"Gaigaen.exe" Problems

[rafleming]

Hi there,

Im currently having issues on my computer due to what I think is called "Gaigaen.exe". The problems only started this morning after connecting a camera card which had been in another persons computer. First thing I noticed was that some shortcuts and files had been created on the card. They were:

Shortcut to "Music", "Video", "Documents" and a file called "Passwords".

I have never created these, when I plugged in my flash drive...surprise surprise...the mysterious shortcuts and the file were there too!

Next thing to happen was that Adobe Illustrator crashed, when I reopened it the "Adobe Crash Reporter" dialogue box opened - whenever I extited this it would exit Illustrator immediately. This is were I got worried as I have my main art portfolio due for marking on Thursday!! I ran Spybot S&D which found a few things (can't remember the names now) but they looked like ones which I regulary see, and certainly none of them were "Gaigaen". I removed all of these, and rebooted, problems with Illustrator persisted.

This is when I decided to run a virus scan. My normal virus protection (eTrust) wouldn't run a scan - it just remained on "initializing" and would not move. I downloaded AVG, ran a scan, and it found "Gaigaen.exe" inside: "C:\Documents and Settings\rfleming"

I used the file shredder to get rid of the shortcuts and file mentioned above from this directory. After running the virus scan in AVG the Illustrator problem does not persist.

However: I cannot open and flash drives I plug into the computer. Mozilla crashes regulary. eTrust Anti Virus will not perform a search. Spybot S&D is continually popping up warnings that a file is being deleted within My Documents...again I can't recall the name - but I did deny the change. I will post the name if I see them again. AND.....possibly worst of all...command prompt pops up twice, and quickly exits, each time I startup. This worrys me!

Help would be very much appreciated!

Thanks!

Oops,

I meant to put this in!


