Solve : google and search engine virus.?

1.	Solve : google and search engine virus.?
Answer» I seemed to have picked up a virus possible from a rapidshare file. whenever i try and click a link found from google i am redirected to spyware/advertisment site. Everytime i restart my computer my windows file wall is disabled. interent explorer does not load at all it just freezes my computer. i have tried to open both spy bot and ad aware but they wont work it says they cant connect to server. also when i try and acess the site to download them again it will not let me on to any antivirus/spyware website. I have a basic understanding of computers but this is a little over my head. any help would be areally appreciated. if i reformat the disk what are the chances of the virus still being there. I am using a fujisiemens computer running xp. thanks for you help emilyi have done a malwarebytes scan and this is the results Malwarebytes' Anti-Malware 1.28 Database version: 1222 Windows 5.1.2600 Service Pack 2 30/09/2008 01:22:40 mbam-log-2008-09-30 (01-22-40).txt Scan type: Quick Scan Objects scanned: 48018 Time elapsed: 11 minute(s), 41 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Failed to unload process. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssinit.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssmain.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\tdssserf.dll (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\tdssserv.sys (Rootkit.Agent) -> Delete on reboot. Download TrendMicro HijackThis.exe (HJT) to the Desktop. Double-click on HJTInstall. Click on the Install button. It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Upon install, HijackThis should open for you. Click on the Do a system scan and save a log file button HijackThis will scan and then a log will open in notepad. Copy and then paste the entire contents of the log in your post. Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required. here are the results for hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:40:35, on 30/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Kontiki\KService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\StkASv2K.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\sm56hlpr.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\update\update.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/iplayer R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe" O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing) O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe -- End of file - 7509 bytesDownload ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop. Link #1 Link #2 Note: It is important that it is saved directly to your Desktop Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix. Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them. Double click combofix.exe & follow the prompts. When finished ComboFix will produce a log for you. Post the ComboFix log in your next reply. Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall. Remember to re-enable your antivirus and antispyware protection when ComboFix is complete. Also let me know how things are now.here is the report. thinks seem to be running better no longer have the problem with google. what do you think the problem was? ComboFix 08-09-28.03 - e 2008-09-30 2:16:31.2 - NTFSx86 Running from: C:\Documents and Settings\e\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!** . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\WINDOWS\system32\TDSSadw.dll C:\WINDOWS\system32\TDSSerrors.log C:\WINDOWS\system32\tdssl.dll C:\WINDOWS\system32\tdsslog.dll C:\WINDOWS\system32\TDSSserf1.dll C:\WINDOWS\system32\tdssservers.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV -------\Service_TDSSserv ((((((((((((((((((((((((( Files CREATED from 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))) . 2008-09-30 01:43 . 2008-09-30 01:43d--------C:\Program Files\SUPERAntiSpyware 2008-09-30 01:42 . 2008-09-30 01:42d--------C:\Program Files\Common Files\Wise Installation Wizard 2008-09-30 01:39 . 2008-09-30 01:39d--------C:\Program Files\Trend Micro 2008-09-30 01:39 . 2008-06-10 02:3273,728--a------C:\WINDOWS\system32\javacpl.cpl 2008-09-30 01:24 . 2008-09-30 01:2461,440--a------C:\WINDOWS\system32\drivers\sbalb.sys 2008-09-30 00:04 . 2008-09-30 02:16d--------C:\WINDOWS\system32\CatRoot_bak 2008-09-28 18:29 . 2008-09-28 18:29d--------C:\Program Files\Ares 2008-09-28 12:52 . 2008-09-30 02:0054,156--ah-----C:\WINDOWS\QTFont.qfn 2008-09-28 12:52 . 2008-09-28 12:521,409--a------C:\WINDOWS\QTFont.for 2008-09-24 09:00 . 2008-09-24 09:00d--------C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2008-09-17 15:45 . 2008-09-17 15:45d--------C:\Program Files\Cucusoft 2008-09-17 15:45 . 2008-09-17 15:45d--------C:\ConverterOutput 2008-09-17 15:45 . 2003-03-30 20:08372,736--a------C:\WINDOWS\system32\xvid.ax 2008-09-17 13:45 . 2008-09-17 15:36d--------C:\Documents and Settings\e\Application Data\Creative 2008-09-17 13:35 . 2006-10-05 23:1753,248---------C:\WINDOWS\Ctregrun.exe 2008-09-17 13:34 . 2008-09-17 13:34d--------C:\Program Files\Audible 2008-09-17 13:34 . 2008-09-17 13:34417,792--a------C:\WINDOWS\system32\awrdscdc.ax 2008-09-17 13:33 . 2008-09-17 13:43d--------C:\Documents and Settings\All Users\Application Data\Creative 2008-09-17 13:31 . 2008-09-17 13:33d--h-----C:\Program Files\Creative Installation Information 2008-09-17 13:31 . 2008-09-17 13:35d--------C:\Program Files\Creative 2008-09-17 13:31 . 2008-09-17 13:31d--------C:\Program Files\Common Files\Creative 2008-09-17 13:31 . 1999-12-12 18:0144,032---------C:\WINDOWS\system32\CTSVCCDA.EXE 2008-09-17 13:31 . 1999-11-17 18:0025,088---------C:\WINDOWS\system32\CTSVCCTL.EXE 2008-09-17 00:36 . 2008-09-17 00:36d--------C:\Program Files\Alwil Software 2008-09-16 22:41 . 2007-05-02 09:51d--------C:\Documents and Settings\Administrator\Application Data\InterVideo 2008-09-16 22:41 . 2008-09-16 22:54d--------C:\Documents and Settings\Administrator 2008-09-16 17:17 . 2008-09-16 17:17d--------C:\Program Files\NCH Software 2008-09-16 11:09 . 2008-09-29 23:45d--------C:\Program Files\a-squared Free 2008-09-16 10:59 . 2008-09-16 10:59d--------C:\Documents and Settings\All Users\Application Data\PC Tools 2008-09-16 10:59 . 