BleepingComputer.com: "AntiVirus 2011" Viral Infection still causing problems

Hi,
My computer was recently infected with the "AntiVirus 2011" Virus. I used MalwareBytes to remove it, but the Virus came back 3 more times this week. Each time I removed it using the same program, but now my computer is running very slow and I'm receiving messages that my computer cannot find files or components that it needs to run properly. When I run a MalwareBytes scan, the report says I have no infections. I've ran an ESET scan,OTL scan, & Security Check. I've attached those logs. Will you please help me fix my problem? Thanks!
 ESETscan11-20.txt (4.72K)
Number of downloads: 2
 OTL 11-20-11.txt (153.12K)
Number of downloads: 0
 Secutity Check checkup 11-21-11.txt (988bytes)
Number of downloads: 0

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/428794 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

• If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  
• A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
  
  • Please do this even if you have previously posted logs for us.
    
  • If you were unable to produce the logs originally please try once more.
    
  • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    
  • If you are unsure about any of these characteristics just post what you can and we will guide you.
  
  
• Please tell us if you have your original Windows CD/DVD available.
  
• Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

• Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  
• Notepad will open with the results.
  
• Follow the instructions that pop up for posting the results.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:



As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

Thank you for getting to my request...
Here are the logs that you requested.
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by admin at 15:55:19 on 2011-11-27
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.703 [GMT -7:00]
.
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: IEHlprObjClass: {ce7c3cf0-4b15-11d1-abed-709549c10000} - c:\program files\kensington\mouseworks\IE_KMW.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [CTStartup] c:\program files\creative\splash screen\CTEaxSpl.EXE /run
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QwestTouchPointAgent] "c:\program files\qwest\desktop\QwestTouchPointAgent.exe" /autostart
mRun: [Driver Smith] c:\program files\driversmith\DriverSmith.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {E77EDA01-3C56-4a96-8D08-02B42891C169} - {580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}
LSP: mswsock.dll
Trusted Zone: aol.com\free
DPF: {00110000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://docimg.co.utah.ut.us/bmiweb/controls/ltocx11n.cab
DPF: {00130000-B1BA-11CE-ABC6-F5B2E79D9E3F} - hxxp://161.119.38.203/Recorder/controls/ltocx13n.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} - hxxp://las.mlxchange.com/Control/FileCruiser.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {16FD824B-8E7B-11D2-9855-00802962956C} - hxxp://las.mlxchange.com/Control/Specfile.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {284DAE3C-A691-11D3-AD58-00E0B8107A24} - hxxp://las.mlxchange.com/Control/SISC.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} - hxxp://las.mlxchange.com/Control/MultiSelectComboBox.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1041410292075
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124943561875
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://las.mlxchange.com/Control/MLXClientUtils.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} - hxxp://las.mlxchange.com/Control/LiteGrid.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://www.gamehouse.com/realarcade-webgames/luxor/mjolauncher.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://las.mlxchange.com/5.0.05.46/Control/IRCSharc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://www.rentmanager.com/demo/msrdp.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} - hxxp://las.mlxchange.com/Control/AspCustomCtrls.cab
DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} - hxxp://chat.msn.com/bin/msnchat45.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{28EA8460-991F-42B2-B18D-CC86A6CD4620} : DhcpNameServer = 192.168.0.1 205.171.3.25
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-2-4 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-2-4 190416]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-2-4 99792]
S0 cwhxg;cwhxg;c:\windows\system32\drivers\ydujglkb.sys --> c:\windows\system32\drivers\ydujglkb.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-4 340048]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-2-4 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-2-4 17744]
S2 AutoInstallEJCD;Auto Install Eject CD Service;c:\docume~1\admin\locals~1\temp\rarsfx0\AutoInstallEJCDSVC.exe [2009-12-5 16384]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-4 40384]
S2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2011-2-4 119200]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-6 366152]
S2 NetworkLog;NetworkLog;c:\windows\svcs.exe [2011-11-20 508928]
S2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-5-20 210144]
S2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [2009-12-5 20736]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\smhwadb.sys [2010-11-16 25728]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-4 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-2-4 40384]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-6 22216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2009-7-17 17408]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2001-8-18 14336]
S3 QWXN720;Qwest 802.11n XN720 Driver;c:\windows\system32\drivers\wlanuhn.sys --> c:\windows\system32\drivers\WLANUHN.sys [?]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal);c:\windows\system32\drivers\smhwdev.sys [2010-11-16 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal);c:\windows\system32\drivers\smhwser.sys [2010-11-16 108032]
.
=============== Created Last 30 ================
.
2011-11-20 14:30:11 508928 ----a-w- c:\windows\svcs.exe
2011-11-20 09:26:32 -------- d-----w- c:\program files\ESET
2011-11-19 23:16:19 111616 ----a-w- c:\windows\system32\S0708ML.com
2011-11-19 21:16:20 111616 ----a-w- c:\windows\system32\S0708ML.com_
2011-11-18 17:23:46 -------- d-----w- c:\documents and settings\admin\application data\gVBt0iDQHKR9jry
2011-11-18 17:23:41 -------- d-----w- c:\documents and settings\admin\application data\hjUUCekkIBzPNx1
2011-11-17 20:18:19 -------- d-----w- c:\documents and settings\admin\application data\8C5DE
2011-11-17 20:18:17 -------- d-----w- c:\program files\LP
2011-11-17 20:17:59 -------- d-----w- c:\documents and settings\admin\application data\dJ66dEK8fZhX
2011-11-17 20:17:59 -------- d-----w- c:\documents and settings\admin\application data\BwkkVONA2i
2011-11-17 20:17:45 -------- d-----w- c:\documents and settings\admin\application data\zekkIBBrONxAuv2
2011-11-17 20:17:42 -------- d-----w- c:\documents and settings\admin\application data\O88ggRZqhYCwUVl
2011-11-15 22:00:04 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{d6646111-9538-4679-a56e-6c8d164f32cf}\mpengine.dll
2011-11-07 02:37:36 -------- d-----w- c:\documents and settings\admin\application data\Malwarebytes
2011-11-07 02:37:18 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-07 02:37:14 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-07 02:37:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-06 20:10:52 -------- d-----w- c:\documents and settings\admin\application data\Yjnue
2011-11-06 20:10:52 -------- d-----w- c:\documents and settings\admin\application data\Rezyi
.
==================== Find3M ====================
.
2011-11-27 22:51:22 7304 ----a-w- c:\windows\TMP0001.TMP
2011-11-19 22:34:55 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-11-17 21:22:33 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 17:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 17:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 17:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2006-02-02 00:07:03 774144 ----a-w- c:\program files\RngInterstitial.dll
2003-07-25 23:49:24 2037796 ----a-w- c:\program files\SPR10.exe
.
============= FINISH: 15:57:07.51 ===============

