Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bogus Windows Security Center popups warning me of infected files!! I can't open or run ANYTHING!!, I am clueless, need help getting this off my compu


  • This topic is locked This topic is locked
11 replies to this topic

#1 reagang

reagang

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 02 April 2010 - 05:49 AM

I use XP home.

This bogus Windows Security Center antivirus software is popping up and telling me that all my files are infected. And it wants me to buy their software. It has disabled McAfee and I cannot open or run anything! When I try to open a web page it says that web page is not secure. I have no idea how to get rid of this. I ran mbam in safe mode and it found and deleted 5 threats. Then I ran rkill and mbam in normal mode and mbam found nothing! But when I restarted my computer, it is still there.

I ran Rkill and was able to get this DDS log.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Reagan Gibfried at 9:34:30.92 on Thu 04/01/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2387 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Rosetta Stone\SMS v3.0.2hs\Service\JavaSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\wuauclt.exe
svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Monett&state=MO&site=SGF&textField1=36.9211&textField2=-93.9237
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwag.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwag.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwag.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [jfmhsofq] c:\documents and settings\reagan gibfried\local settings\application data\pweoversy\oewfgxytssd.exe
mRun: [WorkFlow] f:\installs\WorkFlow.exe
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [jfmhsofq] c:\documents and settings\reagan gibfried\local settings\application data\pweoversy\oewfgxytssd.exe
dRunOnce: [RunNarrator] Narrator.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\reagan gibfried\start menu\programs\ultimatebet\UltimateBet.lnk
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: att.net
Trusted Zone: boodle.com\www
Trusted Zone: bricks.com\www
Trusted Zone: couponbug.com\www
Trusted Zone: coupons.com\print
Trusted Zone: coupons.com\www
Trusted Zone: homescan.com\www
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.arkansashighways.com/Road/acgm.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 214664]
R1 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-9 34248]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-19 266240]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-18 54752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-9 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-9 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-9 144704]
R2 SMSv3_0_2hs;SMSv3_0_2hs;c:\program files\rosetta stone\sms v3.0.2hs\service\JavaSrvc.exe [2006-7-26 65536]
R3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-9 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-9 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-9 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-9 40552]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]

=============== Created Last 30 ================

2010-03-31 17:29:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-31 17:29:35 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-31 17:29:35 0 d-----w- c:\program files\zztoy
2010-03-27 15:59:12 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{B7148922-501B-4CFA-A90A-84565BC66AB7}
2010-03-27 15:58:56 0 d-----w- c:\program files\Atari Classics Evolved-Lunar Lander
2010-03-27 15:50:35 0 d-----w- c:\program files\Atari Classics Evolved
2010-03-26 15:00:02 0 d-----w- c:\docume~1\reagan~1\applic~1\Uniblue
2010-03-13 00:55:10 0 d-----w- c:\program files\Conduit
2010-03-13 00:55:09 0 d-----w- c:\program files\Swag_Bucks
2010-03-11 04:18:47 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-12 04:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 04:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 04:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 04:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 04:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 04:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-12 04:03:33 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03:33 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03:33 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03:33 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03:33 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03:33 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03:33 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03:33 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03:33 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03:33 1081344 ----a-w- c:\windows\system32\nvapi.dll
2008-08-25 14:51:33 0 ----a-w- c:\program files\temp01
2008-08-24 03:04:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 9:35:35.43 ===============


I have another one that said to zip and don't post unless asked to do so.
I was unable to get a GMER scan. It would scan for hrs, and then I'd come back and my computer would be restarted.

Thank you for your help.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 PM

Posted 05 April 2010 - 06:16 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log. I apologize for the delay.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-GMER log
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 reagang

reagang
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 April 2010 - 08:45 AM

Thank you for getting back with me.

I was able to do both scans in normal mode, but I had to run Rkill first. I'm having the same problems, can't open or run anything. It says all my files and processes are corrupt and I need to buy their antivirus program.

