTORE
2008-11-29 23:57 . 2008-11-30 17:12 <DIR> d-------- c:\users\All Users\Apple Computer
2008-11-29 23:57 . 2008-11-30 17:12 <DIR> d-------- c:\programdata\Apple Computer
2008-11-29 23:57 . 2008-11-29 23:57 <DIR> d-------- c:\program files\QuickTime
2008-11-29 23:56 . 2008-11-29 23:56 <DIR> d-------- c:\users\All Users\Apple
2008-11-29 23:56 . 2008-11-29 23:56 <DIR> d-------- c:\programdata\Apple
2008-11-29 23:56 . 2008-11-30 17:12 <DIR> d-------- c:\program files\Common Files\Apple
2008-11-29 23:56 . 2008-11-29 23:56 <DIR> d-------- c:\program files\Apple Software Update
2008-11-29 16:30 . 2008-11-29 16:30 <DIR> d-------- c:\program files\LcdStudio
2008-11-29 16:16 . 2008-11-29 16:16 <DIR> d-------- c:\users\All Users\Logitech
2008-11-29 16:16 . 2008-11-29 16:16 <DIR> d-------- c:\programdata\Logitech
2008-11-29 16:16 . 2008-11-29 16:16 <DIR> d-------- c:\program files\Logitech
2008-11-29 09:19 . 2008-11-29 09:19 <DIR> d-------- c:\windows\Sun
2008-11-29 09:18 . 2008-11-29 09:18 410,976 --a------ c:\windows\System32\deploytk.dll
2008-11-28 23:17 . 2008-11-30 00:27 <DIR> d-------- c:\users\Cole\AppData\Roaming\vlc
2008-11-28 23:16 . 2008-11-28 23:17 <DIR> d-------- c:\users\Cole\AppData\Roaming\MozillaControl
2008-11-28 23:16 . 2008-11-28 23:16 <DIR> d-------- c:\users\All Users\Graboid Inc
2008-11-28 23:16 . 2008-11-28 23:16 <DIR> d-------- c:\programdata\Graboid Inc
2008-11-28 23:16 . 2008-11-28 23:16 <DIR> d-------- c:\program files\VideoLAN
2008-11-28 23:16 . 2008-11-30 13:18 <DIR> d-------- c:\program files\Graboid
2008-11-28 21:28 . 2008-11-28 21:29 <DIR> d-------- c:\users\Cole\AppData\Roaming\U3
2008-11-27 22:12 . 2008-11-27 22:13 <DIR> d-------- c:\program files\spray's
2008-11-27 21:10 . 2008-12-08 18:07 <DIR> d-------- c:\users\All Users\Google Updater
2008-11-27 21:10 . 2008-12-08 18:07 <DIR> d-------- c:\programdata\Google Updater
2008-11-27 21:06 . 2008-11-27 21:07 8,822,648 --a------ c:\windows\AsusUpdt_V71401.zip
2008-11-27 15:30 . 2008-11-27 15:30 <DIR> d-------- c:\users\All Users\Futuremark
2008-11-27 15:30 . 2008-11-27 15:30 <DIR> d-------- c:\programdata\Futuremark
2008-11-27 15:24 . 2008-11-27 15:24 <DIR> d-------- c:\program files\Common Files\Futuremark Shared
2008-11-27 15:22 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2008-11-27 13:53 . 2008-11-27 13:53 <DIR> d-------- c:\windows\System32\Futuremark
2008-11-27 13:53 . 2008-11-27 16:44 <DIR> d-------- c:\program files\Futuremark
2008-11-27 13:53 . 2008-04-22 08:53 27,672 -ra------ c:\windows\System32\drivers\Entech.sys
2008-11-27 13:53 . 1999-11-02 10:01 6,173 --a------ c:\windows\System32\drivers\Entech.vxd
2008-11-27 13:53 . 2004-06-22 15:44 5,632 --a------ c:\windows\System32\drivers\Entech64.sys
2008-11-27 13:53 . 2001-11-19 19:05 3,972 --a------ c:\windows\System32\drivers\PciBus.sys
2008-11-27 13:35 . 2008-11-27 13:35 <DIR> d-------- c:\windows\System32\AGEIA
2008-11-27 13:35 . 2008-11-27 13:35 <DIR> d-------- c:\program files\AGEIA Technologies
2008-11-27 13:34 . 2008-11-27 15:23 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-27 08:44 . 2007-07-03 13:11 1,503,232 --------- c:\windows\System32\adi_oal.dll
2008-11-27 08:44 . 2008-11-27 08:44 409,600 --a------ c:\windows\System32\wrap_oal.dll
2008-11-27 08:44 . 2008-11-27 13:54 86,016 --a------ c:\windows\System32\OpenAL32.dll
2008-11-27 08:44 . 2007-06-07 08:42 73,728 --a------ c:\windows\System32\sfwave.ocx
2008-11-27 08:44 . 2007-08-02 13:23 73,728 --------- c:\windows\System32\AEADICom.dll
2008-11-27 08:43 . 2008-11-27 08:43 <DIR> d-------- c:\users\Cole\AppData\Roaming\InstallShield
2008-11-27 08:43 . 2008-11-27 08:43 <DIR> d-------- c:\users\All Users\SonicFocus
2008-11-27 08:43 . 2008-11-27 08:43 <DIR> d-------- c:\programdata\SonicFocus
2008-11-27 08:43 . 2008-11-27 08:44 <DIR> d-------- c:\program files\Analog Devices
2008-11-27 08:43 . 2007-08-02 16:18 638,976 --a------ c:\windows\System32\AEADIExt.dll
2008-11-27 08:43 . 2007-10-25 12:07 354,304 --a------ c:\windows\System32\drivers\ADIHdAud.sys
2008-11-27 08:43 . 2007-08-23 17:24 132,096 --a------ c:\windows\System32\AEADIAPO.dll
2008-11-27 08:43 . 2007-10-19 10:28 86,016 --a------ c:\windows\System32\AEADISRV.EXE
2008-11-27 08:43 . 2007-10-17 17:12 31,744 --a------ c:\windows\System32\SmaxCo.dll
2008-11-27 08:30 . 2007-09-27 04:26 <DIR> d-------- c:\windows\AsDmiHtm
2008-11-26 06:45 . 2008-08-05 04:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-11-26 06:45 . 2008-08-05 04:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-11-26 06:45 . 2008-08-05 04:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-11-26 06:45 . 2008-08-05 04:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-11-26 06:45 . 2008-08-05 04:48 80,896 --a------ c:\windows\System32\MSNP.ax
2008-11-26 06:43 . 2008-09-02 22:59 468,992 --a------ c:\windows\System32\newdev.dll
2008-11-26 06:43 . 2008-10-21 22:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 06:43 . 2008-09-02 22:58 74,752 --a------ c:\windows\System32\newdev.exe
2008-11-13 16:20 . 2008-11-13 16:20 203,540 --a------ c:\windows\System32\nvapps.xml