2008-04-24 16:5212,608--a------C:\WINDOWS\system32\drivers\TfKbMon.sys 2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Program Files\Malwarebytes' Anti-Malware 2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Documents and Settings\e\Application Data\Malwarebytes 2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-16 10:58 . 2008-09-10 00:0438,528--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-16 10:58 . 2008-09-10 00:0317,200--a------C:\WINDOWS\system32\drivers\mbam.sys 2008-09-16 10:54 . 2008-09-16 10:54d--------C:\Documents and Settings\e\Application Data\SUPERAntiSpyware.com 2008-09-16 10:54 . 2008-09-16 10:54d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-16 10:31 . 2008-09-16 22:56d--------C:\Documents and Settings\All Users\Application Data\avg8 2008-09-10 18:01 . 2008-09-17 15:11d--------C:\Program Files\FlashGet 2008-09-10 17:31 . 2008-09-17 15:10d--------C:\downloads 2008-09-10 17:31 . 2008-09-10 17:58d--------C:\Documents and Settings\e\Application Data\Orbit 2008-09-10 17:31 . 2008-09-10 17:43d--------C:\Documents and Settings\e\Application Data\GrabPro 2008-09-09 11:58 . 2008-09-09 11:58d--------C:\Program Files\7-Zip 2008-09-09 10:04 . 2008-09-09 10:04d--------C:\Program Files\uTorrent 2008-09-09 10:04 . 2008-09-27 12:04d--------C:\Documents and Settings\e\Application Data\uTorrent 2008-09-08 18:18 . 2008-04-08 00:169,200---------C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-09-08 18:18 . 2008-04-08 00:169,072---------C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-09-08 18:17 . 2008-09-08 18:17d--------C:\WINDOWS\system32\IOSUBSYS 2008-09-08 15:11 . 2008-09-08 15:11d--------C:\Program Files\Siber Systems 2008-09-08 15:11 . 2008-09-08 15:11d--------C:\Documents and Settings\All Users\Application Data\RoboForm 2008-09-08 14:46 . 2008-09-08 16:35d--------C:\Documents and Settings\e\Pavark 2008-09-07 14:32 . 2008-09-07 14:35d--------C:\Program Files\JkDefragGUI 2008-09-07 14:32 . 2008-08-31 21:47238,592--a------C:\WINDOWS\system32\JkDefragScreenSaver.exe 2008-09-07 14:32 . 2008-08-31 21:4798,304--a------C:\WINDOWS\system32\JkDefragScreenSaver.scr 2008-08-29 18:18 . 2008-08-29 18:182,302,017--a------C:\WINDOWS\system32\GPhotos.scr 2008-08-15 18:07 . 2008-08-15 18:0731,232--a------C:\WINDOWS\system\vdremote.dll 2008-08-15 18:07 . 2008-08-15 18:0725,088--a------C:\WINDOWS\system\vdsvrlnk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-30 01:21---------d-----wC:\Documents and Settings\All Users\Application Data\Kontiki 2008-09-30 00:39---------d-----wC:\Program Files\Java 2008-09-29 22:45---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-20 18:53---------d--h--wC:\Program Files\InstallShield Installation Information 2008-09-16 23:16---------d-----wC:\Documents and Settings\e\Application Data\Skype 2008-09-16 23:13---------d-----wC:\Documents and Settings\e\Application Data\skypePM 2008-09-16 22:24---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP 2008-09-16 22:24---------d-----wC:\Program Files\SpywareBlaster 2008-09-16 22:03---------d-----wC:\Program Files\RegScrubXP 2008-09-16 09:32---------d-----wC:\Program Files\DivX 2008-09-16 09:28---------d-----wC:\Program Files\Yahoo! 2008-09-16 09:25---------d-----wC:\Documents and Settings\All Users\Application Data\Grisoft 2008-09-08 17:17---------d-----wC:\Program Files\Google 2008-09-07 11:49---------d-----wC:\Documents and Settings\e\Application Data\DNA 2008-09-06 14:40---------d-----wC:\Program Files\DNA 2008-03-11 23:2132----a-wC:\Documents and Settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "vidc.CDVC"= cdvccodc.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD] --a------ 2007-11-27 12:58 1032376 C:\Program Files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool] --a------ 2006-12-01 18:10 286720 C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck] --------- 2007-11-06 11:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun] --------- 2006-10-05 23:17 53248 C:\WINDOWS\Ctregrun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2007-07-17 11:03 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2008-01-04 15:43 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] --a------ 2007-11-27 12:58 1032376 C:\Program Files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] --a------ 2006-11-02 13:43 472632 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-03 14:07 1576176 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-01-04 15:42 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2007-11-13 16:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2005-11-10 04:44 557056 C:\WINDOWS\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] --a------ 2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] --a------ 2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SSScsiSV"=3 (0x3) "avg8wd"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\WINDOWS\\system32\\java.exe"= "C:\\Program Files\\Ares\\Ares.exe"= R1 aswSP;avast! SELF Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 StkASSrv;Syntek STK1160 Service;C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 24576] R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 5504] S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service [ ] S3 Mouqmmr;Mouqmmr;C:\WINDOWS\system32\blastcln.exe [2004-08-04 71680] S3 StkAMini;Syntek STK1160;C:\WINDOWS\system32\Drivers\StkAMini.sys [2006-11-15 242139] S3 StkScan;Syntek STK1160 Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2006-06-27 4772] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe MSConfigStartUp-ThreatFire - C:\Program Files\ThreatFire\TFTray.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\o83xzkld.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk/ FF -: plugin - C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\o83xzkld.default\extensions\[emailprotected]\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll FF -: plugin - C:\Program Files\Google\Picasa3\npPicasa3.dll FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-30 02:21:49 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . Completion time: 2008-09-30 2:28:22 ComboFix-quarantined-files.txt 2008-09-30 01:28:15 Pre-Run: 20,696,715,264 bytes free Post-Run: 21,159,137,280 bytes free 214--- E O F ---2008-09-29 23:07:00 Quote what do you think the problem was? Clicked a bad link...opened an infected email attachment...bad codec.... the possibilities are many. Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system Delete these files/folders, as follows: 1. Go to Start > Run > type Notepad.exe and click OK to open Notepad. It must be Notepad, not Wordpad. 2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C Code: [Select]KillAll:: Driver:: TDSSSERV TDSSserv 3. Go to the Notepad window and click Edit > Paste 4. Then click File > Save 5. Name the file CFScript.txt - Save the file to your Desktop 6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully! ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it will produce a log for you. Post that log (Combofix.txt) in your next reply. Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze*here is the results ComboFix 08-09-28.03 - e 2008-09-30 2:50:14.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.184 [GMT 1:00] Running from: C:\Documents and Settings\e\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\e\Desktop\CFScript.txt Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 ))))))))))))))))))))))))))))))) . 2008-09-30 01:43 . 2008-09-30 01:43d--------C:\Program Files\SUPERAntiSpyware 2008-09-30 01:42 . 2008-09-30 01:42d--------C:\Program Files\Common Files\Wise Installation Wizard 2008-09-30 01:39 . 2008-09-30 01:39d--------C:\Program Files\Trend Micro 2008-09-30 01:39 . 2008-06-10 02:3273,728--a------C:\WINDOWS\system32\javacpl.cpl 2008-09-30 01:24 . 2008-09-30 01:2461,440--a------C:\WINDOWS\system32\drivers\sbalb.sys 2008-09-30 00:04 . 2008-09-30 02:16d--------C:\WINDOWS\system32\CatRoot_bak 2008-09-28 18:29 . 2008-09-28 18:29d--------C:\Program Files\Ares 2008-09-24 09:00 . 2008-09-24 09:00d--------C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2008-09-17 15:45 . 2008-09-17 15:45d--------C:\Program Files\Cucusoft 2008-09-17 15:45 . 2008-09-17 15:45d--------C:\ConverterOutput 2008-09-17 15:45 . 2003-03-30 20:08372,736--a------C:\WINDOWS\system32\xvid.ax 2008-09-17 13:45 . 2008-09-17 15:36d--------C:\Documents and Settings\e\Application Data\Creative 2008-09-17 13:35 . 2006-10-05 23:1753,248---------C:\WINDOWS\Ctregrun.exe 2008-09-17 13:34 . 2008-09-17 13:34d--------C:\Program Files\Audible 2008-09-17 13:34 . 2008-09-17 13:34417,792--a------C:\WINDOWS\system32\awrdscdc.ax 2008-09-17 13:33 . 2008-09-17 13:43d--------C:\Documents and Settings\All Users\Application Data\Creative 2008-09-17 13:31 . 2008-09-17 13:33d--h-----C:\Program Files\Creative Installation Information 2008-09-17 13:31 . 2008-09-17 13:35d--------C:\Program Files\Creative 2008-09-17 13:31 . 2008-09-17 13:31d--------C:\Program Files\Common Files\Creative 2008-09-17 13:31 . 1999-12-12 18:0144,032---------C:\WINDOWS\system32\CTSVCCDA.EXE 2008-09-17 13:31 . 1999-11-17 18:0025,088---------C:\WINDOWS\system32\CTSVCCTL.EXE 2008-09-17 00:36 . 2008-09-17 00:36d--------C:\Program Files\Alwil Software 2008-09-16 22:41 . 2007-05-02 09:51d--------C:\Documents and Settings\Administrator\Application Data\InterVideo 2008-09-16 22:41 . 2008-09-16 22:54d--------C:\Documents and Settings\Administrator 2008-09-16 17:17 . 2008-09-16 17:17d--------C:\Program Files\NCH Software 2008-09-16 11:09 . 2008-09-29 23:45d--------C:\Program Files\a-squared Free 2008-09-16 10:59 . 2008-09-16 10:59d--------C:\Documents and Settings\All Users\Application Data\PC Tools 2008-09-16 10:59 . 2008-04-24 16:5212,608--a------C:\WINDOWS\system32\drivers\TfKbMon.sys 2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Program Files\Malwarebytes' Anti-Malware 2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Documents and Settings\e\Application Data\Malwarebytes 2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-16 10:58 . 2008-09-10 00:0438,528--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-16 10:58 . 2008-09-10 00:0317,200--a------C:\WINDOWS\system32\drivers\mbam.sys 2008-09-16 10:54 . 2008-09-16 10:54d--------C:\Documents and Settings\e\Application Data\SUPERAntiSpyware.com 2008-09-16 10:54 . 2008-09-16 10:54d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-09-16 10:31 . 2008-09-16 22:56d--------C:\Documents and Settings\All Users\Application Data\avg8 2008-09-10 18:01 . 2008-09-17 15:11d--------C:\Program Files\FlashGet 2008-09-10 17:31 . 2008-09-17 15:10d--------C:\downloads 2008-09-10 17:31 . 2008-09-10 17:58d--------C:\Documents and Settings\e\Application Data\Orbit 2008-09-10 17:31 . 2008-09-10 17:43d--------C:\Documents and Settings\e\Application Data\GrabPro 2008-09-09 11:58 . 2008-09-09 11:58d--------C:\Program Files\7-Zip 2008-09-09 10:04 . 2008-09-09 10:04d--------C:\Program Files\uTorrent 2008-09-09 10:04 . 2008-09-27 12:04d--------C:\Documents and Settings\e\Application Data\uTorrent 2008-09-08 18:18 . 2008-04-08 00:169,200---------C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-09-08 18:18 . 2008-04-08 00:169,072---------C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-09-08 18:17 . 2008-09-08 18:17d--------C:\WINDOWS\system32\IOSUBSYS 2008-09-08 15:11 . 2008-09-08 15:11d--------C:\Program Files\Siber Systems 2008-09-08 15:11 . 2008-09-08 15:11d--------C:\Documents and Settings\All Users\Application Data\RoboForm 2008-09-08 14:46 . 2008-09-08 16:35d--------C:\Documents and Settings\e\Pavark 2008-09-07 14:32 . 2008-09-07 14:35d--------C:\Program Files\JkDefragGUI 2008-09-07 14:32 . 2008-08-31 21:47238,592--a------C:\WINDOWS\system32\JkDefragScreenSaver.exe 2008-09-07 14:32 . 2008-08-31 21:4798,304--a------C:\WINDOWS\system32\JkDefragScreenSaver.scr 2008-08-29 18:18 . 2008-08-29 18:182,302,017--a------C:\WINDOWS\system32\GPhotos.scr 2008-08-15 18:07 . 2008-08-15 18:0731,232--a------C:\WINDOWS\system\vdremote.dll 2008-08-15 18:07 . 2008-08-15 18:0725,088--a------C:\WINDOWS\system\vdsvrlnk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-30 01:55---------d-----wC:\Documents and Settings\All Users\Application Data\Kontiki 2008-09-30 00:39---------d-----wC:\Program Files\Java 2008-09-29 22:45---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-20 18:53---------d--h--wC:\Program Files\InstallShield Installation Information 2008-09-16 23:16---------d-----wC:\Documents and Settings\e\Application Data\Skype 2008-09-16 23:13---------d-----wC:\Documents and Settings\e\Application Data\skypePM 2008-09-16 22:24---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP 2008-09-16 22:24---------d-----wC:\Program Files\SpywareBlaster 2008-09-16 22:03---------d-----wC:\Program Files\RegScrubXP 2008-09-16 09:32---------d-----wC:\Program Files\DivX 2008-09-16 09:28---------d-----wC:\Program Files\Yahoo! 