Here are the logs, and I'm attaching the zipped DDS log.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Reagan Gibfried at 22:30:34.67 on Mon 04/05/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2408 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Rosetta Stone\SMS v3.0.2hs\Service\JavaSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\MDM.EXE
C:\Documents and Settings\Reagan Gibfried\Application Data\U3\432032055F92C954\LaunchPad.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Monett&state=MO&site=SGF&textField1=36.9211&textField2=-93.9237
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwag.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwag.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwag.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [jfmhsofq] c:\documents and settings\reagan gibfried\local settings\application data\pweoversy\oewfgxytssd.exe
mRun: [WorkFlow] f:\installs\WorkFlow.exe
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [jfmhsofq] c:\documents and settings\reagan gibfried\local settings\application data\pweoversy\oewfgxytssd.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [RunNarrator] Narrator.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\reagan gibfried\start menu\programs\ultimatebet\UltimateBet.lnk
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: att.net
Trusted Zone: boodle.com\www
Trusted Zone: bricks.com\www
Trusted Zone: couponbug.com\www
Trusted Zone: coupons.com\print
Trusted Zone: coupons.com\www
Trusted Zone: homescan.com\www
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.arkansashighways.com/Road/acgm.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 214664]
R1 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-9 34248]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-19 266240]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-18 54752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-9 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-9 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-9 144704]
R2 SMSv3_0_2hs;SMSv3_0_2hs;c:\program files\rosetta stone\sms v3.0.2hs\service\JavaSrvc.exe [2006-7-26 65536]
R3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-9 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-9 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-9 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-9 40552]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]

=============== Created Last 30 ================

2010-03-31 17:29:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-31 17:29:35 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-31 17:29:35 0 d-----w- c:\program files\zztoy
2010-03-27 15:59:12 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{B7148922-501B-4CFA-A90A-84565BC66AB7}
2010-03-27 15:58:56 0 d-----w- c:\program files\Atari Classics Evolved-Lunar Lander
2010-03-27 15:50:35 0 d-----w- c:\program files\Atari Classics Evolved
2010-03-26 15:00:02 0 d-----w- c:\docume~1\reagan~1\applic~1\Uniblue
2010-03-13 00:55:10 0 d-----w- c:\program files\Conduit
2010-03-13 00:55:09 0 d-----w- c:\program files\Swag_Bucks
2010-03-11 04:18:47 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-04-01 15:32:46 90112 ----a-w- c:\windows\DUMP4b41.tmp
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-12 04:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 04:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 04:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 04:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 04:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 04:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-12 04:03:33 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03:33 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03:33 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03:33 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03:33 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03:33 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03:33 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03:33 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03:33 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03:33 1081344 ----a-w- c:\windows\system32\nvapi.dll
2008-08-25 14:51:33 0 ----a-w- c:\program files\temp01
2008-08-24 03:04:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 22:31:36.06 ===============




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-06 06:09:51
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\REAGAN~1\LOCALS~1\Temp\fwwyypod.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwClose [0xB26B4B4C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB376978A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB3769821]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xB3769738]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB376974C]
Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwCreateSection [0xB26B4DB7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB3769835]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB3769861]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB37698CF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB37698B9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB37697CA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB37698FB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB376980D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB3769710]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB3769724]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB376979E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB3769937]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB37698A3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB376988D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB376984B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB3769923]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB376990F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB3769776]
Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwSetInformationFile [0xB26B4235]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB3769762]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB3769877]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB37697F9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB37698E5]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB37697E0]
Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) ZwWriteFile [0xB26B3E81]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB37697B4]
Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) IoCreateFile
Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtClose
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtCreateSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtSetInformationFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
Code \SystemRoot\system32\DRIVERS\css-dvp.sys (Dynamic Virus Protection/Command Software Systems, Inc.) NtWriteFile

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 PM

Posted 06 April 2010 - 04:31 PM

Hello.