DDS (Ver_09-10-24.03) - NTFSx86
Run by rfleming at 22:33:23.14 on Sun 25/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.whhs.school.nz/mydesktop
uSearch Page =
uSearch Bar =
uInternet Connection Wizard,ShellNext = hxxp://localhost:5250/spin/ITMClient/ITMClient.csp?product=0&TopLevelTab=0
uInternet Settings,ProxyServer = 172.31.232.250:3128
mSearchAssistant =
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: URLDetector Class: {55ea1964-f5e4-4d6a-b9b2-125b37655fcb} - c:\documents and settings\all users\application data\prevx\pxbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [AdobeBridge]
uRun: [EPSON Stylus CX3900 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibep.exe /fu "c:\docume~1\rfleming\locals~1\temp\E_S82.tmp" /EF "HKCU"
uRun: [Google Update] "c:\documents and settings\rfleming\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [GameShadow] c:\program files\gameshadow\GameShadow.exe /q
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [gaigaen] c:\documents and settings\rfleming\gaigaen.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TOSDCR] TOSDCR.EXE
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [FingerPrintNotifer] "c:\program files\truesuite access manager\FpNotifier.exe"
mRun: [UsbMonitor] "c:\program files\truesuite access manager\usbnotify.exe"
mRun: [PwdBank] "c:\program files\truesuite access manager\PwdBank.exe"
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [Realtime Monitor] "c:\program files\ca\etrustitm\realmon.exe" -s
mRun: [TFNF5] TFNF5.exe
mRun: [Ulead Quick-Drop] "c:\program files\ulead systems\ulead dvd moviefactory 5 se\ulead dvd moviefactory 5\Quick-Drop.exe" WINDOWCALL
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [BVRPLiveUpdate] c:\program files\avanquest update\engine\setup.exe -s /patch,/srcupdatec:\docume~1\alluse~1\applic~1\sonyer~1\sonyer~1\liveup~1\LISTOF~1.DAT
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [PrevxOne] "c:\program files\prevx1\PXConsole.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.1.4.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {1A0D9F48-6B72-48AC-8F08-CCC796E37191} = 10.1.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: TosBtNP - TosBtNP.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rfleming\applic~1\mozilla\firefox\profiles\d59ee6qd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.nz/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=18&tid={B1650243-99A0-254C-AA7E-56B6A2E5B54D}&q=
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\rfleming\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\total immersion\dfusionhomewebplugin\NPDFusionWebFirefox.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-10-25 08:48:32 0 d-----w- c:\docume~1\rfleming\applic~1\Prevx
2009-10-25 08:47:44 9728 ----a-w- c:\windows\system32\drivers\pxscinst.dll
2009-10-25 08:47:43 7680 ----a-w- c:\windows\system32\drivers\pxinst.dll
2009-10-25 08:45:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Prevx
2009-10-25 08:45:32 0 d-----w- c:\program files\Prevx1
2009-10-25 08:27:21 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2009-10-25 08:27:21 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2009-10-25 08:27:18 0 d-----w- c:\program files\Prevx
2009-10-25 08:27:02 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2009-10-25 04:29:22 0 d--h--w- C:\$AVG
2009-10-25 04:28:59 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-25 04:28:58 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-25 04:28:58 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-25 04:28:40 0 d-----w- c:\windows\system32\drivers\Avg
2009-10-25 04:28:22 0 d-----w- c:\program files\AVG
2009-10-25 04:28:18 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-25 03:12:21 0 d-----w- c:\docume~1\rfleming\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-10-25 03:05:46 0 d-----w- C:\AITEMP
2009-10-25 02:26:21 155 ----a-w- c:\windows\wininit.ini
2009-10-25 02:00:04 155648 ----a-w- c:\windows\msb.exe
2009-10-25 01:54:41 0 d-----w- c:\docume~1\rfleming\applic~1\uTorrent
2009-10-25 01:23:02 155648 ----a-w- c:\windows\msa.exe
2009-10-24 22:00:41 126 --sh--r- c:\documents and settings\rfleming\autorun.inf
2009-10-23 08:41:55 0 d-----w- c:\program files\FLV to AVI
2009-10-10 03:53:04 0 d-----w- c:\program files\Microsoft
2009-10-10 03:29:56 0 d-----w- c:\program files\common files\Sony Shared
2009-10-10 03:22:24 0 d-----w- c:\program files\Avanquest update
2009-10-10 03:22:15 109736 ----a-w- c:\windows\system32\drivers\s1018unic.sys
2009-10-10 03:22:15 108200 ----a-w- c:\windows\system32\drivers\s1018mgmt.sys
2009-10-10 03:22:15 10792 ----a-w- c:\windows\system32\drivers\s1018cr.sys
2009-10-10 03:22:15 104616 ----a-w- c:\windows\system32\drivers\s1018obex.sys
2009-10-10 03:22:14 86696 ----a-w- c:\windows\system32\drivers\s1018bus.sys
2009-10-10 03:22:14 26024 ----a-w- c:\windows\system32\drivers\s1018nd5.sys
2009-10-10 03:22:14 15016 ----a-w- c:\windows\system32\drivers\s1018mdfl.sys
2009-10-10 03:22:14 12200 ----a-w- c:\windows\system32\drivers\s1018whnt.sys
2009-10-10 03:22:14 12200 ----a-w- c:\windows\system32\drivers\s1018wh.sys
2009-10-10 03:22:14 12200 ----a-w- c:\windows\system32\drivers\s1018cmnt.sys
2009-10-10 03:22:14 12200 ----a-w- c:\windows\system32\drivers\s1018cm.sys
2009-10-10 03:22:14 114472 ----a-w- c:\windows\system32\drivers\s1018mdm.sys
2009-10-10 03:21:05 0 d-----w- c:\program files\Sony Ericsson
2009-10-10 03:21:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Sony Ericsson
2009-10-09 04:31:58 0 d-----w- c:\program files\Keep I.T. Easy
2009-10-07 08:15:49 0 d-----w- c:\program files\Ask.com
2009-10-05 01:09:21 0 d-----w- c:\program files\Search Guard PlusU
2009-10-05 01:09:20 0 d-----w- c:\program files\Search Guard Plus
2009-10-05 01:09:17 0 d-----w- c:\program files\SGPSA
2009-10-05 01:07:54 0 d-----w- C:\users
2009-10-05 00:04:37 0 ----a-w- c:\windows\PowerReg.dat
2009-10-05 00:01:39 0 d-----w- c:\program files\Infogrames Interactive
2009-10-03 13:20:48 0 d-----w- c:\program files\Free FLV to AVI Video Converter
2009-10-02 18:35:16 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 07:39:52 80 --sh--r- c:\windows\system32\CF65D00C38.dll
2009-10-02 07:39:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Protexis
2009-10-02 07:27:18 13030 ----a-w- C:\PDOXUSRS.NET
2009-10-02 07:26:38 0 d-----w- c:\program files\Responsive Software
2009-10-02 07:26:38 0 d-----w- c:\program files\common files\Borland Shared
2009-10-02 01:43:44 0 d-----w- c:\documents and settings\rfleming\.gconfd
2009-10-02 01:43:44 0 d-----w- c:\documents and settings\rfleming\.gconf
2009-10-02 01:43:43 0 d-----w- c:\documents and settings\rfleming\.gnome2_private
2009-10-02 01:43:43 0 d-----w- c:\documents and settings\rfleming\.gnome2
2009-10-02 01:43:00 0 d-----w- c:\documents and settings\rfleming\.gnucash
2009-09-30 08:40:51 0 d--h--w- c:\windows\PIF
2009-09-30 04:44:52 99 ----a-w- c:\windows\system32\test.aok
2009-09-29 06:42:38 0 d-----w- c:\docume~1\rfleming\applic~1\Total Immersion
2009-09-29 06:41:59 0 d-----w- c:\program files\Total Immersion
2009-09-28 10:07:23 0 d-----w- c:\docume~1\alluse~1\applic~1\3DVIA
2009-09-28 10:07:06 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-09-28 1059 0 d-----w- c:\program files\Virtools