2008-09-16 09:25---------d-----wC:\Documents and Settings\All Users\Application Data\Grisoft 2008-09-08 17:17---------d-----wC:\Program Files\Google 2008-09-07 11:49---------d-----wC:\Documents and Settings\e\Application Data\DNA 2008-09-06 14:40---------d-----wC:\Program Files\DNA 2008-03-11 23:2132----a-wC:\Documents and Settings\All Users\Application Data\ezsid.dat . ((((((((((((((((((((((((((((( [emailprotected]_ 2.27.54.32 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-30 01:53:5016,384----atwC:\WINDOWS\Temp\Perflib_Perfdata_564.dat + 2008-09-30 01:53:5716,384----atwC:\WINDOWS\Temp\Perflib_Perfdata_7cc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "vidc.yv12"= yv12vfw.dll "vidc.CDVC"= cdvccodc.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD] --a------ 2007-11-27 12:58 1032376 C:\Program Files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] --a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool] --a------ 2006-12-01 18:10 286720 C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck] --------- 2007-11-06 11:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun] --------- 2006-10-05 23:17 53248 C:\WINDOWS\Ctregrun.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe] --------- 2007-07-17 11:03 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] --a------ 2008-01-04 15:43 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] --a------ 2007-11-27 12:58 1032376 C:\Program Files\Kontiki\KHost.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] --a------ 2006-11-02 13:43 472632 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-09-03 14:07 1576176 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-01-04 15:42 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2007-11-13 16:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2005-11-10 04:44 557056 C:\WINDOWS\sm56hlpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] --a------ 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer] --a------ 2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp] --a------ 2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SSScsiSV"=3 (0x3) "avg8wd"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "C:\\WINDOWS\\system32\\java.exe"= "C:\\Program Files\\Ares\\Ares.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 StkASSrv;Syntek STK1160 Service;C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 24576] R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 5504] S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service [ ] S3 Mouqmmr;Mouqmmr;C:\WINDOWS\system32\blastcln.exe [2004-08-04 71680] S3 StkAMini;Syntek STK1160;C:\WINDOWS\system32\Drivers\StkAMini.sys [2006-11-15 242139] S3 StkScan;Syntek STK1160 Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2006-06-27 4772] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-30 02:54:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\WLTRYSVC.EXE C:\WINDOWS\system32\BCMWLTRY.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ********************************************************************** . Completion time: 2008-09-30 3:01:14 - machine was rebooted [e] ComboFix-quarantined-files.txt 2008-09-30 02:01:05 ComboFix2.txt 2008-09-30 01:28:24 Pre-Run: 21,082,935,296 bytes free Post-Run: 21,078,179,840 bytes free 205--- E O F ---2008-09-29 23:07:00 thanks for your help so far Looks GOOD. Things running OK now? Click START then RUN Now type Combofix /u in the runbox Make sure there's a space between Combofix and /u Then hit Enter. The above procedure will: Delete the following: ComboFix and its associated files and folders. Reset the clock settings. Hide file extensions, if required. Hide System/Hidden files, if required. Set a new, clean Restore Point. . ---------- Remove the old versions of Java Download JavaRa and unzip the file to your Desktop. Open JavaRA.exe and choose Remove Older Versions Once complete exit JavaRA and delete the program. Run CCleaner. . ---------- If you don't have CCleaner... Download CCleaner Slim and save it to your Desktop. When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe Follow the prompts to install the program. Complete the installation then: Double-click the CCleaner shortcut on the desktop to start the program. Click on the Options block on the left, then choose Cookies. Under Cookies to Delete, highlight any cookies you would like to retain permanently Click the right arrow > to move them to the Cookies to Keep window. Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours Click Cleaner on the left then Run Cleaner on the right to run the program. Important: Make sure that ALL browser windows are closed before selecting Run Cleaner Caution: It is not recommended that you use the 'Registry' feature unless you are very familiar with the registry. Exit CCleaner after it has completed its process. . ---------- Set a New Restore Point to prevent possible reinfection from an old one Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed. Go to Start > Programs > Accessories > System Tools and click System Restore Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create. The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Next go to Start > Run and type Cleanmgr Click OK Click the More Options Tab. Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one. You can find instructions on how to enable and re-enable system restore here: Windows XP System Restore Guide or Windows Vista System Restore Guide . ---------- Use the Secunia Software Inspector to check for out of date software. Click Start Now Check the box next to Enable thorough system inspection. Click Start Allow the scan to finish and scroll down to see if any updates are needed. Update anything listed. . ---------- Go to Microsoft Windows Update and get all critical updates. ---------- Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.** Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript To prevent unknown applications from being installed on your computer install WinPatrol 2008 * Using Winpatrol to protect your computer from malicious software I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SAFETY ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites. SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth. yes i think it is all working again now thanks very much for your help No problem. Safe surfing....

