Laptop infected or something

**JohnB151** · 02-06-2010 01:04 PM

Hi,

Let's run some more scans.

Step 1: Download and Run ComboFix
Please visit this webpage for download links, and instructions for running the tool:
A guide and tutorial on using ComboFix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. For information on how to disable your anti virus program please see this:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Go on with the ComboFix guide when it opens its log please close it.

Remember that the ComboFix log is saved here: C:\ComboFix.txt

Step 2: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

Start HijackThis
Click on the Open The Misc Tool Section button
Click on the Open Uninstall Manager button.
Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Step 3: Post logs
Please post the following in a reply to this topic (use multiple posts if needed):

Let me know if you connect to the internet with a so-called proxy because I found proxy traces in your HijackThis log and they may be causing the internet issues if you do not use a proxy
ComboFix log
Uninstall log

Regards,
John.

**lions6281** · 02-07-2010 08:19 PM

ComboFix 10-02-07.06 - Ryan Fries 02/07/2010 19:41:50.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.604 [GMT -5:00]
Running from: c:\documents and settings\Ryan Fries.DC9M2QB1\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_003385_.tmp.dll
c:\windows\system32\_003386_.tmp.dll
c:\windows\system32\_003387_.tmp.dll
c:\windows\system32\_003388_.tmp.dll
c:\windows\system32\_003395_.tmp.dll
c:\windows\system32\_003396_.tmp.dll
c:\windows\system32\_003397_.tmp.dll
c:\windows\system32\_003398_.tmp.dll
c:\windows\system32\_003400_.tmp.dll
c:\windows\system32\_003401_.tmp.dll
c:\windows\system32\_003404_.tmp.dll
c:\windows\system32\_003405_.tmp.dll
c:\windows\system32\_003407_.tmp.dll
c:\windows\system32\_003408_.tmp.dll
c:\windows\system32\_003409_.tmp.dll
c:\windows\system32\_003411_.tmp.dll
c:\windows\system32\_003414_.tmp.dll
c:\windows\system32\_003415_.tmp.dll
c:\windows\system32\_003419_.tmp.dll
c:\windows\system32\_003420_.tmp.dll
c:\windows\system32\_003422_.tmp.dll
c:\windows\system32\_003425_.tmp.dll
c:\windows\system32\_003427_.tmp.dll
c:\windows\system32\_003428_.tmp.dll
c:\windows\system32\_003429_.tmp.dll
c:\windows\system32\_003430_.tmp.dll
c:\windows\system32\_003431_.tmp.dll
c:\windows\system32\_003434_.tmp.dll
c:\windows\system32\_003435_.tmp.dll
c:\windows\system32\_003436_.tmp.dll
c:\windows\system32\_003437_.tmp.dll
c:\windows\system32\_003438_.tmp.dll
c:\windows\system32\_003443_.tmp.dll
c:\windows\system32\_003445_.tmp.dll
c:\windows\system32\_003446_.tmp.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
.