Let's try running Malwarebytes. It should remove this if not or you have difficulties, let me know so we'll try to work it out.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 reagang

reagang
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 06 April 2010 - 07:59 PM

OK, I had run mbam last week and it found a few problems, but I was still having problems. I ran it again today (after updating it) and it found several. I'll list both logs below.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13

3/31/2010 3:32:34 PM
mbam-log-2010-03-31 (15-32-34).txt

Scan type: Quick scan
Objects scanned: 179768
Time elapsed: 29 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{7fe26be2-b923-4b41-9834-e84da1cc1f96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7fe26be2-b923-4b41-9834-e84da1cc1f96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7fe26be2-b923-4b41-9834-e84da1cc1f96} (Adware.ClosetMaid) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\CMAIDCTL.OCX (Adware.ClosetMaid) -> Quarantined and deleted successfully.
C:\Documents and Settings\Pete Gibfried\Local Settings\Temp\SystemRequirementsLabx.exe (Spyware.Zbot) -> Quarantined and deleted successfully.




Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3961

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

4/6/2010 7:51:41 PM
mbam-log-2010-04-06 (19-51-41).txt

Scan type: Quick scan
Objects scanned: 182815
Time elapsed: 24 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jfmhsofq (Rogue.AntivirusSoft.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jfmhsofq (Rogue.AntivirusSoft.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Reagan Gibfried\Local Settings\Application Data\pweoversy\oewfgxytssd.exe (Rogue.AntivirusSoft.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reagan Gibfried\Local Settings\Temp\ovHY.exe (Rogue.AntivirusSoft.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Reagan Gibfried\Local Settings\Temporary Internet Files\Content.IE5\6VTBQ5JH\eH0a571fdaV0100f070006Rfd625e90102T41e49fc1201l0409K6fa37b86318J0f0006010[1] (Rogue.AntivirusSoft.Gen) -> Quarantined and deleted successfully.


And I restarted my computer as it prompted me to.



#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 PM

Posted 07 April 2010 - 08:30 PM

Run Malwarebytes again using the quick scan does it still detect those items or is it clean?

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 reagang

reagang
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 08 April 2010 - 05:31 AM

I'm running a scan now.

So far, my computer is running good, no signs of any malware. Except I cannot get my email or connect to the internet. It acts like I'm offline, but my windows messenger works and I was able to update Malwarebytes. So I know I'm connected.

I will post logs when I get them. Thank you for your help.

#8 reagang

reagang
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 08 April 2010 - 09:18 AM

I ran Mbam, and it didn't find anything.

Here are the DDS logs:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Reagan Gibfried at 8:59:56.23 on Thu 04/08/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3006.2109 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CSHelper.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Rosetta Stone\SMS v3.0.2hs\Service\JavaSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\MDM.EXE
C:\Documents and Settings\Reagan Gibfried\Application Data\U3\432032055F92C954\LaunchPad.exe
G:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://forecast.weather.gov/MapClick.php?CityName=Monett&state=MO&site=SGF&textField1=36.9211&textField2=-93.9237
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwag.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwag.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\tbSwag.dll
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [WorkFlow] f:\installs\WorkFlow.exe
mRun: [fssui] "c:\program files\windows live\family safety\fsui.exe" -autorun
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [SetDefPrt] c:\program files\brother\brmfl04g\BrStDvPt.exe
mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [RunNarrator] Narrator.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {10F055B8-F443-4adf-948A-EC551E9DBCE4} - c:\documents and settings\reagan gibfried\start menu\programs\ultimatebet\UltimateBet.lnk
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
Trusted Zone: att.net
Trusted Zone: boodle.com\www
Trusted Zone: bricks.com\www
Trusted Zone: couponbug.com\www
Trusted Zone: coupons.com\print
Trusted Zone: coupons.com\www
Trusted Zone: homescan.com\www
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxps://lowes.2020.net/Core/Player/2020PlayerAX_Win32.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.arkansashighways.com/Road/acgm.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} -
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-1-16 214664]
R1 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-9 34248]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-19 266240]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-2-18 54752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-9 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-9 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-9 144704]
R2 SMSv3_0_2hs;SMSv3_0_2hs;c:\program files\rosetta stone\sms v3.0.2hs\service\JavaSrvc.exe [2006-7-26 65536]
R3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-9 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-9 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-9 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-9 40552]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-2 135664]

