Antivirus Software !!!

Hi there!

My PC is infected with this fake Antivirus Soft

I've been reading the posts on here and so far have done this:
- Installed OTL
- Cannot run it from my Desktop because malware blocks it
- Tried running it in SAFE MODE but I keep getting this error message:
Exception Processing Message c00000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c

Need help!! I will 'donate' if this virus is cleaned off my PC

Thanks!!

Please download Ice Sword from HERE

1. Download the zip to your desktop and extract it.
   
2. Open the Ice Sword folder and then launch IceSword.exe.
   
3. Will IceSword open?
   

Yes, I was able to download in in XP, couldn't open it there, but were able to open it in SAFE MODE .. I see: process, port, kernel module, startup, win32services, registry .. what do I do next?

Process:

System Idle Process
System
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ariel\Desktop\IceSword122en\IceSword122en\IceSword.exe

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SigmatelSysTrayApp
stsystra.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IAAnotif
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ATICCC
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DMXLauncher
C:\Program Files\Dell\Media Experience\DMXLauncher.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MBMon
Rundll32 CTMBHA.DLL,MBMon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
UpdReg
C:\WINDOWS\UpdReg.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DLA
C:\WINDOWS\System32\DLA\DLACTRLW.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ISUSScheduler
"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSDisp32
rundll32.exe C:\WINDOWS\system32\drvzom.dll,startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
MSDrive
rundll32.exe C:\WINDOWS\system32\drvcog.dll,startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Symantec PIF AlertEng
"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG8_TRAY
C:\PROGRA~1\AVG\AVG8\avgtray.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Carbonite Backup
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
gfyxxlko
C:\Documents and Settings\Ariel\Local Settings\Application Data\oqxcax\jrstsftav.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
SetDefaultMIDI
MIDIDef.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo! Pager
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
gfyxxlko
C:\Documents and Settings\Ariel\Local Settings\Application Data\oqxcax\jrstsftav.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Service Manager.lnk
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Remark��)

C:\Documents and Settings\Ariel\Start Menu\Programs\Startup
Adobe Gamma.lnk
C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Remark��)

C:\Documents and Settings\Ariel\Start Menu\Programs\Startup
desktop.ini

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Nothing. Back to square 1
When trying to launch Malware on desktop it won't let me.
When I try to do it from safe mode it can't update to latest database information (error: 732 (12029,0)
This is where I was at when I started this post 3 days ago ..

Hello.
Try this.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.