Answer»

I seemed to have picked up a virus possible from a rapidshare file. whenever i try and click a link found from google i am redirected to spyware/advertisment site. Everytime i restart my computer my windows file wall is disabled. interent explorer does not load at all it just freezes my computer. i have tried to open both spy bot and ad aware but they wont work it says they cant connect to server. also when i try and acess the site to download them again it will not let me on to any antivirus/spyware website. I have a basic understanding of computers but this is a little over my head. any help would be areally appreciated. if i reformat the disk what are the chances of the virus still being there. I am using a fujisiemens computer running xp. thanks for you help emilyi have done a malwarebytes scan and this is the results

Malwarebytes' Anti-Malware 1.28
Database version: 1222
Windows 5.1.2600 Service Pack 2

30/09/2008 01:22:40
mbam-log-2008-09-30 (01-22-40).txt

Scan type: Quick Scan
Objects scanned: 48018
Time elapsed: 11 minute(s), 41 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Failed to unload process.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\ (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Rootkit.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Rootkit.Agent) -> Delete on reboot.
Download TrendMicro HijackThis.exe (HJT) to the Desktop.

Double-click on HJTInstall.
Click on the Install button.
It will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe.
Upon install, HijackThis should open for you.
Click on the Do a system scan and save a log file button
HijackThis will scan and then a log will open in notepad.
Copy and then paste the entire contents of the log in your post.
Do not have HijackThis fix anything yet. Most of what it finds will be harmless or even required.

here are the results for hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:40:35, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\sm56hlpr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\update\update.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/iplayer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.co.uk/SnapfishUKActivia.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: ThreatFire - Unknown owner - C:\Program Files\ThreatFire\TFService.exe (file missing)
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7509 bytesDownload ComboFix by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

Also let me know how things are now.here is the report. thinks seem to be running better no longer have the problem with google. what do you think the problem was?

ComboFix 08-09-28.03 - e 2008-09-30 2:16:31.2 - NTFSx86
Running from: C:\Documents and Settings\e\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\TDSSadw.dll
C:\WINDOWS\system32\TDSSerrors.log
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\TDSSserf1.dll
C:\WINDOWS\system32\tdssservers.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV
-------\Service_TDSSserv

((((((((((((((((((((((((( Files CREATED from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.