=============== Created Last 30 ================

2010-03-31 17:29:37 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-31 17:29:35 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-31 17:29:35 0 d-----w- c:\program files\zztoy
2010-03-27 15:59:12 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{B7148922-501B-4CFA-A90A-84565BC66AB7}
2010-03-27 15:58:56 0 d-----w- c:\program files\Atari Classics Evolved-Lunar Lander
2010-03-27 15:50:35 0 d-----w- c:\program files\Atari Classics Evolved
2010-03-26 15:00:02 0 d-----w- c:\docume~1\reagan~1\applic~1\Uniblue
2010-03-13 00:55:10 0 d-----w- c:\program files\Conduit
2010-03-13 00:55:09 0 d-----w- c:\program files\Swag_Bucks
2010-03-11 04:18:47 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-04-01 15:32:46 90112 ----a-w- c:\windows\DUMP4b41.tmp
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-12 04:17:44 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 04:17:44 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 04:17:44 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 04:17:44 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 04:17:44 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 04:17:40 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-12 04:03:33 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03:33 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-12 04:03:33 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03:33 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03:33 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-12 04:03:33 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-12 04:03:33 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03:33 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03:33 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03:33 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-12 04:03:33 1081344 ----a-w- c:\windows\system32\nvapi.dll
2008-08-25 14:51:33 0 ----a-w- c:\program files\temp01
2008-08-24 03:04:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082320080824\index.dat

============= FINISH: 9:00:43.39 ===============


And I still can't access the internet, even though I am online and windows messenger works.

Thank you!
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/22/2008 4:01:23 PM
System Uptime: 4/7/2010 3:24:25 PM (18 hours ago)