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-09 01:37 --------- d---a-w c:\programdata\TEMP
2008-12-04 01:02 --------- d-----w c:\program files\Steam
2008-12-01 00:37 --------- d-----w c:\program files\Google
2008-11-29 18:00 --------- d-----w c:\programdata\nHancer
2008-11-29 14:18 --------- d-----w c:\program files\Java
2008-11-29 07:51 --------- d-----w c:\program files\pictures
2008-11-28 01:59 --------- d-----w c:\program files\ASUS
2008-11-27 21:45 --------- d-----w c:\programdata\NVIDIA
2008-11-27 21:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-27 10:35 --------- d-----w c:\program files\Common Files\Steam
2008-11-26 11:56 --------- d-----w c:\program files\Windows Mail
2008-11-12 18:45 453,152 ----a-w c:\windows\System32\NVUNINST.EXE
2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll
2008-10-13 14:56 70,936 ----a-w c:\windows\System32\PhysXLoader.dll
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-14 03:23 790,114 ----a-w c:\windows\1601.zip
2008-09-10 03:40 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2008-08-15 04:54 8 --sh--r c:\windows\System32\94E1FD13FE.sys
2008-08-15 04:54 2,828 --sha-w c:\windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-06-06 114688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-01-28 1413120]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-29 136600]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2008-05-28 380928]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-10-25 1302528]
"SoundTray"="c:\program files\Analog Devices\SoundMAX\SoundTray.exe" [2007-09-27 53248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13675040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 92704]
"Launch LGDCore"="c:\program files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304]
"Launch LCDMon"="c:\program files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{3B321759-DA27-4C73-80DB-61ACE1CE1B50}c:\\program files\\steam\\steamapps\\coldroll\\garrysmod\\hl2.exe"= UDP:c:\program files\steam\steamapps\coldroll\garrysmod\hl2.exe:hl2
"UDP Query User{77E1647A-78EF-47B2-B514-2430CCAACEA2}c:\\program files\\steam\\steamapps\\coldroll\\garrysmod\\hl2.exe"= TCP:c:\program files\steam\steamapps\coldroll\garrysmod\hl2.exe:hl2
"TCP Query User{DBB473B1-3069-47A7-B712-CC1A72142E60}c:\\program files\\steam\\steamapps\\coldroll\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\coldroll\team fortress 2\hl2.exe:hl2
"UDP Query User{CBC49ECE-0689-4579-9481-9721EDEB982A}c:\\program files\\steam\\steamapps\\coldroll\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\coldroll\team fortress 2\hl2.exe:hl2
"TCP Query User{59EE3419-88AA-4DCD-BD8E-B3C223B3CED3}c:\\program files\\steam\\steamapps\\coldroll\\counter-strike\\hl.exe"= UDP:c:\program files\steam\steamapps\coldroll\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{A57A4F8B-EF6A-46FB-8420-60E6AB46711D}c:\\program files\\steam\\steamapps\\coldroll\\counter-strike\\hl.exe"= TCP:c:\program files\steam\steamapps\coldroll\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{5F8784EF-8728-4F55-B2BD-A26205F4672B}c:\\program files\\steam\\steamapps\\coldroll\\condition zero\\hl.exe"= UDP:c:\program files\steam\steamapps\coldroll\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{202CC13C-99D1-4B57-BE5C-B81E0A55B528}c:\\program files\\steam\\steamapps\\coldroll\\condition zero\\hl.exe"= TCP:c:\program files\steam\steamapps\coldroll\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{291AD86E-F38F-4B7E-8E0E-CA674A580800}c:\\program files\\steam\\steamapps\\coldroll\\day of defeat\\hl.exe"= UDP:c:\program files\steam\steamapps\coldroll\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{5C1F30A7-EBD3-4E68-A8D7-F892FEA009EA}c:\\program files\\steam\\steamapps\\coldroll\\day of defeat\\hl.exe"= TCP:c:\program files\steam\steamapps\coldroll\day of defeat\hl.exe:Half-Life Launcher