2008-09-30 01:43 . 2008-09-30 01:43d--------C:\Program Files\SUPERAntiSpyware
2008-09-30 01:42 . 2008-09-30 01:42d--------C:\Program Files\Common Files\Wise Installation Wizard
2008-09-30 01:39 . 2008-09-30 01:39d--------C:\Program Files\Trend Micro
2008-09-30 01:39 . 2008-06-10 02:3273,728--a------C:\WINDOWS\system32\javacpl.cpl
2008-09-30 01:24 . 2008-09-30 01:2461,440--a------C:\WINDOWS\system32\drivers\sbalb.sys
2008-09-30 00:04 . 2008-09-30 02:16d--------C:\WINDOWS\system32\CatRoot_bak
2008-09-28 18:29 . 2008-09-28 18:29d--------C:\Program Files\Ares
2008-09-28 12:52 . 2008-09-30 02:0054,156--ah-----C:\WINDOWS\QTFont.qfn
2008-09-28 12:52 . 2008-09-28 12:521,409--a------C:\WINDOWS\QTFont.for
2008-09-24 09:00 . 2008-09-24 09:00d--------C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-17 15:45 . 2008-09-17 15:45d--------C:\Program Files\Cucusoft
2008-09-17 15:45 . 2008-09-17 15:45d--------C:\ConverterOutput
2008-09-17 15:45 . 2003-03-30 20:08372,736--a------C:\WINDOWS\system32\xvid.ax
2008-09-17 13:45 . 2008-09-17 15:36d--------C:\Documents and Settings\e\Application Data\Creative
2008-09-17 13:35 . 2006-10-05 23:1753,248---------C:\WINDOWS\Ctregrun.exe
2008-09-17 13:34 . 2008-09-17 13:34d--------C:\Program Files\Audible
2008-09-17 13:34 . 2008-09-17 13:34417,792--a------C:\WINDOWS\system32\awrdscdc.ax
2008-09-17 13:33 . 2008-09-17 13:43d--------C:\Documents and Settings\All Users\Application Data\Creative
2008-09-17 13:31 . 2008-09-17 13:33d--h-----C:\Program Files\Creative Installation Information
2008-09-17 13:31 . 2008-09-17 13:35d--------C:\Program Files\Creative
2008-09-17 13:31 . 2008-09-17 13:31d--------C:\Program Files\Common Files\Creative
2008-09-17 13:31 . 1999-12-12 18:0144,032---------C:\WINDOWS\system32\CTSVCCDA.EXE
2008-09-17 13:31 . 1999-11-17 18:0025,088---------C:\WINDOWS\system32\CTSVCCTL.EXE
2008-09-17 00:36 . 2008-09-17 00:36d--------C:\Program Files\Alwil Software
2008-09-16 22:41 . 2007-05-02 09:51d--------C:\Documents and Settings\Administrator\Application Data\InterVideo
2008-09-16 22:41 . 2008-09-16 22:54d--------C:\Documents and Settings\Administrator
2008-09-16 17:17 . 2008-09-16 17:17d--------C:\Program Files\NCH Software
2008-09-16 11:09 . 2008-09-29 23:45d--------C:\Program Files\a-squared Free
2008-09-16 10:59 . 2008-09-16 10:59d--------C:\Documents and Settings\All Users\Application Data\PC Tools
2008-09-16 10:59 . 2008-04-24 16:5212,608--a------C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Documents and Settings\e\Application Data\Malwarebytes
2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 10:58 . 2008-09-10 00:0438,528--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 10:58 . 2008-09-10 00:0317,200--a------C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 10:54 . 2008-09-16 10:54d--------C:\Documents and Settings\e\Application Data\SUPERAntiSpyware.com
2008-09-16 10:54 . 2008-09-16 10:54d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-16 10:31 . 2008-09-16 22:56d--------C:\Documents and Settings\All Users\Application Data\avg8
2008-09-10 18:01 . 2008-09-17 15:11d--------C:\Program Files\FlashGet
2008-09-10 17:31 . 2008-09-17 15:10d--------C:\downloads
2008-09-10 17:31 . 2008-09-10 17:58d--------C:\Documents and Settings\e\Application Data\Orbit
2008-09-10 17:31 . 2008-09-10 17:43d--------C:\Documents and Settings\e\Application Data\GrabPro
2008-09-09 11:58 . 2008-09-09 11:58d--------C:\Program Files\7-Zip
2008-09-09 10:04 . 2008-09-09 10:04d--------C:\Program Files\uTorrent
2008-09-09 10:04 . 2008-09-27 12:04d--------C:\Documents and Settings\e\Application Data\uTorrent
2008-09-08 18:18 . 2008-04-08 00:169,200---------C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-08 18:18 . 2008-04-08 00:169,072---------C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-08 18:17 . 2008-09-08 18:17d--------C:\WINDOWS\system32\IOSUBSYS
2008-09-08 15:11 . 2008-09-08 15:11d--------C:\Program Files\Siber Systems
2008-09-08 15:11 . 2008-09-08 15:11d--------C:\Documents and Settings\All Users\Application Data\RoboForm
2008-09-08 14:46 . 2008-09-08 16:35d--------C:\Documents and Settings\e\Pavark
2008-09-07 14:32 . 2008-09-07 14:35d--------C:\Program Files\JkDefragGUI
2008-09-07 14:32 . 2008-08-31 21:47238,592--a------C:\WINDOWS\system32\JkDefragScreenSaver.exe
2008-09-07 14:32 . 2008-08-31 21:4798,304--a------C:\WINDOWS\system32\JkDefragScreenSaver.scr
2008-08-29 18:18 . 2008-08-29 18:182,302,017--a------C:\WINDOWS\system32\GPhotos.scr
2008-08-15 18:07 . 2008-08-15 18:0731,232--a------C:\WINDOWS\system\vdremote.dll
2008-08-15 18:07 . 2008-08-15 18:0725,088--a------C:\WINDOWS\system\vdsvrlnk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 01:21---------d-----wC:\Documents and Settings\All Users\Application Data\Kontiki
2008-09-30 00:39---------d-----wC:\Program Files\Java
2008-09-29 22:45---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-20 18:53---------d--h--wC:\Program Files\InstallShield Installation Information
2008-09-16 23:16---------d-----wC:\Documents and Settings\e\Application Data\Skype
2008-09-16 23:13---------d-----wC:\Documents and Settings\e\Application Data\skypePM
2008-09-16 22:24---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP
2008-09-16 22:24---------d-----wC:\Program Files\SpywareBlaster
2008-09-16 22:03---------d-----wC:\Program Files\RegScrubXP
2008-09-16 09:32---------d-----wC:\Program Files\DivX
2008-09-16 09:28---------d-----wC:\Program Files\Yahoo!
2008-09-16 09:25---------d-----wC:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-08 17:17---------d-----wC:\Program Files\Google
2008-09-07 11:49---------d-----wC:\Documents and Settings\e\Application Data\DNA
2008-09-06 14:40---------d-----wC:\Program Files\DNA
2008-03-11 23:2132----a-wC:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"vidc.CDVC"= cdvccodc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-11-27 12:58 1032376 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
--a------ 2006-12-01 18:10 286720 C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--------- 2007-11-06 11:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--------- 2006-10-05 23:17 53248 C:\WINDOWS\Ctregrun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-07-17 11:03 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-01-04 15:43 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-11-27 12:58 1032376 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-11-02 13:43 472632 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-04 15:42 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-11-13 16:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2005-11-10 04:44 557056 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SSScsiSV"=3 (0x3)
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=

R1 aswSP;avast! SELF Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 StkASSrv;Syntek STK1160 Service;C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 24576]
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 5504]
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service [ ]
S3 Mouqmmr;Mouqmmr;C:\WINDOWS\system32\blastcln.exe [2004-08-04 71680]
S3 StkAMini;Syntek STK1160;C:\WINDOWS\system32\Drivers\StkAMini.sys [2006-11-15 242139]
S3 StkScan;Syntek STK1160 Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2006-06-27 4772]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-ThreatFire - C:\Program Files\ThreatFire\TFTray.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\o83xzkld.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.uk/
FF -: plugin - C:\Documents and Settings\e\Application Data\Mozilla\Firefox\Profiles\o83xzkld.default\extensions\[emailprotected]\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Google\Picasa3\npPicasa3.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
FF -: plugin - C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 02:21:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-30 2:28:22
ComboFix-quarantined-files.txt 2008-09-30 01:28:15

Pre-Run: 20,696,715,264 bytes free
Post-Run: 21,159,137,280 bytes free

214--- E O F ---2008-09-29 23:07:00
Quote

what do you think the problem was?

Clicked a bad link...opened an infected email attachment...bad codec.... the possibilities are many.

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]KillAll::

Driver::
TDSSSERV
TDSSserv
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freezehere is the results

ComboFix 08-09-28.03 - e 2008-09-30 2:50:14.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.184 [GMT 1:00]
Running from: C:\Documents and Settings\e\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\e\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.