==================== Find3M ====================

2009-09-13 05:03:51 76152 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 07:42:52 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-28 07:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 04:56:10 189744 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-23 03:50:05 210327 ----a-w- c:\windows\fonts\AdobeFnt11.lst
2009-08-23 00:01:39 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13:08 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20:09 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 06:52:22 1193832 ----a-w- c:\windows\system32\FM20.DLL
2008-10-24 01:37:43 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2008-10-28 2053 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102020081027\index.dat
2008-10-22 01:55:06 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102220081023\index.dat
2008-10-22 23:10:49 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102320081024\index.dat
2008-10-24 01:46:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102420081025\index.dat
2008-10-29 01:55:20 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102920081030\index.dat
2008-11-23 23:09:53 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112420081125\index.dat
2008-11-30 21:54:12 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008112420081201\index.dat
2008-11-30 23:03:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008120120081202\index.dat

============= FINISH: 22:35:01.32 ===============

[tetonbob]

Hello -

Sometimes, infections such as this require reinstallation of affected applications, and in some cases, of the operating system.

Were you able to use Prevx to fix anything? It seems to be aware of this threat you're describing.

Are you intentionally using a Proxy?

Before we continue, please delete your copy of DDS if you still have it, and download a fresh copy.

Next...

Ensure you have only one AntiVirus application installed. Having more than one installed can cause conflict and system issues.

Next...

Download Flash_Disinfector.exe from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.

-----------------------------------------------------


Download DDS and save it to your desktop from here, here or here.
Disable any script blocker, and then double click dds to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.

-----------------------------------------------------

Please include the following logs in your thread:

• Contents of the DDS.txt posted as text in your reply
• Attach the Attach.txt to your post by clicking the Manage Attachments button under Additonal Options>Attach Files on the composition page. Browse to where you saved the file, and click Upload.

Also provide answers to my questions above.

[rafleming]

Hi there,

Thank you very much for your relpy. I have made some changes: I now only run one antivirus program. I only used the other two (AVT and Previx) in an attempt to rid my computer of the pesky virus. The virus appears to have gone. I ran a number of scans and repairs and eventually none of the programs were picking up any threats, and the computer was not running adversely.

My art assignment is due tomorrow! So a late night for me!

Thanks again for your help,

Reed

[tetonbob]

I'm glad to hear the machine seems well. Do you no longer require assistance, then? The previous DDS log indicated several malicious files. Post logs from a freshly downloaded copy of DDS if you still would like help.

[tetonbob]

Since this issue appears to be resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help