2010-02-08 00:41 . 2010-02-08 00:41 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-02-05 14:16 . 2010-02-05 14:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-02-05 14:12 . 2010-02-05 14:17 -------- d-----w- c:\program files\STOPzilla!
2010-02-05 14:12 . 2010-02-05 14:12 -------- d-----w- c:\program files\Common Files\iS3
2010-02-05 14:12 . 2010-02-08 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-02-04 21:30 . 2010-02-04 21:30 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-04 21:27 . 2010-02-04 21:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-04 21:27 . 2010-02-04 21:27 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\SUPERAntiSpyware.com
2010-02-04 21:26 . 2010-02-04 21:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-04 17:25 . 2010-02-04 17:25 -------- d--h--w- c:\windows\system32\GroupPolicy
2010-02-04 17:22 . 2010-02-04 17:22 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\DeLorme
2010-02-04 16:21 . 2010-02-04 16:21 17408 ----a-r- c:\windows\system32\SZIO5.dll
2010-02-04 16:19 . 2010-02-04 16:19 442368 ----a-r- c:\windows\system32\SZBase5.dll
2010-02-04 16:18 . 2010-02-04 16:18 540672 ----a-r- c:\windows\system32\SZComp5.dll
2010-01-27 15:19 . 2010-01-27 15:19 167312 ----a-r- c:\windows\system32\drivers\SZKGFS.sys
2010-01-14 12:55 . 2010-01-14 14:47 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Local Settings\Application Data\unlqen
2010-01-13 12:46 . 2010-01-13 14:46 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Local Settings\Application Data\iddnbh
2010-01-11 09:44 . 2002-01-08 22:00 176128 ----a-w- c:\windows\system32\RcdScan.dll
2010-01-11 09:44 . 2000-03-23 17:50 446464 ----a-r- c:\windows\system32\hhactivex.dll
2010-01-11 09:44 . 1998-06-18 04:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 00:53 . 2010-02-08 00:53 80 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2010-02-08 00:49 . 2010-02-08 00:48 760 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-02-05 12:26 . 2006-09-02 15:32 -------- d-----w- c:\program files\Trend Micro
2010-02-04 21:31 . 2010-02-04 21:31 52224 ----a-w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-04 21:31 . 2010-02-04 21:31 117760 ----a-w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-04 17:22 . 2009-12-30 13:43 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\uTorrent
2010-01-23 13:30 . 2007-12-02 01:19 3558 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-23 13:30 . 2007-12-02 01:19 88 --sh--r- c:\windows\system32\3170E5E7DF.sys
2010-01-20 09:04 . 2010-01-08 20:50 164 ----a-w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\wklnhst.dat
2010-01-19 17:11 . 2008-02-19 14:24 -------- d-----w- c:\program files\dl_Cats
2010-01-18 01:24 . 2010-01-07 13:09 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\Move Networks
2010-01-14 16:00 . 2006-09-02 15:34 -------- d-----w- c:\program files\Google
2010-01-11 09:44 . 2006-09-02 15:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 20:50 . 2010-01-08 20:50 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\Template
2010-01-08 15:50 . 2010-01-08 15:50 -------- d-----w- c:\program files\Common Files\Canon
2010-01-07 23:38 . 2010-01-07 23:33 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\GARMIN
2010-01-07 23:37 . 2010-01-07 23:37 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-01-07 23:36 . 2010-01-07 23:36 -------- d-----w- c:\program files\DIFX
2010-01-07 23:36 . 2010-01-07 23:36 -------- d-----w- c:\program files\Garmin
2010-01-07 13:09 . 2010-01-07 13:09 143976 ----a-w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\Move Networks\uninstall.exe
2010-01-07 13:09 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\Move Networks\plugins\npqmp071701000002.dll
2010-01-05 10:00 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2005-08-16 09:18 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-01 20:10 . 2009-09-09 00:07 -------- d-----w- c:\program files\DivX
2010-01-01 15:30 . 2008-02-02 15:11 -------- d-----w- c:\program files\Quicken
2010-01-01 15:26 . 2007-12-05 20:58 -------- d-----w- c:\program files\FirstClass
2010-01-01 15:25 . 2006-09-02 15:16 -------- d-----w- c:\program files\Dell
2010-01-01 15:22 . 2007-12-16 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2010-01-01 15:21 . 2009-04-23 15:33 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-01-01 15:06 . 2010-01-01 15:06 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\AdobeUM
2010-01-01 11:55 . 2010-01-01 11:55 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\Corel Photo Album
2010-01-01 03:56 . 2009-04-23 15:34 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2009-12-31 13:10 . 2009-12-31 13:10 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\DivX
2009-12-31 01:43 . 2009-07-30 21:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 23:54 . 2009-12-30 23:54 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\MSNInstaller
2009-12-30 23:21 . 2009-12-30 23:21 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\Intuit
2009-12-30 20:21 . 2009-12-27 01:30 142 ----a-w- c:\documents and settings\Ryan Fries.DC9M2QB1\Local Settings\Application Data\fusioncache.dat
2009-12-30 17:29 . 2009-12-30 17:29 76264 ----a-w- c:\documents and settings\Ryan Fries.DC9M2QB1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-29 09:38 . 2009-12-29 09:38 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\Symantec
2009-12-29 09:38 . 2009-12-27 01:30 -------- d--h--w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\Gtek
2009-12-28 20:09 . 2009-12-28 20:09 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-28 19:28 . 2009-12-28 19:28 -------- d-----w- c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\Malwarebytes
2009-12-24 18:51 . 2009-09-09 00:07 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-12-10 21:11 . 2009-12-10 21:11 126976 ----a-r- c:\windows\system32\IS3HTUI5.dll
2009-12-10 21:11 . 2009-12-10 21:11 393216 ----a-r- c:\windows\system32\IS3DBA5.dll
2009-12-10 21:09 . 2009-12-10 21:09 385024 ----a-r- c:\windows\system32\IS3UI5.dll
2009-12-10 21:09 . 2009-12-10 21:09 61440 ----a-r- c:\windows\system32\IS3Hks5.dll
2009-12-10 21:08 . 2009-12-10 21:08 23040 ----a-r- c:\windows\system32\IS3XDat5.dll
2009-12-10 21:06 . 2009-12-10 21:06 225280 ----a-r- c:\windows\system32\IS3Win325.dll
2009-12-10 21:06 . 2009-12-10 21:06 94208 ----a-r- c:\windows\system32\IS3Inet5.dll
2009-12-10 21:05 . 2009-12-10 21:05 94208 ----a-r- c:\windows\system32\IS3Svc5.dll
2009-12-10 21:02 . 2009-12-10 21:02 729088 ----a-r- c:\windows\system32\IS3Base5.dll
2009-12-09 09:24 . 2009-07-30 23:14 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-07 21:59 . 2009-12-07 21:59 61328 ----a-r- c:\windows\system32\drivers\SZKG.sys
2009-12-07 21:59 . 2009-12-07 21:59 61328 ----a-r- c:\windows\system32\drivers\is3srv.sys
2009-12-03 21:14 . 2009-07-30 21:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-07-30 21:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 15:51 . 2005-08-16 09:18 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2008-05-23 13:15 . 2008-05-23 13:15 251 ----a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-12-19 13:08 1347584 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2007-03-15 16:09 460784 ----a-w- c:\program files\DellSupport\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 22:32 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2005-05-31 09:33 122941 ----a-w- c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLBTCATS]
2007-02-22 14:26 73728 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\dlbttime.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 01:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2007-03-15 22:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-12-13 21:41 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-12-13 21:45 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-12-13 21:44 98304 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-10-29 01:21 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2005-09-09 00:20 110592 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2002-09-11 22:01 155648 ------w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 21:30 282624 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-03-08 16:48 761947 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
2008-04-14 00:12 10752 ----a-w- c:\windows\system32\dumprep.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2009-12-24 00:43 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:*

isabled

COM(135)

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 4:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [1/27/2010 10:19 AM 167312]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/30/2009 6:14 PM 108289]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 4:59 PM 61328]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/20/2009 12:31 PM 135664]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.Yahoo!
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
MSConfigStartUp-ArcSoft Connection Service - c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSConfigStartUp-fvausmgt - c:\documents and settings\Ryan Fries\Local Settings\Application Data\cjhold\otwysysguard.exe
MSConfigStartUp-ImgTask - c:\windows\Imgtask.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-ModemOnHold - c:\program files\NetWaiting\netWaiting.exe
MSConfigStartUp-OE_OEM - c:\program files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-02-07 19:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-07 19:59:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-08 00:58
ComboFix2.txt 2008-04-01 03:31

Pre-Run: 7,481,933,824 bytes free
Post-Run: 7,382,913,024 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 352467873324D7BEB118E68351102AAD

heres the combofix and im back on line

**lions6281** · 02-07-2010 08:23 PM

heres the hyjack this log thanks again for all this help

µTorrent
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.1.0
AnswerWorks 5.0 English Runtime
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audio Converter
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom Management Programs
CCleaner
Conexant HDA D110 MDC V.92 Modem
Corel Photo Album 6
Dell Digital Jukebox Driver
Dell ResourceCD
Dell Support Center (Support Software)
Dell Wireless WLAN Card
DellSupport
DeLorme Earthmate GPS PN-20 Update
DeLorme Send To GPS 1.0
DeLorme Topo USA 7.0
Digital Content Portal
Digital Line Detect
DivX Codec
Documentation & Support Launcher
Download Updater (AOL LLC)
Drivers Install For Linksys Easylink Advisor
EarthLink setup files
ELIcon
Games, Music, & Photos Launcher
Garmin Communicator Plugin
Garmin USB Drivers
Garmin WebUpdater
GemMaster Mystic
Google Chrome
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HyperLoad - Mah Jongg
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 15
Java(TM) 6 Update 6
Learn2 Player (Uninstall Only)
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Small Business Edition 2003
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Modem Helper
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
Nero - Burning Rom (Web installer)
Palm
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer Basic
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
STOPzilla
Stopzilla Toolbar
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wmeiper
TurboTax 2008 wrapper
TurboTax Deluxe 2007
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VC80CRTRedist - 8.0.50727.4053
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB908250
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! Install Manager

**JohnB151** · 02-08-2010 08:12 AM

Hi,

Let's check out a couple of things that look suspicious.

You aren't running Firewall Software. Please download and install one of them first!

Use a Firewall - Using a Firewall on your computer can be very important. Without a firewall your computer is susceptible to being hacked and taken over. There are some different situations you can be in where a third-party firewall may or may not be a good addition to your system:

If you are not using Windows XP or Vista, but an older version I recommend you to use a firewall.
If you are using Windows XP or Vista, but are on dial-up I recommend you to use a firewall.
If you are using Windows XP or Vista and are using broadband, but are not experienced in using firewalls and getting the choice to allow or disallow things I recommend you to use Windows Firewall.
If you are using Windows XP or Vista, are using broadband and experienced, I recommend you to disable Windows Firewall (as it is not perfect) and get a third-party firewall.

Here are some firewalls which are free for personal use and most used:
Kerio Personal Firewall (Free version after 30 days)
Online Armor Free

Or you could buy their paid version online or in a shop nearby:
Kerio Personal Firewall (Continue paid version after 30 days)
Online Armor or Online Armor AV+ with Anti-Virus included

As you did this, we can begin with the fix.

Remove P2P programs
We have a policy here at Help2Go of not giving assistance to those using P2P (torrent) programs for a couple of reasons. First, we cannot support the downloading of pirated material as you are actually stealing someone else's property! Second, downloading from P2P sites is the easiest way to be infected with malware.

There's little point our experts spending their valuable time helping to clean your machine if continued use of P2P software means you get infected over and over again.

Click Start
Go to Control Panel
Go to Add/Remove Programs
Find and click Remove for the following (if present):

µTorrent

Step 1: Show your hidden files
To enable the viewing of Hidden files follow these steps:

Close all programs so that you are at your desktop.
Double-click on the My Computer icon (or click Start, then select My Computer)
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and shutdown My Computer.

Now your computer is configured to show all hidden files.

Step 2: Upload malware for scanning
I'd like you to check some files for malware.

Go to VirusTotal or Jotti's

c:\documents and settings\Ryan Fries.DC9M2QB1\Application Data\wklnhst.dat
c:\windows\system32\3170E5E7DF.sys
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\system32\drivers\kgpfr2.cfg

Click Browse and browse to the destination of the first file in the above box.
Click Send/Submit (if the file is present), and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programs.
After a while, a window will open, with details of what the scans found.
Save the complete results in a Notepad/Word document on your desktop.
Repeat for all files on the list.

Step 3: Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.

Copy the content of the following codebox into the main textfield:

Code:

:dir
c:\documents and settings\Ryan Fries.DC9M2QB1\Local Settings\Application Data\iddnbh /s
c:\documents and settings\Ryan Fries.DC9M2QB1\Local Settings\Application Data\unlqen /s

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please close the log for now. The log can also be found on your desktop entitled SystemLook.txt

Step 4: Post logs
Please post the following in a reply to this topic:

and im back on line

Does this mean your internet and browsing are now working?
New HijackThis log
VirusTotal/Jotti results
SystemLook log

Regards,
John.

**lions6281** · 02-08-2010 08:41 PM

Quote:
and im back on line

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:57, on 2/8/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: PNBHO - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.3.5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1206757373234
O16 - DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} (SpinTop Games Launcher) - http://download-games.pogo.com/onlin...esLauncher.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 6667 bytes

a-squared 4.5.0.50 2010.02.08 -
AhnLab-V3 5.0.0.2 2010.02.08 -
AntiVir 7.9.1.160 2010.02.08 -
Antiy-AVL 2.0.3.7 2010.02.08 -
Authentium 5.2.0.5 2010.02.08 -
Avast 4.8.1351.0 2010.02.09 -
AVG 9.0.0.730 2010.02.08 -
BitDefender 7.2 2010.02.09 -
CAT-QuickHeal 10.00 2010.02.08 -
ClamAV 0.96.0.0-git 2010.02.08 -
Comodo 3868 2010.02.09 -
DrWeb 5.0.1.12222 2010.02.08 -
eSafe 7.0.17.0 2010.02.07 -
eTrust-Vet 35.2.7291 2010.02.08 -
F-Prot 4.5.1.85 2010.02.08 -
F-Secure 9.0.15370.0 2010.02.09 -
Fortinet 4.0.14.0 2010.02.09 -
GData 19 2010.02.09 -
Ikarus T3.1.1.80.0 2010.02.08 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.969 2010.02.08 -
Kaspersky 7.0.0.125 2010.02.09 -
McAfee 5886 2010.02.08 -
McAfee+Artemis 5886 2010.02.08 -
McAfee-GW-Edition 6.8.5 2010.02.08 -
Microsoft 1.5406 2010.02.08 -
NOD32 4849 2010.02.08 -
Norman 6.04.03 2010.02.08 -
nProtect 2009.1.8.0 2010.02.08 -
Panda 10.0.2.2 2010.02.07 -
PCTools 7.0.3.5 2010.02.08 -
Prevx 3.0 2010.02.09 -
Rising 22.34.00.04 2010.02.08 -
Sophos 4.50.0 2010.02.09 -
Sunbelt 3.2.1858.2 2010.02.08 -
TheHacker 6.5.1.1.183 2010.02.09 -
TrendMicro 9.120.0.1004 2010.02.08 -
VBA32 3.12.12.1 2010.02.08 -
ViRobot 2010.2.8.2176 2010.02.08 -
VirusBuster 5.0.21.0 2010.02.08 -
Additional information
File size: 164 bytes
MD5...: 6fec587e1356055e68ac3f0e1b26637b
SHA1..: 2d4c3e329130a35ce9d996f8b70d067ee776c1c1
SHA256: 116949d040942c9fbfeb0e9e1b1234077d46cda2f48a15c62f3459d24acf35d0
ssdeep: 3:mlllXlwUwflEDBflDmRIiWelkJRh/41Tp1UwjlPuLKfl04Fn:SizNEDXm2lJAV
zZmGN04F
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: ISIS sketch (99.6%)
MS Flight Simulator Aircraft Performance Info (0.3%)
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware

File 3170E5E7DF.sys received on 2010.02.09 01:28:09 (UTC)
Current status: finished
Result: 0/39 (0%)
Compact
Print results
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.08 -
AhnLab-V3 5.0.0.2 2010.02.08 -
AntiVir 7.9.1.160 2010.02.08 -
Antiy-AVL 2.0.3.7 2010.02.08 -
Authentium 5.2.0.5 2010.02.08 -
Avast 4.8.1351.0 2010.02.09 -
AVG 9.0.0.730 2010.02.08 -
BitDefender 7.2 2010.02.09 -
CAT-QuickHeal 10.00 2010.02.08 -
ClamAV 0.96.0.0-git 2010.02.08 -
Comodo 3868 2010.02.09 -
DrWeb 5.0.1.12222 2010.02.09 -
eSafe 7.0.17.0 2010.02.07 -
eTrust-Vet 35.2.7291 2010.02.08 -
F-Prot 4.5.1.85 2010.02.08 -
F-Secure 9.0.15370.0 2010.02.09 -
Fortinet 4.0.14.0 2010.02.09 -
GData 19 2010.02.09 -
Ikarus T3.1.1.80.0 2010.02.08 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.969 2010.02.08 -
Kaspersky 7.0.0.125 2010.02.09 -
McAfee 5886 2010.02.08 -
McAfee+Artemis 5886 2010.02.08 -
McAfee-GW-Edition 6.8.5 2010.02.08 -
Microsoft 1.5406 2010.02.08 -
NOD32 4849 2010.02.08 -
Norman 6.04.03 2010.02.08 -
nProtect 2009.1.8.0 2010.02.08 -
Panda 10.0.2.2 2010.02.07 -
PCTools 7.0.3.5 2010.02.08 -
Rising 22.34.00.04 2010.02.08 -
Sophos 4.50.0 2010.02.09 -
Sunbelt 3.2.1858.2 2010.02.08 -
TheHacker 6.5.1.1.183 2010.02.09 -
TrendMicro 9.120.0.1004 2010.02.08 -
VBA32 3.12.12.1 2010.02.08 -
ViRobot 2010.2.8.2176 2010.02.08 -
VirusBuster 5.0.21.0 2010.02.08 -
Additional information
File size: 88 bytes
MD5...: 62803b134a903abc2841db446d0694c3
SHA1..: 0108074e9d3edacda1056b23bbbb7c40065a5522
SHA256: 5216ef481bac1095b951ad959f4c0cd12e84c5d73754ec8aff97f08d8fd8e0c0
ssdeep: 3:hl/L/CbzjQ:fAzjQ
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: MS Flight Simulator Aircraft Performance Info (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware

File kgpcpy.cfg received on 2010.02.09 01:22:14 (UTC)
Current status: finished
Result: 0/40 (0%)
Compact
Print results
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.08 -
AhnLab-V3 5.0.0.2 2010.02.08 -
AntiVir 7.9.1.160 2010.02.08 -
Antiy-AVL 2.0.3.7 2010.02.08 -
Authentium 5.2.0.5 2010.02.08 -
Avast 4.8.1351.0 2010.02.09 -
AVG 9.0.0.730 2010.02.08 -
BitDefender 7.2 2010.02.09 -
CAT-QuickHeal 10.00 2010.02.08 -
ClamAV 0.96.0.0-git 2010.02.08 -
Comodo 3868 2010.02.09 -
DrWeb 5.0.1.12222 2010.02.08 -
eSafe 7.0.17.0 2010.02.07 -
eTrust-Vet 35.2.7291 2010.02.08 -
F-Prot 4.5.1.85 2010.02.08 -
F-Secure 9.0.15370.0 2010.02.09 -
Fortinet 4.0.14.0 2010.02.09 -
GData 19 2010.02.09 -
Ikarus T3.1.1.80.0 2010.02.08 -
Jiangmin 13.0.900 2010.02.08 -
K7AntiVirus 7.10.969 2010.02.08 -
Kaspersky 7.0.0.125 2010.02.09 -
McAfee 5886 2010.02.08 -
McAfee+Artemis 5886 2010.02.08 -
McAfee-GW-Edition 6.8.5 2010.02.08 -
Microsoft 1.5406 2010.02.08 -
NOD32 4849 2010.02.08 -
Norman 6.04.03 2010.02.08 -
nProtect 2009.1.8.0 2010.02.08 -
Panda 10.0.2.2 2010.02.07 -
PCTools 7.0.3.5 2010.02.08 -
Prevx 3.0 2010.02.09 -
Rising 22.34.00.04 2010.02.08 -
Sophos 4.50.0 2010.02.09 -
Sunbelt 3.2.1858.2 2010.02.08 -
TheHacker 6.5.1.1.183 2010.02.09 -
TrendMicro 9.120.0.1004 2010.02.08 -
VBA32 3.12.12.1 2010.02.08 -
ViRobot 2010.2.8.2176 2010.02.08 -
VirusBuster 5.0.21.0 2010.02.08 -
Additional information
File size: 760 bytes
MD5...: 42a4fd4cfe65171dcac5c4ad65de98e3
SHA1..: 7d8e0c4ccfd8adb36aeba940ee267f3ac1a71c80
SHA256: c5255f4af21a0416949dd39c33f65c0444b9659070d78c21cc27b4b6b425df0d
ssdeep: 12:lnTgDkUojBFWjbGh6NW2DXf5gDkUoeo1gDrwf0OaiU7rwfPp/X38sTzUs8Z3A
Hqb:1OoNcGh0hXxOo31go0OBxf3/TzACfOn
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
trid..: Unknown!
pdfid.: -
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:34 on 08/02/2010 by Ryan Fries (Administrator - Elevation successful)

========== dir ==========

c:\documents and settings\Ryan Fries.DC9M2QB1\Local Settings\Application Data\iddnbh - Parameters: "/s"

---Files---
None found.

No folders found.

c:\documents and settings\Ryan Fries.DC9M2QB1\Local Settings\Application Data\unlqen - Parameters: "/s"

---Files---
None found.

No folders found.

-=End Of File=-

as allways im awating your direction and again thanks for all the help

**JohnB151** · 02-10-2010 11:59 AM

Hi,

Let's run some more scanners to see if you really are clean.

Step 1: Delete files and/or folders
Use Explorer to navigate to and delete the following folders (if present):

c:\documents and settings\Ryan Fries.DC9M2QB1\Local Settings\Application Data\iddnbh
c:\documents and settings\Ryan Fries.DC9M2QB1\Local Settings\Application Data\unlqen

Now just exit Explorer.

Step 2: Download and Run Gmer
Please download Gmer to your desktop and unzip it to your desktop.
http://www.gmer.net/gmer.zip

Disconnect from internet and close running programs. There is a small chance this application may crash your computer so save any work you have open.
Double click the .exe file. If asked to allow gmer.sys driver to load, please allow that.
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the Save button, and in the File name area, type in "Gmer.txt" or it will save as a .log file.
Save it where you can easily find it, such as your desktop.

Note: Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Step 3: Run CCleaner
CCleaner will remove everything from the temp/temporary folders but please note that it will not make back ups!

Before first use, select Options > Advanced and UNCHECK Only delete files in Windows Temp folder older than 48 hours
Then select the items you wish to clean up.
- In the Windows Tab:
  - Clean all entries in the Internet Explorer section except Cookies
  - Clean all the entries in the Windows Explorer section
  - Clean all entries in the System section
  - Clean all entries in the Advanced section
  - Clean any others that you choose
- In the Applications Tab:
  - Clean all except cookies in the Firefox/Mozilla section if you use it
  - Clean all in the Opera section if you use it
  - Clean Sun Java in the Internet Section
  - Clean any others that you choose
Click the Run Cleaner button.
A pop up box will appear advising this process will permanently delete files from your system.
Click OK and it will scan and clean your system.
Click exit when done.
If it asks you to reboot at the end, click NO

CCleaner should be run with the above settings for each User Account!

Step 4: Run Kaspersky Online Scan
Please go to Kaspersky website to perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
- Archives
- Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to your desktop by changing the Files of type to Text file (.txt) before clicking on the Save button.
Now close the window.

Step 5: Post logs
Please post the following in a reply to this topic (use multiple posts if needed):

Let me know how your computer is running
Gmer log
Kaspersky log

Regards,
John.

**lions6281** · 02-12-2010 06:23 AM

well it took me a bit to figure it out but here we go

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-02-12 06:02:43
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\RYANFR~1.DC9\LOCALS~1\Temp\kxloapod.sys

computor is running good cant reopen Avira antivir though everything else is goodas far as i can tell
---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAllocateVirtualMemory [0xA94D5420]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwAssignProcessToJobObject [0xA94D5C60]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwConnectPort [0xA94D3A90]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateFile [0xA94E2CB0]
SSDT F7B6B63E ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreatePort [0xA94D3740]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcess [0xA94D0320]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateProcessEx [0xA94D0710]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwCreateSection [0xA94CFDE0]
SSDT F7B6B634 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDebugActiveProcess [0xA94D2900]
SSDT F7B6B643 ZwDeleteKey
SSDT F7B6B64D ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwDuplicateObject [0xA94D3410]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwLoadDriver [0xA94D4B40]
SSDT F7B6B652 ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenFile [0xA94E3420]
SSDT F7B6B620 ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwOpenSection [0xA94D0080]
SSDT F7B6B625 ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwProtectVirtualMemory [0xA94D58A0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueryDirectoryFile [0xA94D4FB0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwQueueApcThread [0xA94D5E00]
SSDT F7B6B65C ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwRequestWaitReplyPort [0xA94D4690]
SSDT F7B6B657 ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwResumeThread [0xA94D3060]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSecureConnectPort [0xA94D3E80]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetContextThread [0xA94D26E0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSetSystemInformation [0xA94D2AA0]
SSDT F7B6B648 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwShutdownSystem [0xA94D4A10]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendProcess [0xA94D3240]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSuspendThread [0xA94D2E60]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwSystemDebugControl [0xA94D2C90]
SSDT F7B6B62F ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwTerminateThread [0xA94D24B0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwUnloadDriver [0xA94D4D70]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys (OA Helper Driver/Tall Emu) ZwWriteVirtualMemory [0xA94D5A70]

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Tall Emu)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Tall Emu)
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Tall Emu)
Device \FileSystem\Fastfat \Fat A8193D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, February 11, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, February 11, 2010 18:53:44
Records in database: 3480749
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 100904
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 03:24:41

File name / Threat / Threats count
C:\Program Files\MUSICMATCH\Common\ComponentMgr\HoldingArea\WebSys2\WebSys.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\WebSys\offline.mmz Infected: not-a-virus:RiskTool.Win32.Deleter.f 1

Selected area has been scanned.

**JohnB151** · 02-12-2010 11:24 AM

Hi,

Let's update Adobe Reader and Java. Other than that everything looks perfect.

Step 1: Update Adobe Reader
It looks like your version of Adobe Reader is out of date and you're vulnarable for infections. Please update it now:

Visit this website: Adobe
Click Get ADOBE Reader
Choose to Download
If a prompt comes up Allow it to enable to download manager of Adobe
Older versions of Adobe Reader will automatically be removed and the newest version will be installed
After the download manager is done go to your desktop and delete the newly created folder

Step 2: Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
First remove the older versions:

Click Start
Go to Control Panel
Go to Add/Remove Programs
Find and click Remove for each version of Java that is present
Download JavaRa and unzip it to your desktop.
Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Now let's download and install the newest version:

Go to the website of Java: Java SE Downloads - Sun Developer Network (SDN)
Under JDK 6 Update 18 click the orange box called Download JRE.
As Platform select your operating system, agree to the License Agreement and click Continue.
Now click on the link under Windows Offline Installation and download the installer to your desktop.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on the download to install the newest version.
Reboot your computer.

After that please let me know what you mean by not being able to re-open Avira. Maybe you should try reinstalling it.

Regards,
John.

**JohnB151** · 02-17-2010 01:06 PM

Due to inactivity I have now closed this topic.

If at any time after this post you still need help or need help again please start a new topic.

Thread: Laptop infected or something

LinkBack

Thread Tools