"TCP Query User{988DE3E5-26D6-4576-AEC9-985E67BA9AF9}c:\\program files\\steam\\steamapps\\coldroll\\ricochet\\hl.exe"= UDP:c:\program files\steam\steamapps\coldroll\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{944E92FA-F81B-4021-8107-CC4BEFDA9FA3}c:\\program files\\steam\\steamapps\\coldroll\\ricochet\\hl.exe"= TCP:c:\program files\steam\steamapps\coldroll\ricochet\hl.exe:Half-Life Launcher
"TCP Query User{A4DBF23A-225E-4EC8-9E55-CFBC00FF15BD}c:\\program files\\steam\\steamapps\\coldroll\\opposing force\\hl.exe"= UDP:c:\program files\steam\steamapps\coldroll\opposing force\hl.exe:Half-Life Launcher
"UDP Query User{4B017AEB-8C08-45E7-8525-F2E5EF5870B9}c:\\program files\\steam\\steamapps\\coldroll\\opposing force\\hl.exe"= TCP:c:\program files\steam\steamapps\coldroll\opposing force\hl.exe:Half-Life Launcher
"TCP Query User{B0770D18-7506-4D91-84D9-9DBFB41856FF}c:\\program files\\microsoft games\\age of mythology\\aom.exe"= UDP:c:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"UDP Query User{C70B0667-6B52-4D3D-AE8E-68AB569AA5D6}c:\\program files\\microsoft games\\age of mythology\\aom.exe"= TCP:c:\program files\microsoft games\age of mythology\aom.exe:Age of Mythology
"{29DCCD47-0698-4E13-9FE8-90E848D5070A}"= UDP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"{E12161BD-D565-49F4-BE13-DCE0EDDD850C}"= TCP:c:\program files\Microsoft Games\Age of Empires III\age3.exe:Age of Empires 3
"TCP Query User{FAB60D59-F913-4D18-9C0A-C769E77F5E0E}c:\\program files\\asus\\asusupdate\\update.exe"= UDP:c:\program files\asus\asusupdate\update.exe:ASUS Windows Platform Flash Program
"UDP Query User{5284B2D8-2ACC-4E76-B177-75931616F756}c:\\program files\\asus\\asusupdate\\update.exe"= TCP:c:\program files\asus\asusupdate\update.exe:ASUS Windows Platform Flash Program
"TCP Query User{EFFB1350-F2A5-4336-8265-FBA1C1805F31}c:\\program files\\steam\\steamapps\\coldroll\\half-life 2 deathmatch\\hl2.exe"= UDP:c:\program files\steam\steamapps\coldroll\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{27C17A04-A547-4A11-9794-A977D6EC69BD}c:\\program files\\steam\\steamapps\\coldroll\\half-life 2 deathmatch\\hl2.exe"= TCP:c:\program files\steam\steamapps\coldroll\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{3BE1C9FA-6251-41E2-BB37-DF23E133A0A1}c:\\program files\\steam\\steamapps\\coldroll\\zombie panic! source\\hl2.exe"= UDP:c:\program files\steam\steamapps\coldroll\zombie panic! source\hl2.exe:hl2
"UDP Query User{8B9CE08E-ED0B-45A3-A2FA-3279923E18CA}c:\\program files\\steam\\steamapps\\coldroll\\zombie panic! source\\hl2.exe"= TCP:c:\program files\steam\steamapps\coldroll\zombie panic! source\hl2.exe:hl2
"TCP Query User{AB6DA4EE-0375-40D6-8D25-BFDAEE9F11C6}c:\\program files\\steam\\steamapps\\coldroll\\insurgency\\hl2.exe"= UDP:c:\program files\steam\steamapps\coldroll\insurgency\hl2.exe:hl2
"UDP Query User{EB2FB7C8-B796-416A-AA29-3DA2B7DC5CC5}c:\\program files\\steam\\steamapps\\coldroll\\insurgency\\hl2.exe"= TCP:c:\program files\steam\steamapps\coldroll\insurgency\hl2.exe:hl2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 pctfw2;pctfw2;\??\c:\windows\System32\drivers\pctfw2.sys [2008-12-01 160792]
S2 gupdate1c90c635166d7cd;Google Update Service (gupdate1c90c635166d7cd);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-09-01 133104]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-11-30 356920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\shell\AutoRun\command - d:\.\Bin\ASSETUP.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c15e8f9-bd60-11dd-aaa1-001fc63e34d3}]
\shell\AutoRun\command - J:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7ee486e3-ba2d-11dc-b909-806e6f6e6963}]
\shell\AutoRun\command - E:\CDCheck.exe

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-12-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-09-01 13:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.safeappsoftware.com/
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
FireFox -: Profile - c:\users\Cole\AppData\Roaming\Mozilla\Firefox\Profiles\q0wk6zak.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.blackle.com/
FF -: plugin - c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
FF -: plugin - c:\program files\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-09 18:49:46
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-09 18:50:22
ComboFix-quarantined-files.txt 2008-12-09 23:50:20

Pre-Run: 796,348,944,384 bytes free
Post-Run: 796,366,823,424 bytes free

222 --- E O F --- 2008-12-06 17:51:10

[Ried]

Hello maddog197,

Yes, Vista does have a Safe Mode. If you wanted to access it, you would go about it the same way as you would on an XP system. Reboot the computer and tap F8 on your keyboard.

ComboFix did take care of the malware entry I saw, how is the system behaving after running ComboFix?


It's important to run an online scan to search for remnants. It can take a while to complete so please allow it to run the full course.


Perform an online scan with Panda ActiveScan

* Turn off the real time scanner of any existing antivirus program while performing the online scan

• Click on Scan Your PC Now
• A "pop up" window will appear, or a new tab will open.
• Click on Register
• Choose the option you like most, but we recommend the Free Registration.
• Click on Register
• Enter your e-mail address, and create a password.
• Select "I do not want to receive any type of information". (unless you want to receive such information)
• Click on Send
• Confirm registration, and continue by entering your user name and password, then click on Enter
• Select Full Scan, then Click on Scan Now
• Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
  
• If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
• Please ignore the offer to buy the program. Click on Export To
  
• Export the log and save it to your desktop.
• Please attach the contents of that log in your next reply.

[maddog197]

Hi Again,
Finally was able to do the panda scan and the log is attachd Thanks for the great help. Hopefullythe issue is resolved.

[Ried]

Panda 'disinfected' ComboFix.

Please download a fresh copy from here and save it to your desktop.

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.


Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

• It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.



In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

Vista UAC does protect


PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.

[maddog197]

Hi Ried,
Followed your instructions and all seems to be well now. Thanks again :>)

[Ried]

You're welcome, maddog197.

Take care.