2008-09-30 01:43 . 2008-09-30 01:43d--------C:\Program Files\SUPERAntiSpyware
2008-09-30 01:42 . 2008-09-30 01:42d--------C:\Program Files\Common Files\Wise Installation Wizard
2008-09-30 01:39 . 2008-09-30 01:39d--------C:\Program Files\Trend Micro
2008-09-30 01:39 . 2008-06-10 02:3273,728--a------C:\WINDOWS\system32\javacpl.cpl
2008-09-30 01:24 . 2008-09-30 01:2461,440--a------C:\WINDOWS\system32\drivers\sbalb.sys
2008-09-30 00:04 . 2008-09-30 02:16d--------C:\WINDOWS\system32\CatRoot_bak
2008-09-28 18:29 . 2008-09-28 18:29d--------C:\Program Files\Ares
2008-09-24 09:00 . 2008-09-24 09:00d--------C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-17 15:45 . 2008-09-17 15:45d--------C:\Program Files\Cucusoft
2008-09-17 15:45 . 2008-09-17 15:45d--------C:\ConverterOutput
2008-09-17 15:45 . 2003-03-30 20:08372,736--a------C:\WINDOWS\system32\xvid.ax
2008-09-17 13:45 . 2008-09-17 15:36d--------C:\Documents and Settings\e\Application Data\Creative
2008-09-17 13:35 . 2006-10-05 23:1753,248---------C:\WINDOWS\Ctregrun.exe
2008-09-17 13:34 . 2008-09-17 13:34d--------C:\Program Files\Audible
2008-09-17 13:34 . 2008-09-17 13:34417,792--a------C:\WINDOWS\system32\awrdscdc.ax
2008-09-17 13:33 . 2008-09-17 13:43d--------C:\Documents and Settings\All Users\Application Data\Creative
2008-09-17 13:31 . 2008-09-17 13:33d--h-----C:\Program Files\Creative Installation Information
2008-09-17 13:31 . 2008-09-17 13:35d--------C:\Program Files\Creative
2008-09-17 13:31 . 2008-09-17 13:31d--------C:\Program Files\Common Files\Creative
2008-09-17 13:31 . 1999-12-12 18:0144,032---------C:\WINDOWS\system32\CTSVCCDA.EXE
2008-09-17 13:31 . 1999-11-17 18:0025,088---------C:\WINDOWS\system32\CTSVCCTL.EXE
2008-09-17 00:36 . 2008-09-17 00:36d--------C:\Program Files\Alwil Software
2008-09-16 22:41 . 2007-05-02 09:51d--------C:\Documents and Settings\Administrator\Application Data\InterVideo
2008-09-16 22:41 . 2008-09-16 22:54d--------C:\Documents and Settings\Administrator
2008-09-16 17:17 . 2008-09-16 17:17d--------C:\Program Files\NCH Software
2008-09-16 11:09 . 2008-09-29 23:45d--------C:\Program Files\a-squared Free
2008-09-16 10:59 . 2008-09-16 10:59d--------C:\Documents and Settings\All Users\Application Data\PC Tools
2008-09-16 10:59 . 2008-04-24 16:5212,608--a------C:\WINDOWS\system32\drivers\TfKbMon.sys
2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Program Files\Malwarebytes' Anti-Malware
2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Documents and Settings\e\Application Data\Malwarebytes
2008-09-16 10:58 . 2008-09-16 10:58d--------C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-16 10:58 . 2008-09-10 00:0438,528--a------C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-16 10:58 . 2008-09-10 00:0317,200--a------C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 10:54 . 2008-09-16 10:54d--------C:\Documents and Settings\e\Application Data\SUPERAntiSpyware.com
2008-09-16 10:54 . 2008-09-16 10:54d--------C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-16 10:31 . 2008-09-16 22:56d--------C:\Documents and Settings\All Users\Application Data\avg8
2008-09-10 18:01 . 2008-09-17 15:11d--------C:\Program Files\FlashGet
2008-09-10 17:31 . 2008-09-17 15:10d--------C:\downloads
2008-09-10 17:31 . 2008-09-10 17:58d--------C:\Documents and Settings\e\Application Data\Orbit
2008-09-10 17:31 . 2008-09-10 17:43d--------C:\Documents and Settings\e\Application Data\GrabPro
2008-09-09 11:58 . 2008-09-09 11:58d--------C:\Program Files\7-Zip
2008-09-09 10:04 . 2008-09-09 10:04d--------C:\Program Files\uTorrent
2008-09-09 10:04 . 2008-09-27 12:04d--------C:\Documents and Settings\e\Application Data\uTorrent
2008-09-08 18:18 . 2008-04-08 00:169,200---------C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-09-08 18:18 . 2008-04-08 00:169,072---------C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-09-08 18:17 . 2008-09-08 18:17d--------C:\WINDOWS\system32\IOSUBSYS
2008-09-08 15:11 . 2008-09-08 15:11d--------C:\Program Files\Siber Systems
2008-09-08 15:11 . 2008-09-08 15:11d--------C:\Documents and Settings\All Users\Application Data\RoboForm
2008-09-08 14:46 . 2008-09-08 16:35d--------C:\Documents and Settings\e\Pavark
2008-09-07 14:32 . 2008-09-07 14:35d--------C:\Program Files\JkDefragGUI
2008-09-07 14:32 . 2008-08-31 21:47238,592--a------C:\WINDOWS\system32\JkDefragScreenSaver.exe
2008-09-07 14:32 . 2008-08-31 21:4798,304--a------C:\WINDOWS\system32\JkDefragScreenSaver.scr
2008-08-29 18:18 . 2008-08-29 18:182,302,017--a------C:\WINDOWS\system32\GPhotos.scr
2008-08-15 18:07 . 2008-08-15 18:0731,232--a------C:\WINDOWS\system\vdremote.dll
2008-08-15 18:07 . 2008-08-15 18:0725,088--a------C:\WINDOWS\system\vdsvrlnk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 01:55---------d-----wC:\Documents and Settings\All Users\Application Data\Kontiki
2008-09-30 00:39---------d-----wC:\Program Files\Java
2008-09-29 22:45---------d-----wC:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-20 18:53---------d--h--wC:\Program Files\InstallShield Installation Information
2008-09-16 23:16---------d-----wC:\Documents and Settings\e\Application Data\Skype
2008-09-16 23:13---------d-----wC:\Documents and Settings\e\Application Data\skypePM
2008-09-16 22:24---------d---a-wC:\Documents and Settings\All Users\Application Data\TEMP
2008-09-16 22:24---------d-----wC:\Program Files\SpywareBlaster
2008-09-16 22:03---------d-----wC:\Program Files\RegScrubXP
2008-09-16 09:32---------d-----wC:\Program Files\DivX
2008-09-16 09:28---------d-----wC:\Program Files\Yahoo!
2008-09-16 09:25---------d-----wC:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-08 17:17---------d-----wC:\Program Files\Google
2008-09-07 11:49---------d-----wC:\Documents and Settings\e\Application Data\DNA
2008-09-06 14:40---------d-----wC:\Program Files\DNA
2008-03-11 23:2132----a-wC:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( [emailprotected]_ 2.27.54.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-30 01:53:5016,384----atwC:\WINDOWS\Temp\Perflib_Perfdata_564.dat
+ 2008-09-30 01:53:5716,384----atwC:\WINDOWS\Temp\Perflib_Perfdata_7cc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"vidc.CDVC"= cdvccodc.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Printkey2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk
backup=C:\WINDOWS\pss\Printkey2000.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-11-27 12:58 1032376 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-09-09 01:18 57344 C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlazeServoTool]
--a------ 2006-12-01 18:10 286720 C:\Program Files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--------- 2007-11-06 11:08 397312 C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun]
--------- 2006-10-05 23:17 53248 C:\WINDOWS\Ctregrun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--------- 2007-07-17 11:03 868352 C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-01-04 15:43 1838592 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-11-27 12:58 1032376 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 18:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2006-11-02 13:43 472632 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-09-03 14:07 1576176 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-04 15:42 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2007-11-13 16:48 3411968 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2005-11-10 04:44 557056 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 16:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2005-11-01 04:15 163840 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SSScsiSV"=3 (0x3)
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 StkASSrv;Syntek STK1160 Service;C:\WINDOWS\System32\StkASv2K.exe [2006-05-23 24576]
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 5504]
S2 ThreatFire;ThreatFire;C:\Program Files\ThreatFire\TFService.exe service [ ]
S3 Mouqmmr;Mouqmmr;C:\WINDOWS\system32\blastcln.exe [2004-08-04 71680]
S3 StkAMini;Syntek STK1160;C:\WINDOWS\system32\Drivers\StkAMini.sys [2006-11-15 242139]
S3 StkScan;Syntek STK1160 Still Image;C:\WINDOWS\system32\Drivers\StkScan.sys [2006-06-27 4772]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-30 02:54:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-09-30 3:01:14 - machine was rebooted [e]
ComboFix-quarantined-files.txt 2008-09-30 02:01:05
ComboFix2.txt 2008-09-30 01:28:24