Motherboard: Dell Inc | | 0CT103
Processor: AMD Athlon™ 64 X2 Dual Core Processor 3800+ | Socket M2 | 2004/1000mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 223 GiB total, 123.495 GiB free.
D: is CDROM (CDFS)
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP208: 1/8/2010 1:54:28 PM - System Checkpoint
RP209: 1/9/2010 2:35:08 PM - System Checkpoint
RP210: 1/10/2010 2:36:08 PM - System Checkpoint
RP211: 1/11/2010 4:45:33 PM - System Checkpoint
RP212: 1/12/2010 5:40:50 PM - System Checkpoint
RP213: 1/13/2010 10:00:15 AM - Software Distribution Service 3.0
RP214: 1/14/2010 10:38:25 AM - System Checkpoint
RP215: 1/15/2010 10:38:50 AM - System Checkpoint
RP216: 1/16/2010 11:22:31 AM - System Checkpoint
RP217: 1/17/2010 11:37:38 AM - System Checkpoint
RP218: 1/18/2010 11:38:43 AM - System Checkpoint
RP219: 1/19/2010 11:49:38 AM - System Checkpoint
RP220: 1/20/2010 10:00:16 AM - Software Distribution Service 3.0
RP221: 1/21/2010 1:58:04 PM - System Checkpoint
RP222: 1/22/2010 10:00:16 AM - Software Distribution Service 3.0
RP223: 1/23/2010 10:28:22 AM - System Checkpoint
RP224: 1/24/2010 10:47:28 AM - System Checkpoint
RP225: 1/25/2010 11:48:32 AM - System Checkpoint
RP226: 1/26/2010 12:27:37 PM - System Checkpoint
RP227: 1/27/2010 12:30:30 PM - System Checkpoint
RP228: 1/28/2010 1:32:00 PM - System Checkpoint
RP229: 1/29/2010 2:04:59 PM - System Checkpoint
RP230: 1/30/2010 2:54:20 PM - System Checkpoint
RP231: 1/31/2010 3:31:20 PM - System Checkpoint
RP232: 2/1/2010 3:38:16 PM - System Checkpoint
RP233: 2/2/2010 4:37:24 PM - System Checkpoint
RP234: 2/3/2010 5:48:31 PM - System Checkpoint
RP235: 2/4/2010 6:16:00 PM - System Checkpoint
RP236: 2/5/2010 8:12:59 PM - System Checkpoint
RP237: 2/6/2010 8:49:08 PM - System Checkpoint
RP238: 2/7/2010 9:24:57 PM - System Checkpoint
RP239: 2/8/2010 9:56:01 PM - System Checkpoint
RP240: 2/9/2010 10:36:56 PM - System Checkpoint
RP241: 2/10/2010 10:37:27 PM - System Checkpoint
RP242: 2/11/2010 10:00:16 AM - Software Distribution Service 3.0
RP243: 2/12/2010 10:42:46 AM - System Checkpoint
RP244: 2/13/2010 1:53:28 PM - System Checkpoint
RP245: 2/14/2010 4:57:17 PM - System Checkpoint
RP246: 2/15/2010 5:17:03 PM - System Checkpoint
RP247: 2/16/2010 5:36:04 PM - System Checkpoint
RP248: 2/17/2010 6:17:03 PM - System Checkpoint
RP249: 2/18/2010 7:10:14 PM - System Checkpoint
RP250: 2/19/2010 7:31:05 PM - System Checkpoint
RP251: 2/20/2010 7:57:18 PM - System Checkpoint
RP252: 2/21/2010 9:17:47 PM - System Checkpoint
RP253: 2/23/2010 7:51:33 AM - System Checkpoint
RP254: 2/24/2010 5:22:02 AM - Software Distribution Service 3.0
RP255: 2/25/2010 9:31:17 AM - System Checkpoint
RP256: 2/26/2010 9:37:16 AM - System Checkpoint
RP257: 2/27/2010 10:15:54 AM - System Checkpoint
RP258: 2/28/2010 10:19:36 AM - System Checkpoint
RP259: 3/1/2010 12:35:56 PM - System Checkpoint
RP260: 3/2/2010 1:22:45 PM - System Checkpoint
RP261: 3/3/2010 3:19:21 PM - System Checkpoint
RP262: 3/4/2010 3:54:33 PM - System Checkpoint
RP263: 3/5/2010 4:06:22 PM - System Checkpoint
RP264: 3/6/2010 4:36:39 PM - System Checkpoint
RP265: 3/7/2010 5:19:51 PM - System Checkpoint
RP266: 3/8/2010 5:20:55 PM - System Checkpoint
RP267: 3/9/2010 6:19:50 PM - System Checkpoint
RP268: 3/10/2010 6:20:55 PM - System Checkpoint
RP269: 3/10/2010 10:33:30 PM - Software Distribution Service 3.0
RP270: 3/11/2010 11:05:48 PM - System Checkpoint
RP271: 3/12/2010 11:44:56 PM - System Checkpoint
RP272: 3/14/2010 7:24:46 AM - System Checkpoint
RP273: 3/15/2010 7:31:29 AM - System Checkpoint
RP274: 3/16/2010 9:46:50 AM - System Checkpoint
RP275: 3/17/2010 11:19:30 AM - System Checkpoint
RP276: 3/18/2010 12:05:04 PM - System Checkpoint
RP277: 3/19/2010 12:50:07 PM - System Checkpoint
RP278: 3/20/2010 2:01:17 PM - System Checkpoint
RP279: 3/21/2010 2:49:59 PM - System Checkpoint
RP280: 3/22/2010 3:34:51 PM - System Checkpoint
RP281: 3/23/2010 4:28:05 PM - System Checkpoint
RP282: 3/24/2010 4:32:23 PM - System Checkpoint
RP283: 3/25/2010 4:40:06 PM - System Checkpoint
RP284: 3/26/2010 5:26:36 PM - System Checkpoint
RP285: 3/27/2010 7:18:33 PM - System Checkpoint
RP286: 3/28/2010 7:48:59 PM - System Checkpoint
RP287: 3/29/2010 8:27:53 PM - System Checkpoint
RP288: 3/30/2010 10:06:14 PM - System Checkpoint
RP289: 3/31/2010 5:33:34 AM - Software Distribution Service 3.0
RP290: 4/1/2010 9:59:05 AM - System Checkpoint
RP291: 4/2/2010 10:21:07 AM - System Checkpoint
RP292: 4/3/2010 10:32:01 AM - System Checkpoint
RP293: 4/4/2010 11:32:01 AM - System Checkpoint
RP294: 4/5/2010 12:32:02 PM - System Checkpoint
RP295: 4/6/2010 1:34:57 PM - System Checkpoint
RP296: 4/7/2010 3:58:18 PM - System Checkpoint

==== Installed Programs ======================

"Nero SoundTrax Help
530TX+
Acrobat.com
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Advertising Center
AI RoboForm
Amazon Kindle For PC v1.0
Amazon MP3 Downloader 1.0.5
Anti-Spyware
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArtistScope Plugin IE 42
AT&T Internet Security Wizard 1.5.11
AT&T Self Support Tool
AT&T Toolbar
Atari Centipede
Atari Classics Evolved-Centipede
Atari Classics Evolved-Lunar Lander
Atari Lunar Lander
Audible Download Manager
Authentium
Batch Update
Belarc Advisor 7.2
BellSouth® Scan and Clean Tool
Bible Data Type System Files
Big Fish Games Client
Big Fish Games Sudoku (remove only)
BlackBerry Desktop Software 4.2.2
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Brother MFL-Pro Suite
Cabela's Big Game Hunter - Alaskan Adventures
Call of Duty Game of the Year Edition
Chicken Screensaver
Command & Conquer Generals
Common System Files
Conexant D850 56K V.9x DFVc Modem
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
Dell Resource CD
Digital Line Detect
DolbyFiles
Facebook Plug-In
Fallout 3
Garmin Training Center 3.4.3
GoodSync
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPGNet
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
ImagXpress
InterActual Player
iTunes
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Java™ 6 Update 15
JumpStart Preschool 2001
JumpStart Toddlers 2000
Junk Mail filter update
Kazoo Player
KODAK EASYSHARE Gallery Upload ActiveX Control
Laugh, Smile & Learn™
Lernout & Hauspie TruVoice American English TTS Engine
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
LibronixUpdate
LightScribe 1.4.136.1
LLS Resource Driver
Mahjong Towers Eternity&trade;
Malwarebytes' Anti-Malware
Math 7 Teaching Textbook
McAfee SecurityCenter
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Combat Flight Simulator
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X Demo
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 6.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
MobileMe Control Panel
Mobipocket Reader 6.2
MotionBased Agent
Move Networks Media Player for Internet Explorer
Movie Templates - Starter Kit
MPEG Video Wizard DVD 4.0.4.111 (12/2008)
MPEG Video Wizard DVD 4.0.4.112 (12/2008)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Nero 9
Nero Burning ROM Help
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
Nero WaveEditor
NeroBurningROM
NeroExpress
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX v8.09.04
OEB Resource Driver
Olive Tree BibleReader for Blackberry
Olive Tree NASB for Blackberry
PaperPort
PDF Resource Driver
ProMash
Quicken 2006
QuickTime
Revo Uninstaller 1.83
Rosetta Stone 2.1.5.1Asms
Roxio Media Manager
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Serif AlbumPlus SE PRO
Serif PanoramaPlus 3
Serif PhotoPlus X3
Sesame Street Elmo's Preschool
SigmaTel Audio
Sonic Activation Module
Sony USB Driver
SoundTrax
SportTracks 2.1
Student Management System v3.0.2hs
Swag_Bucks Toolbar
System Requirements Lab
TONKA Search & Rescue 2
Typing Quick & Easy
UltimateBet
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! Widgets

==== Event Viewer Messages From Past Week ========

4/6/2010 6:14:26 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
4/1/2010 4:30:06 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/1/2010 12:15:02 PM, error: Service Control Manager [7000] - The Aspi32 service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================


#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 PM

Posted 09 April 2010 - 08:43 PM

Hello.

I see what the problem is.

Do the following and should fix up your internet problem. First backup your registry.

Backup Registry with ERUNT

This tool will create a complete backup of your registry. A backup is created to ensure we have backup so encase anything goes wrong we can deal with it. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt


Then...

Download and Run OTM
  1. Please download OTM by OldTimer and save it to your desktop.
  2. Double click the icon on your desktop If you are running on Vista, right click on the file and choose Run As Administrator.
  3. Paste the following code under the area. Do not include the word "Code".
    CODE
    :reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyOverride"=-
    :Commands
    [CREATERESTOREPOINT]
    [resethosts]
    [emptytemp]
  4. Click the large button.
  5. If OTM requires are reboot, please allow it to do so.
  6. Copy/Paste the contents under the line here in your next reply.
Note: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 reagang

reagang
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 16 April 2010 - 11:15 PM

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride deleted successfully.
========== COMMANDS ==========
Restore point Set: OTM Restore Point (64424509440)
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 231000 bytes
->Flash cache emptied: 41661 bytes

User: Kids
->Temp folder emptied: 839414415 bytes
->Temporary Internet Files folder emptied: 734536612 bytes
->Java cache emptied: 2456271 bytes
->Flash cache emptied: 153361 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 10715338 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 3280121 bytes

User: Pete Gibfried
->Temp folder emptied: 522676073 bytes
->Temporary Internet Files folder emptied: 135092796 bytes
->Java cache emptied: 31492184 bytes
->Flash cache emptied: 32802 bytes

User: Reagan Gibfried
->Temp folder emptied: 46542783 bytes
->Temporary Internet Files folder emptied: 468521056 bytes
->Java cache emptied: 68238396 bytes
->FireFox cache emptied: 97457430 bytes
->Flash cache emptied: 237765 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2266968 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 99711798 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10954236 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 58692058 bytes

Total Files Cleaned = 2,988.00 mb


OTM by OldTimer - Version 3.1.10.1 log created on 04162010_222535

Files moved on Reboot...

Registry entries deleted on Reboot...


**I can now access the internet!! I disabled proxy settings. Should I have done that? But now, my husband can't see (via our router) my computer or access shared files or shared computers from his laptop. I don't know if it has something to do with the bug that attacked my computer (yay, it's gone!!) or the fact that I just installed new anti virus on both our computers.....as our previous had just expired or maybe the proxy settings. Any thoughts? THANK YOU!!**

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 PM

Posted 17 April 2010 - 02:26 PM

Hello again.

No problem. Glad it works smile.gif

Are you guys connected through a network somehow? If so, what was it, perhaps we can help resolve that.

However, the logs are looking clean and your computer seems clean! smile.gif Let's cleanup our mess here.

Please follow/read the steps below to remove the tools we used and for some more information. smile.gif


Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything assoicated with it.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.


Congratulations! You now appear clean! specool.gif

Now that you are clean, please follow and read some of the prevention tips below.

Preventing Infections in the Future


Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:

Some of the main things you should consider to perform/read are:
  • Disabling Autorun/Play on Flash-Drive/Removable Drives
  • Avoid gaming sites, underground web pages, pirated software sites, and Peer to Peer Programs
  • Keep Windows Updated through going to Windows Updates
  • Updating Non-Microsoft Programs
  • Keeping Security softwares updated

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck thumbup2.gif


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks smile.gif

With Regards,
Extremeboy


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:58 PM

Posted 08 May 2010 - 11:48 AM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users