Here is the GMER log:
I also attached the other DDSattach file in case you need it. Thanks!

 DDSattach 11-27-11.txt (21.03K)
Number of downloads: 1

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-27 23:46:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000083 ST3160023A rev.8.01
Running: 2rgpjxnx.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\ugldipow.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF73900B0]
SSDT sptd.sys ZwEnumerateKey [0xF739584C]
SSDT sptd.sys ZwEnumerateValueKey [0xF7395BEC]
SSDT sptd.sys ZwOpenKey [0xF7390090]
SSDT sptd.sys ZwQueryKey [0xF7395CC4]
SSDT sptd.sys ZwQueryValueKey [0xF7395B44]
SSDT sptd.sys ZwSetValueKey [0xF7395D56]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F6F688AC 5 Bytes JMP 871D07C8
? System32\Drivers\a6teaf1l.SYS The system cannot find the path specified. !
.text i8042prt.sys F7658000 9 Bytes [90, 90, 90, 90, 8B, FF, 55, ...] {NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP}
.text i8042prt.sys F765800A 29 Bytes [56, 8B, 75, 08, 57, 33, FF, ...]
.text i8042prt.sys F7658028 12 Bytes [15, 5C, A4, 65, F7, 38, 5D, ...]
.text i8042prt.sys F7658036 111 Bytes [38, 5D, 0C, 0F, 85, BC, 10, ...]
.text i8042prt.sys F76580A6 6 Bytes [6A, 00, E8, 2F, 00, 00]
.text ...
? C:\WINDOWS\System32\DRIVERS\i8042prt.sys suspicious PE modification

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 016E000A
.text C:\WINDOWS\System32\svchost.exe[1520] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 016F000A
.text C:\WINDOWS\System32\svchost.exe[1520] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 016D000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 873651D8
Device \FileSystem\Fastfat \FatCdrom 86FD6980
Device \Driver\USBSTOR \Device\0000008e 86FF0980

AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device \Driver\usbohci \Device\USBPDO-0 871B9590
Device \Driver\dmio \Device\DmControl\DmIoDaemon 873671D8
Device \Driver\dmio \Device\DmControl\DmConfig 873671D8
Device \Driver\dmio \Device\DmControl\DmPnP 873671D8
Device \Driver\dmio \Device\DmControl\DmInfo 873671D8
Device \Driver\usbohci \Device\USBPDO-1 871B9590
Device \Driver\usbehci \Device\USBPDO-2 871D2980

AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 873D81D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 873D81D8
Device \Driver\Cdrom \Device\CdRom0 871CF980
Device \Driver\Ftdisk \Device\HarddiskVolume3 873D81D8
Device \Driver\Cdrom \Device\CdRom1 871CF980
Device \Driver\Ftdisk \Device\HarddiskVolume4 873D81D8
Device \Driver\00000457 \Device\00000068 sptd.sys
Device \Driver\USBSTOR \Device\00000090 86FF0980
Device \Driver\NetBT \Device\NetBt_Wins_Export 86FF7980
Device \Driver\NetBT \Device\NetbiosSmb 86FF7980

AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/AVAST Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{28EA8460-991F-42B2-B18D-CC86A6CD4620} 86FF7980
Device \Driver\usbohci \Device\USBFDO-0 871B9590
Device \Driver\usbohci \Device\USBFDO-1 871B9590
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86FEF980
Device \Driver\usbehci \Device\USBFDO-2 871D2980
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86FEF980
Device \Driver\Ftdisk \Device\FtControl 873D81D8
Device \Driver\a6teaf1l \Device\Scsi\a6teaf1l1Port1Path0Target0Lun0 8719D1D8
Device \Driver\a6teaf1l \Device\Scsi\a6teaf1l1 8719D1D8
Device \FileSystem\Fastfat \Fat 86FD6980
Device \FileSystem\Cdfs \Cdfs 86FC7570

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) F6E94000-F6EB4000 (131072 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAE 0xBC 0x10 0x27 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0F 0xC8 0xBA 0x81 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x85 0x2D 0xF9 0x43 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000c55fb3816 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000c55fb3816@00128a92fffc 0xA7 0x7E 0xDE 0x06 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAE 0xBC 0x10 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0F 0xC8 0xBA 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x85 0x2D 0xF9 0x43 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAE 0xBC 0x10 0x27 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0F 0xC8 0xBA 0x81 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x85 0x2D 0xF9 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c55fb3816
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000c55fb3816@00128a92fffc 0xA7 0x7E 0xDE 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -2038548205
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1830292685
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAE 0xBC 0x10 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0F 0xC8 0xBA 0x81 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x85 0x2D 0xF9 0x43 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000c55fb3816 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\000c55fb3816@00128a92fffc 0xA7 0x7E 0xDE 0x06 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAE 0xBC 0x10 0x27 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0F 0xC8 0xBA 0x81 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x85 0x2D 0xF9 0x43 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB9151$\1020862310 0 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\bckfg.tmp 794 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\cfg.ini 208 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\keywords 0 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\kwrd.dll 223744 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\L 0 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\L\akygdmgo 52480 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\lsflt7.ver 329 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\U 0 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\U\00000001.@ 1536 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\U\80000000.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1020862310\U\80000032.@ 98304 bytes
File C:\WINDOWS\$NtUninstallKB9151$\1088237322 0 bytes

---- EOF - GMER 1.0.15 ----

I forgot to add...I do not think that I have the original Windows CD/DVD.

Hi,

ZeroAccess Warning

I hate to give you bad news but one or more of the identified infections is a backdoor trojan.

Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. In addition to the backdoor Trojan that has been identified, your computer is afflicted with multiple other infections. Although we can make an attempt to clean this machine, we cannot guarantee that it will be secure afterwards. Your best and safest course of action is a reformat and reinstallation of the Windows operating system.

If you do decide to attempt cleaning rather than a reformat, do understand that although we may be able to remove all known visible malware, we cannot guarantee that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, equally we cannnot repair the damages it may possibly have caused to vital system files.

Please note that even if we should be successful in removing these infections from your system, it is quite possible that the changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall?

Should you have any questions, please feel free to ask. Please let me know what you have decided to do in your next post.

Casey

Thank you for your time and attention to this matter. Luckily we don't do any banking or shopping online so none of our financial information is compromised, but I have to admit, your assessment was grim to say the least. I spoke to my husband and we have decided that we are going to reformat the C: Drive because he wants to upgrade the operating system anyways. I do have one concern. We have multiple drives on the computer...does the virus on the C: Drive effect the other drives, and how does reformatting the C: Drive effect the files on the other drives? Do you have any suggestions on moving forward?

Thank you!
Sarah

Hi Sarah,

This infection would only have been present on your C: drive since it infects the Windows installation only. I hope that helps. Please let me know if you'd like me to keep this topic open in case you have any further questions, or if you'd like it closed.

Casey

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.