Pre-Run: 21,082,935,296 bytes free
Post-Run: 21,078,179,840 bytes free

205--- E O F ---2008-09-29 23:07:00

thanks for your help so far

GOOD

Click START then RUN
Now type Combofix /u in the runbox
Make sure there's a space between Combofix and /u
Then hit Enter.

The above procedure will:
Delete the following:
ComboFix and its associated files and folders.
Reset the clock settings.
Hide file extensions, if required.
Hide System/Hidden files, if required.
Set a new, clean Restore Point.

.
----------

Remove the old versions of Java

Download JavaRa and unzip the file to your Desktop.
Open JavaRA.exe and choose Remove Older Versions
Once complete exit JavaRA and delete the program.
Run CCleaner.

.
----------

If you don't have CCleaner...

Download CCleaner Slim and save it to your Desktop.
When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.
Complete the installation then:

Double-click the CCleaner shortcut on the desktop to start the program.
Click on the Options block on the left, then choose Cookies.
- Under Cookies to Delete, highlight any cookies you would like to retain permanently
- Click the right arrow > to move them to the Cookies to Keep window.
Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours
Click Cleaner on the left then Run Cleaner on the right to run the program.
Important: Make sure that ALL browser windows are closed before selecting Run Cleaner
Caution: It is not recommended that you use the 'Registry' feature unless you are very familiar with the registry.
Exit CCleaner after it has completed its process.

.
----------

Set a New Restore Point to prevent possible reinfection from an old one
Setting a new restore point AFTER cleaning your system will enable your computer to roll-back to a clean working state if needed.

Go to Start > Programs > Accessories > System Tools and click System Restore
Choose the radio button marked Create a Restore Point on the first screen then click Next Give the Restore Point a name then click Create.
The new restore point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
Next go to Start > Run and type Cleanmgr
Click OK
Click the More Options Tab.
Click Clean Up in the System Restore section to remove all previous restore points except the newly created clean one.

You can find instructions on how to enable and re-enable system restore here:

Windows XP System Restore Guide or Windows Vista System Restore Guide
.
----------

Use the Secunia Software Inspector to check for out of date software.

Click Start Now
Check the box next to Enable thorough system inspection.
Click Start
Allow the scan to finish and scroll down to see if any updates are needed.
Update anything listed.

.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

Here are some great FREE tools to help you keep from getting infected again. These tools use little or no resources so won't slow down your PC.

Concerned about Browser Security? Consider using Mozilla Firefox 3.0 with Adblock Plus and NoScript

To prevent unknown applications from being installed on your computer install WinPatrol 2008
* Using Winpatrol to protect your computer from malicious software

I suggest using SiteAdvisor. SiteAdvisor rates sites on business practices and spam. SAFETY ratings from McAfee SiteAdvisor are based on automated safety tests of Web sites.

SpywareBlaster - Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.
yes i think it is all working again now thanks very much for your help No problem.

Safe surfing....

Solve : google and search engine virus.?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment